1 package com.atlassian.sal.core.xsrf;
2
3 import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
4 import junit.framework.TestCase;
5 import org.junit.After;
6 import org.junit.Before;
7 import org.junit.Test;
8 import org.mockito.Mock;
9
10 import javax.servlet.http.HttpServletRequest;
11
12 import static org.mockito.Mockito.mock;
13 import static org.mockito.Mockito.when;
14
15 public class TestIndependentXsrfTokenValidator extends TestCase {
16 private IndependentXsrfTokenValidator validator;
17
18 @Mock
19 private HttpServletRequest mockRequest;
20 @Mock
21 private XsrfTokenAccessor mockAccessor;
22
23 @Before
24 public void setUp() {
25 mockAccessor = mock(XsrfTokenAccessor.class);
26 mockRequest = mock(HttpServletRequest.class);
27 validator = new IndependentXsrfTokenValidator(mockAccessor);
28 }
29
30 @After
31 public void tearDown() {
32 validator = null;
33 mockRequest = null;
34 mockAccessor = null;
35 }
36
37 @Test
38 public void testValidToken() {
39 when(mockAccessor.getXsrfToken(mockRequest, null, false)).thenReturn("cookievalue");
40 when(mockRequest.getParameter(validator.getXsrfParameterName())).thenReturn("cookievalue");
41
42 assertTrue(validator.validateFormEncodedToken(mockRequest));
43 }
44
45 @Test
46 public void testInvalidToken() {
47 when(mockAccessor.getXsrfToken(mockRequest, null, false)).thenReturn("cookievalue");
48 when(mockRequest.getParameter(validator.getXsrfParameterName())).thenReturn("somethingelse");
49
50 assertFalse(validator.validateFormEncodedToken(mockRequest));
51 }
52
53 @Test
54 public void testNoXsrfParameter() {
55 when(mockAccessor.getXsrfToken(mockRequest, null, false)).thenReturn("cookievalue");
56
57 assertFalse(validator.validateFormEncodedToken(mockRequest));
58 }
59
60 @Test
61 public void testNoXsrfCookie() {
62 when(mockRequest.getParameter(validator.getXsrfParameterName())).thenReturn("cookievalue");
63
64 assertFalse(validator.validateFormEncodedToken(mockRequest));
65 }
66
67 @Test
68 public void testNoXsrfAtAll() {
69 assertFalse(validator.validateFormEncodedToken(mockRequest));
70 }
71 }