1 package com.atlassian.sal.core.csrf;
2
3 import com.atlassian.sal.api.xsrf.XsrfHeaderValidator;
4 import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
5 import org.junit.Before;
6 import org.junit.Test;
7 import org.junit.runner.RunWith;
8 import org.mockito.Mock;
9 import org.mockito.runners.MockitoJUnitRunner;
10
11 import javax.servlet.http.HttpServletRequest;
12
13 import static org.junit.Assert.assertFalse;
14 import static org.junit.Assert.assertTrue;
15 import static org.mockito.Mockito.when;
16
17 @RunWith(MockitoJUnitRunner.class)
18 public class TestCsrfRequestValidator
19 {
20 private static final String TOKEN_VALUE = "no-check";
21 private CsrfRequestValidator validator;
22
23 @Mock
24 private HttpServletRequest mockRequest;
25 @Mock
26 private XsrfTokenValidator mockValidator;
27
28 @Before
29 public void setUp()
30 {
31 validator = new CsrfRequestValidator(mockValidator);
32 }
33
34 @Test
35 public void testNoTokenAndNoHeader()
36 {
37 when(mockValidator.validateFormEncodedToken(mockRequest))
38 .thenReturn(false);
39 assertFalse(validator.validateRequestPassesXsrfChecks(mockRequest));
40 }
41
42 @Test
43 public void testValidTokenAndNoHeader()
44 {
45 when(mockValidator.validateFormEncodedToken(mockRequest))
46 .thenReturn(true);
47 assertTrue(validator.validateRequestPassesXsrfChecks(mockRequest));
48 }
49
50 @Test
51 public void testInvalidTokenValidHeader()
52 {
53 when(mockValidator.validateFormEncodedToken(mockRequest))
54 .thenReturn(false);
55 when(mockRequest.getHeader(XsrfHeaderValidator.TOKEN_HEADER))
56 .thenReturn(TOKEN_VALUE);
57 assertTrue(validator.validateRequestPassesXsrfChecks(mockRequest));
58 }
59
60 @Test
61 public void testValidTokenInvalidHeader()
62 {
63 when(mockValidator.validateFormEncodedToken(mockRequest))
64 .thenReturn(true);
65 when(mockRequest.getHeader(XsrfHeaderValidator.TOKEN_HEADER))
66 .thenReturn("INVALID_HEADER_VALUE");
67 assertTrue(validator.validateRequestPassesXsrfChecks(mockRequest));
68 }
69 }