View Javadoc
1   package com.atlassian.sal.core.xsrf;
2   
3   import org.junit.Before;
4   import org.junit.Test;
5   import org.springframework.mock.web.MockHttpServletRequest;
6   import org.springframework.mock.web.MockHttpServletResponse;
7   
8   import javax.servlet.http.Cookie;
9   
10  import static com.atlassian.sal.core.xsrf.IndependentXsrfTokenAccessor.XSRF_COOKIE_KEY;
11  import static org.junit.Assert.assertEquals;
12  import static org.junit.Assert.assertFalse;
13  import static org.junit.Assert.assertNotNull;
14  import static org.junit.Assert.assertNull;
15  import static org.junit.Assert.assertTrue;
16  
17  /**
18   * @since 2.4
19   */
20  public class TestIndependentXsrfTokenAccessor {
21      private IndependentXsrfTokenAccessor accessor;
22      private MockHttpServletRequest request;
23      private MockHttpServletResponse response;
24  
25      @Before
26      public void setUp() {
27          accessor = new IndependentXsrfTokenAccessor();
28          request = new MockHttpServletRequest();
29          response = new MockHttpServletResponse();
30      }
31  
32      @Test
33      public void testGetExistingToken() {
34          request.setCookies(new Cookie[]{new Cookie(XSRF_COOKIE_KEY, "cookievalue")});
35          assertEquals("cookievalue", accessor.getXsrfToken(request, response, true));
36          assertNull(response.getCookie(XSRF_COOKIE_KEY));
37      }
38  
39      @Test
40      public void testGetExistingTokenNoCreate() {
41          request.setCookies(new Cookie[]{new Cookie(XSRF_COOKIE_KEY, "cookievalue")});
42          assertEquals("cookievalue", accessor.getXsrfToken(request, response, false));
43          assertNull(response.getCookie(XSRF_COOKIE_KEY));
44      }
45  
46      @Test
47      public void testCreateToken() {
48          String token = accessor.getXsrfToken(request, response, true);
49          assertNotNull(token);
50          Cookie cookie = response.getCookie(XSRF_COOKIE_KEY);
51          assertNotNull(cookie);
52          assertEquals(token, cookie.getValue());
53      }
54  
55      @Test
56      public void testCreateTokenForASecureRequestCreatesASecureCookie() {
57          request.setSecure(true);
58          String token = accessor.getXsrfToken(request, response, true);
59          Cookie cookie = response.getCookie(XSRF_COOKIE_KEY);
60          assertTrue(cookie.getSecure());
61          assertEquals(token, cookie.getValue());
62      }
63  
64      @Test
65      public void testCreateTokenForANonSecureRequestCreatesANonSecureCookie() {
66          request.setSecure(false);
67          String token = accessor.getXsrfToken(request, response, true);
68          Cookie cookie = response.getCookie(XSRF_COOKIE_KEY);
69          assertFalse(cookie.getSecure());
70          assertEquals(token, cookie.getValue());
71      }
72  
73      @Test
74      public void testGetTokenNoCreate() {
75          assertNull(accessor.getXsrfToken(request, response, false));
76          assertNull(response.getCookie(XSRF_COOKIE_KEY));
77      }
78  
79  }