AuthenticationInterceptorTest.java

/*
 * #%L
 * Wisdom-Framework
 * %%
 * Copyright (C) 2013 - 2014 Wisdom Framework
 * %%
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * #L%
 */
package org.wisdom.router.security;

import org.junit.Before;
import org.junit.Test;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;
import org.wisdom.api.http.Context;
import org.wisdom.api.http.Request;
import org.wisdom.api.http.Result;
import org.wisdom.api.http.Results;
import org.wisdom.api.interception.RequestContext;
import org.wisdom.api.security.Authenticated;
import org.wisdom.api.security.Authenticator;

import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.*;

/**
 * Check the behavior of the Authentication Interceptor
 */
public class AuthenticationInterceptorTest {

    private String username;
    private Answer usernameAnswer = new Answer() {
        @Override
        public Object answer(InvocationOnMock invocation) throws Throwable {
            AuthenticationInterceptorTest.this.username = (String) invocation.getArguments()[0];
            return null;
        }
    };

    @Before
    public void setUp() {
        username = null;
    }

    @Test
    public void testSuccessfulAuthWithOnlyOneAuthenticator() throws Throwable {
        AuthenticationInterceptor interceptor = new AuthenticationInterceptor();
        interceptor.authenticators = new Authenticator[]{new TrueAuthenticator()};

        Authenticated authenticated = mock(Authenticated.class);
        RequestContext ic = mock(RequestContext.class);
        Context ctx = mock(Context.class);
        Request request = mock(Request.class);
        when(ic.context()).thenReturn(ctx);
        when(ic.proceed()).thenReturn(Results.ok("authenticated"));
        when(ctx.request()).thenReturn(request);
        doAnswer(usernameAnswer).when(request).setUsername(anyString());

        assertThat(interceptor.call(authenticated, ic).getStatusCode()).isEqualTo(200);
        assertThat(username).isEqualTo("admin");
    }

    @Test
    public void testFailedAuthWithOnlyOneAuthenticator() throws Throwable {
        AuthenticationInterceptor interceptor = new AuthenticationInterceptor();
        interceptor.authenticators = new Authenticator[]{new FalseAuthenticator()};

        Authenticated authenticated = mock(Authenticated.class);
        RequestContext ic = mock(RequestContext.class);
        Context ctx = mock(Context.class);
        Request request = mock(Request.class);
        when(ic.context()).thenReturn(ctx);
        when(ic.proceed()).thenReturn(Results.ok("authenticated"));
        when(ctx.request()).thenReturn(request);
        doAnswer(usernameAnswer).when(request).setUsername(anyString());

        assertThat(interceptor.call(authenticated, ic).getStatusCode()).isEqualTo(401);
        assertThat(username).isNull();
    }

    @Test
    public void testAuthWithNoAuthenticator() throws Throwable {
        AuthenticationInterceptor interceptor = new AuthenticationInterceptor();
        interceptor.authenticators = new Authenticator[]{};

        Authenticated authenticated = mock(Authenticated.class);
        RequestContext ic = mock(RequestContext.class);
        Context ctx = mock(Context.class);
        Request request = mock(Request.class);
        when(ic.context()).thenReturn(ctx);
        when(ic.proceed()).thenReturn(Results.ok("authenticated"));
        when(ctx.request()).thenReturn(request);
        doAnswer(usernameAnswer).when(request).setUsername(anyString());

        assertThat(interceptor.call(authenticated, ic).getStatusCode()).isEqualTo(401);
        assertThat(username).isNull();
    }

    @Test
    public void testAuthWithNoMatchingAuthenticator() throws Throwable {
        AuthenticationInterceptor interceptor = new AuthenticationInterceptor();
        interceptor.authenticators = new Authenticator[]{new TrueAuthenticator()};

        Authenticated authenticated = mock(Authenticated.class);
        when(authenticated.value()).thenReturn("admin");
        RequestContext ic = mock(RequestContext.class);
        Context ctx = mock(Context.class);
        Request request = mock(Request.class);
        when(ic.context()).thenReturn(ctx);
        when(ic.proceed()).thenReturn(Results.ok("authenticated"));
        when(ctx.request()).thenReturn(request);
        doAnswer(usernameAnswer).when(request).setUsername(anyString());

        assertThat(interceptor.call(authenticated, ic).getStatusCode()).isEqualTo(401);
        assertThat(username).isNull();
    }

    @Test
    public void testAuthWithMatchingAuthenticator() throws Throwable {
        AuthenticationInterceptor interceptor = new AuthenticationInterceptor();
        interceptor.authenticators = new Authenticator[]{new TrueAuthenticator(), new AdminAuthenticator()};

        Authenticated authenticated = mock(Authenticated.class);
        when(authenticated.value()).thenReturn("admin");
        RequestContext ic = mock(RequestContext.class);
        Context ctx = mock(Context.class);
        Request request = mock(Request.class);
        when(ctx.parameter("username")).thenReturn("admin");
        when(ic.context()).thenReturn(ctx);
        when(ic.proceed()).thenReturn(Results.ok("authenticated"));
        when(ctx.request()).thenReturn(request);
        doAnswer(usernameAnswer).when(request).setUsername(anyString());

        assertThat(interceptor.call(authenticated, ic).getStatusCode()).isEqualTo(200);
        assertThat(username).isEqualTo("admin");
    }


    private class TrueAuthenticator implements Authenticator {

        @Override
        public String getName() {
            return "true";
        }

        @Override
        public String getUserName(Context context) {
            return "admin";
        }

        @Override
        public Result onUnauthorized(Context context) {
            return Results.unauthorized();
        }
    }

    private class FalseAuthenticator implements Authenticator {

        @Override
        public String getName() {
            return "false";
        }

        @Override
        public String getUserName(Context context) {
            return null;
        }

        @Override
        public Result onUnauthorized(Context context) {
            return Results.unauthorized();
        }
    }

    private class AdminAuthenticator implements Authenticator {

        @Override
        public String getName() {
            return "admin";
        }

        @Override
        public String getUserName(Context context) {
            String name = context.parameter("username");
            if (name != null && "admin".equals(name)) {
                return "admin";
            } else {
                return null;
            }
        }

        @Override
        public Result onUnauthorized(Context context) {
            return Results.unauthorized();
        }
    }
}