1 package com.atlassian.plugins.rest.module.sal.websudo;
2
3 import static org.junit.Assert.assertFalse;
4 import static org.junit.Assert.assertTrue;
5 import static org.mockito.Mockito.never;
6 import static org.mockito.Mockito.verify;
7 import static org.mockito.Mockito.when;
8 import static org.mockito.MockitoAnnotations.initMocks;
9
10 import com.atlassian.plugins.rest.common.sal.websudo.WebSudoResourceContext;
11 import com.atlassian.plugins.rest.module.servlet.ServletUtils;
12 import com.atlassian.sal.api.websudo.WebSudoManager;
13 import org.junit.After;
14 import org.junit.Before;
15 import org.junit.Test;
16 import org.mockito.Matchers;
17 import org.mockito.Mock;
18
19 import javax.servlet.http.HttpServletRequest;
20
21 public final class TestSalWebSudoResourceContext
22 {
23 @Mock private WebSudoManager webSudoManager;
24 @Mock private HttpServletRequest request;
25
26 private WebSudoResourceContext webSudoResourceContext;
27
28 @Before
29 public void setUp()
30 {
31 initMocks(this);
32 webSudoResourceContext = new SalWebSudoResourceContext(webSudoManager);
33 ServletUtils.setHttpServletRequest(request);
34 }
35
36 @After
37 public void teardown()
38 {
39 webSudoManager = null;
40 request = null;
41 webSudoResourceContext = null;
42 }
43
44 @Test
45 public void enforceWebSudoProtection()
46 {
47 when(webSudoManager.canExecuteRequest(request)).thenReturn(false);
48 assertTrue(webSudoResourceContext.shouldEnforceWebSudoProtection());
49 }
50
51 @Test
52 public void dontEnforceWebSudoProtection()
53 {
54 when(webSudoManager.canExecuteRequest(request)).thenReturn(true);
55 assertFalse(webSudoResourceContext.shouldEnforceWebSudoProtection());
56 }
57
58 @Test
59 public void basicAuthDoesNotRequireWebSudo()
60 {
61
62 when(request.getHeader("Authorization")).thenReturn("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
63
64 assertFalse(webSudoResourceContext.shouldEnforceWebSudoProtection());
65 verify(webSudoManager, never()).canExecuteRequest(Matchers.<HttpServletRequest>anyObject());
66 }
67 }