BasicAuthTest.java

/**
 * Copyright (C) 2013-2015 all@code-story.net
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License
 */
package net.codestory.http.filters.basic;

import net.codestory.http.filters.mixed.*;
import net.codestory.http.security.*;
import net.codestory.http.testhelpers.*;

import org.junit.*;

import static java.util.Collections.singletonMap;

public class BasicAuthTest extends AbstractProdWebServerTest {
  @Test
  public void public_page() {
    configure(routes -> routes
        .filter(new BasicAuthFilter("/secure", "codestory", Users.forMap(singletonMap("jl", "polka"))))
        .get("/", "Public")
    );

    get("/").should().respond(200).haveType("text/html").contain("Public");
  }

  @Test
  public void unauthorized() {
    configure(routes -> routes
        .filter(new BasicAuthFilter("/secure", "codestory", Users.forMap(singletonMap("jl", "polka"))))
        .get("/secure", "Private")
    );

    get("/secure").should().respond(401).haveHeader("WWW-Authenticate", "Basic realm=\"codestory\"");
  }

  @Test
  public void secured() {
    configure(routes -> routes
        .filter(new BasicAuthFilter("/secure", "codestory", Users.forMap(singletonMap("jl", "polka"))))
        .get("/secure", "Private")
    );

    get("/secure").withAuthentication("jl", "polka").should().respond(200).haveType("text/html").contain("Private");
  }

  @Test
  public void wrong_password() {
    configure(routes -> routes
        .filter(new BasicAuthFilter("/secure", "codestory", Users.forMap(singletonMap("jl", "polka"))))
        .get("/secure", "Private")
    );

    get("/secure").withAuthentication("jl", "wrongpassword").should().respond(401);
  }

  @Test
  public void get_user_id() {
    configure(routes -> routes
        .filter(new BasicAuthFilter("/secure", "codestory", Users.forMap(singletonMap("Dave", "pwd"))))
        .get("/secure", context -> "Hello " + context.currentUser().login())
    );

    get("/secure").withAuthentication("Dave", "pwd").should().respond(200).haveType("text/html").contain("Hello Dave");
  }

  @Test
  public void support_basic_auth_with_mixed_filter() {
    configure(routes -> routes
        .filter(new MixedAuthFilter("/secure", "codestory", Users.forMap(singletonMap("Dave", "pwd")), SessionIdStore.inMemory()))
        .get("/secure", context -> "Hello " + context.currentUser().login())
    );

    get("/secure").withPreemptiveAuthentication("Dave", "pwd").should().respond(200).haveType("text/html").contain("Hello Dave")
      .haveCookie("auth", null);
  }
}