View Javadoc
1   package com.atlassian.sal.core.xsrf;
2   
3   import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
4   import org.junit.After;
5   import org.junit.Before;
6   import org.junit.Test;
7   import org.mockito.Mock;
8   
9   import javax.servlet.http.HttpServletRequest;
10  
11  import static org.junit.Assert.assertFalse;
12  import static org.junit.Assert.assertTrue;
13  import static org.mockito.Mockito.mock;
14  import static org.mockito.Mockito.when;
15  
16  public class TestIndependentXsrfTokenValidator {
17      private IndependentXsrfTokenValidator validator;
18  
19      @Mock
20      private HttpServletRequest mockRequest;
21      @Mock
22      private XsrfTokenAccessor mockAccessor;
23  
24      @Before
25      public void setUp() {
26          mockAccessor = mock(XsrfTokenAccessor.class);
27          mockRequest = mock(HttpServletRequest.class);
28          validator = new IndependentXsrfTokenValidator(mockAccessor);
29      }
30  
31      @After
32      public void tearDown() {
33          validator = null;
34          mockRequest = null;
35          mockAccessor = null;
36      }
37  
38      @Test
39      public void testValidToken() {
40          when(mockAccessor.getXsrfToken(mockRequest, null, false)).thenReturn("cookievalue");
41          when(mockRequest.getParameter(validator.getXsrfParameterName())).thenReturn("cookievalue");
42  
43          assertTrue(validator.validateFormEncodedToken(mockRequest));
44      }
45  
46      @Test
47      public void testInvalidToken() {
48          when(mockAccessor.getXsrfToken(mockRequest, null, false)).thenReturn("cookievalue");
49          when(mockRequest.getParameter(validator.getXsrfParameterName())).thenReturn("somethingelse");
50  
51          assertFalse(validator.validateFormEncodedToken(mockRequest));
52      }
53  
54      @Test
55      public void testNoXsrfParameter() {
56          when(mockAccessor.getXsrfToken(mockRequest, null, false)).thenReturn("cookievalue");
57  
58          assertFalse(validator.validateFormEncodedToken(mockRequest));
59      }
60  
61      @Test
62      public void testNoXsrfCookie() {
63          when(mockRequest.getParameter(validator.getXsrfParameterName())).thenReturn("cookievalue");
64  
65          assertFalse(validator.validateFormEncodedToken(mockRequest));
66      }
67  
68      @Test
69      public void testNoXsrfAtAll() {
70          assertFalse(validator.validateFormEncodedToken(mockRequest));
71      }
72  }