View Javadoc

1   package it.com.atlassian.rest.xsrf;
2   
3   import com.atlassian.plugins.rest.json.JsonObject;
4   import com.atlassian.rest.jersey.client.WebResourceFactory;
5   import com.sun.jersey.api.client.UniformInterfaceException;
6   import com.sun.jersey.api.client.WebResource;
7   import org.junit.Before;
8   import org.junit.Test;
9   
10  import javax.ws.rs.core.MediaType;
11  
12  import static org.junit.Assert.*;
13  
14  /**
15   */
16  public class XsrfCheckTest
17  {
18      private WebResource.Builder webResource;
19  
20      @Before
21      public void setUp()
22      {
23          webResource = WebResourceFactory.anonymous().path("xsrfCheck").getRequestBuilder();
24      }
25  
26      @Test
27      public void testGetBlocked()
28      {
29          assertBlocked("GET", webResource);
30      }
31  
32      @Test
33      public void testGetSuccess()
34      {
35          assertSuccessful("GET", addXsrf(webResource));
36      }
37  
38      @Test
39      public void testPostFormBlocked()
40      {
41          assertBlocked("POST", webResource.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED));
42      }
43  
44      @Test
45      public void testPostFormSuccess()
46      {
47          assertSuccessful("POST", addXsrf(webResource).header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED));
48      }
49  
50      @Test
51      public void testPostJsonSuccess()
52      {
53          assertSuccessful("POST", webResource.entity(new JsonObject()));
54      }
55  
56      @Test
57      public void testPutFormSuccess()
58      {
59          assertSuccessful("PUT", webResource.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED));
60      }
61  
62      private WebResource.Builder addXsrf(WebResource.Builder webResource)
63      {
64          return webResource.header("X-Atlassian-Token", "nocheck");
65      }
66  
67      private void assertSuccessful(String method, WebResource.Builder webResource)
68      {
69          assertEquals("Request succeeded", webResource.method(method, String.class));
70      }
71  
72      private void assertBlocked(String method, WebResource.Builder webResource)
73      {
74          try
75          {
76              webResource.method(method, String.class);
77              fail("Request succeeded");
78          }
79          catch (UniformInterfaceException e)
80          {
81              assertEquals("XSRF check failed", e.getResponse().getEntity(String.class));
82          }
83      }
84  }