1 package com.atlassian.plugins.rest.common.security.jersey;
2
3 import com.atlassian.plugins.rest.common.security.XsrfCheckFailedException;
4 import com.sun.jersey.spi.container.ContainerRequest;
5 import org.junit.Before;
6 import org.junit.Test;
7 import org.junit.runner.RunWith;
8 import org.mockito.Mock;
9 import org.mockito.runners.MockitoJUnitRunner;
10
11 import javax.ws.rs.core.MediaType;
12
13 import static org.junit.Assert.assertEquals;
14 import static org.mockito.Mockito.when;
15
16
17
18 @RunWith (MockitoJUnitRunner.class)
19 public class TestXsrfResourceFilter
20 {
21 private XsrfResourceFilter xsrfResourceFilter;
22 @Mock
23 private ContainerRequest request;
24
25 @Before
26 public void setUp()
27 {
28 xsrfResourceFilter = new XsrfResourceFilter();
29 }
30
31 @Test(expected = XsrfCheckFailedException.class)
32 public void testGetBlocked()
33 {
34 when(request.getMethod()).thenReturn("GET");
35 xsrfResourceFilter.filter(request);
36 }
37
38 @Test
39 public void testGetSuccess()
40 {
41 when(request.getMethod()).thenReturn("GET");
42 when(request.getHeaderValue("X-Atlassian-Token")).thenReturn("nocheck");
43 assertEquals(request, xsrfResourceFilter.filter(request));
44 }
45
46 @Test(expected = XsrfCheckFailedException.class)
47 public void testPostBlocked()
48 {
49 when(request.getMethod()).thenReturn("POST");
50 when(request.getMediaType()).thenReturn(MediaType.APPLICATION_FORM_URLENCODED_TYPE);
51 xsrfResourceFilter.filter(request);
52 }
53
54 @Test
55 public void testPostSuccess()
56 {
57 when(request.getMethod()).thenReturn("POST");
58 when(request.getMediaType()).thenReturn(MediaType.APPLICATION_FORM_URLENCODED_TYPE);
59 when(request.getHeaderValue("X-Atlassian-Token")).thenReturn("nocheck");
60 assertEquals(request, xsrfResourceFilter.filter(request));
61 }
62
63 @Test
64 public void testPostJsonSuccess()
65 {
66 when(request.getMethod()).thenReturn("POST");
67 when(request.getMediaType()).thenReturn(MediaType.APPLICATION_JSON_TYPE);
68 assertEquals(request, xsrfResourceFilter.filter(request));
69 }
70
71 @Test
72 public void testPutFormSuccess()
73 {
74 when(request.getMethod()).thenReturn("PUT");
75 when(request.getMediaType()).thenReturn(MediaType.APPLICATION_FORM_URLENCODED_TYPE);
76 assertEquals(request, xsrfResourceFilter.filter(request));
77 }
78
79 }