BasicAuthFilterTest.java

/**
 * Copyright (C) 2013-2015 all@code-story.net
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License
 */
package net.codestory.http.filters.basic;

import static org.assertj.core.api.Assertions.*;
import static org.mockito.ArgumentCaptor.*;
import static org.mockito.Mockito.*;

import net.codestory.http.*;
import net.codestory.http.filters.*;
import net.codestory.http.payload.*;
import net.codestory.http.security.*;

import org.junit.*;
import org.mockito.*;

public class BasicAuthFilterTest {
  private BasicAuthFilter filter;

  private Payload next = Payload.ok();
  private PayloadSupplier nextFilter = () -> next;
  private Context context = mock(Context.class);
  private ArgumentCaptor<User> user = forClass(User.class);

  @Before
  public void create_filter() {
    filter = new BasicAuthFilter("/secure", "codestory", Users.singleUser("jl", "polka"));
  }

  @Test
  public void answer_401_on_non_authenticated_query() throws Exception {
    Payload payload = filter.apply("/secure/foo", context, nextFilter);

    assertThat(payload.code()).isEqualTo(401);
    assertThat(payload.headers()).containsEntry("WWW-Authenticate", "Basic realm=\"codestory\"");
  }

  @Test
  public void authorized_query() throws Exception {
    when(context.header("Authorization")).thenReturn("Basic amw6cG9sa2E="); // "jl:polka" encoded in base64

    Payload payload = filter.apply("/secure/foo", context, nextFilter);

    assertThat(payload).isSameAs(next);
    verify(context).setCurrentUser(user.capture());
    assertThat(user.getValue().login()).isEqualTo("jl");
  }

  @Test
  public void answer_401_on_invalid_password() throws Exception {
    when(context.header("Authorization")).thenReturn("Basic amw6V1JPTkc="); // "jl:WRONG" encoded in base64

    Payload payload = filter.apply("/secure/foo", context, nextFilter);

    assertThat(payload.code()).isEqualTo(401);
    assertThat(payload.headers()).containsEntry("WWW-Authenticate", "Basic realm=\"codestory\"");
  }

  @Test
  public void bad_request() throws Exception {
    when(context.header("Authorization")).thenReturn("Basic INVALID");

    Payload payload = filter.apply("/secure/foo", context, nextFilter);

    assertThat(payload.code()).isEqualTo(400);
  }

  @Test
  public void block_all_subsequent_paths() {
    assertThat(filter.matches("/", null)).isFalse();
    assertThat(filter.matches("/foo", null)).isFalse();
    assertThat(filter.matches("/foo/", null)).isFalse();
    assertThat(filter.matches("/foo/secure", null)).isFalse();

    assertThat(filter.matches("/secure", null)).isTrue();
    assertThat(filter.matches("/secure/", null)).isTrue();
    assertThat(filter.matches("/secure/foo", null)).isTrue();
    assertThat(filter.matches("/secure/foo/", null)).isTrue();
  }
}