View Javadoc

1   package com.atlassian.sal.core.xsrf;
2   
3   import org.junit.Before;
4   import org.junit.Test;
5   import org.springframework.mock.web.MockHttpServletRequest;
6   import org.springframework.mock.web.MockHttpServletResponse;
7   
8   import javax.servlet.http.Cookie;
9   
10  import static com.atlassian.sal.core.xsrf.IndependentXsrfTokenAccessor.XSRF_COOKIE_KEY;
11  import static org.junit.Assert.*;
12  
13  /**
14   * @since 2.4
15   */
16  public class TestIndependentXsrfTokenAccessor
17  {
18      private IndependentXsrfTokenAccessor accessor;
19      private MockHttpServletRequest request;
20      private MockHttpServletResponse response;
21  
22      @Before
23      public void setUp()
24      {
25          accessor = new IndependentXsrfTokenAccessor();
26          request = new MockHttpServletRequest();
27          response = new MockHttpServletResponse();
28      }
29  
30      @Test
31      public void testGetExistingToken()
32      {
33          request.setCookies(new Cookie[] {new Cookie(XSRF_COOKIE_KEY, "cookievalue")});
34          assertEquals("cookievalue", accessor.getXsrfToken(request, response, true));
35          assertNull(response.getCookie(XSRF_COOKIE_KEY));
36      }
37  
38      @Test
39      public void testGetExistingTokenNoCreate()
40      {
41          request.setCookies(new Cookie[] {new Cookie(XSRF_COOKIE_KEY, "cookievalue")});
42          assertEquals("cookievalue", accessor.getXsrfToken(request, response, false));
43          assertNull(response.getCookie(XSRF_COOKIE_KEY));
44      }
45  
46      @Test
47      public void testCreateToken()
48      {
49          String token = accessor.getXsrfToken(request, response, true);
50          assertNotNull(token);
51          Cookie cookie = response.getCookie(XSRF_COOKIE_KEY);
52          assertNotNull(cookie);
53          assertEquals(token, cookie.getValue());
54      }
55  
56      @Test
57      public void testCreateTokenForASecureRequestCreatesASecureCookie()
58      {
59          request.setSecure(true);
60          String token = accessor.getXsrfToken(request, response, true);
61          Cookie cookie = response.getCookie(XSRF_COOKIE_KEY);
62          assertTrue(cookie.getSecure());
63          assertEquals(token, cookie.getValue());
64      }
65  
66      @Test
67      public void testCreateTokenForANonSecureRequestCreatesANonSecureCookie()
68      {
69          request.setSecure(false);
70          String token = accessor.getXsrfToken(request, response, true);
71          Cookie cookie = response.getCookie(XSRF_COOKIE_KEY);
72          assertFalse(cookie.getSecure());
73          assertEquals(token, cookie.getValue());
74      }
75  
76      @Test
77      public void testGetTokenNoCreate()
78      {
79          assertNull(accessor.getXsrfToken(request, response, false));
80          assertNull(response.getCookie(XSRF_COOKIE_KEY));
81      }
82  
83  }