ThymeleafCsrfDialectTest.java

/*
 * #%L
 * Wisdom-Framework
 * %%
 * Copyright (C) 2013 - 2015 Wisdom Framework
 * %%
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * #L%
 */
package org.wisdom.framework.csrf;

import org.junit.After;
import org.junit.Test;
import org.mockito.Matchers;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.thymeleaf.dialect.IDialect;
import org.thymeleaf.dom.Element;
import org.thymeleaf.dom.Node;
import org.thymeleaf.processor.IProcessor;
import org.wisdom.api.configuration.Configuration;
import org.wisdom.api.crypto.Crypto;
import org.wisdom.api.crypto.Hash;
import org.wisdom.api.http.Context;
import org.wisdom.api.templates.TemplateEngine;
import org.wisdom.crypto.CryptoServiceSingleton;
import org.wisdom.framework.csrf.unit.CSRFServiceImplTest;
import org.wisdom.test.parents.FakeContext;

import java.util.Dictionary;
import java.util.List;

import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

public class ThymeleafCsrfDialectTest {

    @After
    public void tearDown() {
        Context.CONTEXT.remove();
    }

    @Test
    public void testThatServiceIsRegisteredOnTheArrivalOfThymeleaf() {
        ThymeleafCsrfDialect component = new ThymeleafCsrfDialect();
        component.csrf = new CSRFServiceImpl();
        ((CSRFServiceImpl) component.csrf).crypto = new CryptoServiceSingleton(CSRFServiceImplTest.SECRET, Hash.MD5,
                128, Crypto.AES_CBC_ALGORITHM, 20);
        component.context = mock(BundleContext.class);
        when(component.context.registerService(any(Class.class), any(IDialect.class), Matchers.<Dictionary<String, Object>>any()))
                .thenReturn(mock(ServiceRegistration.class));

        assertThat(component.reg).isNull();

        TemplateEngine engine = mock(TemplateEngine.class);
        when(engine.name()).thenReturn("thymeleaf");
        component.bindTemplateEngine(engine);

        assertThat(component.reg).isNotNull();

        component.unbindTemplateEngine(engine);
        assertThat(component.reg).isNull();
    }

    @Test
    public void testTheCreatedProcessorWhenNoTokenCreated() {
        ThymeleafCsrfDialect component = new ThymeleafCsrfDialect();
        component.csrf = new CSRFServiceImpl();
        ((CSRFServiceImpl) component.csrf).crypto = new CryptoServiceSingleton(CSRFServiceImplTest.SECRET, Hash.MD5,
                128, Crypto.AES_CBC_ALGORITHM, 20);
        final Configuration configuration = mock(Configuration.class);
        when(configuration.getWithDefault("token.name", "csrfToken")).thenReturn("csrfToken");
        ((CSRFServiceImpl) component.csrf).configuration = configuration;

        FakeContext ctxt = new FakeContext();
        Context.CONTEXT.set(ctxt);

        IDialect dialect = component.createDialect();
        assertThat(dialect.getPrefix()).isEqualToIgnoringCase("csrf");
        assertThat(dialect.getProcessors()).hasSize(1);

        IProcessor processor = dialect.getProcessors().iterator().next();
        assertThat(processor).isInstanceOf(ThymeleafCsrfDialect.CSRFElementProcessor.class);

        List<Node> nodes = ((ThymeleafCsrfDialect.CSRFElementProcessor) processor).getMarkupSubstitutes(null, null);
        assertThat(nodes).hasSize(1);
        assertThat(nodes.get(0)).isInstanceOf(Element.class);
        Element element = (Element) nodes.get(0);
        assertThat(element.getNormalizedName()).isEqualTo("input");
        assertThat(element.getAttributeFromNormalizedName("type").getValue()).isEqualTo("hidden");
        assertThat(element.getAttributeFromNormalizedName("name").getValue()).isEqualTo("csrfToken");
        assertThat(element.getAttributeFromNormalizedName("value").getValue()).isEqualTo("invalid");
    }

    @Test
    public void testTheCreatedProcessorWithToken() {
        ThymeleafCsrfDialect component = new ThymeleafCsrfDialect();
        component.csrf = new CSRFServiceImpl();
        ((CSRFServiceImpl) component.csrf).crypto = new CryptoServiceSingleton(CSRFServiceImplTest.SECRET, Hash.MD5,
                128, Crypto.AES_CBC_ALGORITHM, 20);
        final Configuration configuration = mock(Configuration.class);
        when(configuration.getWithDefault("token.name", "csrfToken")).thenReturn("csrfToken");
        ((CSRFServiceImpl) component.csrf).configuration = configuration;

        FakeContext ctxt = new FakeContext();
        ctxt.getFakeRequest().data().put(CSRFServiceImpl.TOKEN_KEY, "token");
        Context.CONTEXT.set(ctxt);

        IDialect dialect = component.createDialect();
        assertThat(dialect.getPrefix()).isEqualToIgnoringCase("csrf");
        assertThat(dialect.getProcessors()).hasSize(1);

        IProcessor processor = dialect.getProcessors().iterator().next();
        assertThat(processor).isInstanceOf(ThymeleafCsrfDialect.CSRFElementProcessor.class);

        List<Node> nodes = ((ThymeleafCsrfDialect.CSRFElementProcessor) processor).getMarkupSubstitutes(null, null);
        assertThat(nodes).hasSize(1);
        assertThat(nodes.get(0)).isInstanceOf(Element.class);
        Element element = (Element) nodes.get(0);
        assertThat(element.getNormalizedName()).isEqualTo("input");
        assertThat(element.getAttributeFromNormalizedName("type").getValue()).isEqualTo("hidden");
        assertThat(element.getAttributeFromNormalizedName("name").getValue()).isEqualTo("csrfToken");
        assertThat(element.getAttributeFromNormalizedName("value").getValue()).isEqualTo("token");
    }

}