View Javadoc

1   package com.atlassian.sal.core.xsrf;
2   
3   import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
4   import junit.framework.TestCase;
5   import org.junit.After;
6   import org.junit.Before;
7   import org.junit.Test;
8   import org.mockito.Mock;
9   
10  import javax.servlet.http.HttpServletRequest;
11  
12  import static org.mockito.Mockito.mock;
13  import static org.mockito.Mockito.when;
14  
15  public class TestIndependentXsrfTokenValidator extends TestCase {
16      private IndependentXsrfTokenValidator validator;
17  
18      @Mock
19      private HttpServletRequest mockRequest;
20      @Mock
21      private XsrfTokenAccessor mockAccessor;
22  
23      @Before
24      public void setUp() {
25          mockAccessor = mock(XsrfTokenAccessor.class);
26          mockRequest = mock(HttpServletRequest.class);
27          validator = new IndependentXsrfTokenValidator(mockAccessor);
28      }
29  
30      @After
31      public void tearDown() {
32          validator = null;
33          mockRequest = null;
34          mockAccessor = null;
35      }
36  
37      @Test
38      public void testValidToken() {
39          when(mockAccessor.getXsrfToken(mockRequest, null, false)).thenReturn("cookievalue");
40          when(mockRequest.getParameter(validator.getXsrfParameterName())).thenReturn("cookievalue");
41  
42          assertTrue(validator.validateFormEncodedToken(mockRequest));
43      }
44  
45      @Test
46      public void testInvalidToken() {
47          when(mockAccessor.getXsrfToken(mockRequest, null, false)).thenReturn("cookievalue");
48          when(mockRequest.getParameter(validator.getXsrfParameterName())).thenReturn("somethingelse");
49  
50          assertFalse(validator.validateFormEncodedToken(mockRequest));
51      }
52  
53      @Test
54      public void testNoXsrfParameter() {
55          when(mockAccessor.getXsrfToken(mockRequest, null, false)).thenReturn("cookievalue");
56  
57          assertFalse(validator.validateFormEncodedToken(mockRequest));
58      }
59  
60      @Test
61      public void testNoXsrfCookie() {
62          when(mockRequest.getParameter(validator.getXsrfParameterName())).thenReturn("cookievalue");
63  
64          assertFalse(validator.validateFormEncodedToken(mockRequest));
65      }
66  
67      @Test
68      public void testNoXsrfAtAll() {
69          assertFalse(validator.validateFormEncodedToken(mockRequest));
70      }
71  }