1 package com.atlassian.sal.core.xsrf;
2
3 import com.atlassian.sal.api.xsrf.XsrfHeaderValidator;
4 import com.atlassian.sal.api.xsrf.XsrfRequestValidator;
5 import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
6 import org.junit.Before;
7 import org.junit.Test;
8 import org.junit.runner.RunWith;
9 import org.mockito.Mock;
10 import org.mockito.runners.MockitoJUnitRunner;
11
12 import javax.servlet.http.HttpServletRequest;
13
14 import static org.junit.Assert.assertFalse;
15 import static org.junit.Assert.assertTrue;
16 import static org.mockito.Mockito.when;
17
18 @RunWith(MockitoJUnitRunner.class)
19 public class TestXsrfRequestValidator {
20 private static final String TOKEN_VALUE = "no-check";
21 private XsrfRequestValidator validator;
22
23 @Mock
24 private HttpServletRequest mockRequest;
25 @Mock
26 private XsrfTokenValidator mockValidator;
27
28 @Before
29 public void setUp() {
30 validator = new XsrfRequestValidatorImpl(mockValidator);
31 }
32
33 @Test
34 public void testNoTokenAndNoHeader() {
35 when(mockValidator.validateFormEncodedToken(mockRequest))
36 .thenReturn(false);
37 assertFalse(validator.validateRequestPassesXsrfChecks(mockRequest));
38 }
39
40 @Test
41 public void testValidTokenAndNoHeader() {
42 when(mockValidator.validateFormEncodedToken(mockRequest))
43 .thenReturn(true);
44 assertTrue(validator.validateRequestPassesXsrfChecks(mockRequest));
45 }
46
47 @Test
48 public void testInvalidTokenValidHeader() {
49 when(mockValidator.validateFormEncodedToken(mockRequest))
50 .thenReturn(false);
51 when(mockRequest.getHeader(XsrfHeaderValidator.TOKEN_HEADER))
52 .thenReturn(TOKEN_VALUE);
53 assertTrue(validator.validateRequestPassesXsrfChecks(mockRequest));
54 }
55
56 @Test
57 public void testValidTokenInvalidHeader() {
58 when(mockValidator.validateFormEncodedToken(mockRequest))
59 .thenReturn(true);
60 when(mockRequest.getHeader(XsrfHeaderValidator.TOKEN_HEADER))
61 .thenReturn("INVALID_HEADER_VALUE");
62 assertTrue(validator.validateRequestPassesXsrfChecks(mockRequest));
63 }
64 }