AssetsControllerTest.java

/**
 * Copyright (C) 2012-2017 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package controllers;

import static org.junit.Assert.assertEquals;

import java.util.Map;

import ninja.NinjaTest;

import org.apache.http.HttpResponse;
import org.junit.Test;

import com.google.common.collect.Maps;
import static org.hamcrest.CoreMatchers.containsString;
import org.junit.Assert;
import static org.junit.Assert.assertThat;
import static org.hamcrest.Matchers.equalToIgnoringCase;

public class AssetsControllerTest extends NinjaTest {

    @Test
    public void testThatSettingOfMimeTypeWorks() {

        // Some empty headers for now...
        Map<String, String> headers = Maps.newHashMap();

        // /redirect will send a location: redirect in the headers
        HttpResponse httpResponse = ninjaTestBrowser.makeRequestAndGetResponse(
                getServerAddress() + "assets/files/test_for_mimetypes.dxf",
                headers);

        // this is a mimetype nobody knows of...
        // but it is listetd in the ninja mimetypes... therefore it will be found
        // servers change case & whitespace (e.g. jetty 9.2 vs. 9.3)
        String contentType = httpResponse.getHeaders("Content-Type")[0].getValue();
        assertThat(contentType.replace(" ", ""), equalToIgnoringCase("application/dxf;charset=UTF-8"));
    }
    
    @Test
    public void testThatAssetsWork() {

        // Some empty headers for now...
        Map<String, String> headers = Maps.newHashMap();

        // /redirect will send a location: redirect in the headers
        HttpResponse httpResponse = ninjaTestBrowser.makeRequestAndGetResponse(
                getServerAddress() + "assets/js/google-code-prettify/prettify.css", headers);

        assertEquals(200, httpResponse.getStatusLine().getStatusCode());

    }
    
    @Test
    public void testThatMetaInfIntegrationWorks() {

        // Some empty headers for now...
        Map<String, String> headers = Maps.newHashMap();

        // /redirect will send a location: redirect in the headers
        HttpResponse httpResponse = ninjaTestBrowser.makeRequestAndGetResponse(
                getServerAddress() + "assets/webjars/bootstrap/3.3.4/css/bootstrap.min.css", headers);

        assertEquals(200, httpResponse.getStatusLine().getStatusCode());
    }
    
    @Test
    public void testThatStaticAssetsDoNotSetNinjaCookies() {
        // Some empty headers for now...
        Map<String, String> headers = Maps.newHashMap();
        headers.put("Cookie", "NINJA_FLASH=\"success=This+is+a+flashed+success+-+with+placeholder%3A+PLACEHOLDER\";Path=/");

        // /redirect will send a location: redirect in the headers
        HttpResponse httpResponse = ninjaTestBrowser.makeRequestAndGetResponse(
                getServerAddress() + "assets/files/test_for_mimetypes.dxf",
                headers);
            
        // static assets should not set any session information        
        // ... and static assets should not set any flash information
        assertEquals(null, httpResponse.getFirstHeader("Set-Cookie"));
    }

    @Test
    public void testSecurityRelativePathIntoOtherDirectoryDoesNotWork() throws Exception {
        // Some empty headers for now...
        Map<String, String> headers = Maps.newHashMap();
        // /redirect will send a location: redirect in the headers
        String response = ninjaTestBrowser.makeRequest(
                getServerAddress() + "assets/js/prettify.js/../../../conf/application.conf",
                headers);
        Assert.assertFalse(response.contains("application.secret"));
    }

    @Test
    public void testSecurityRelativePathIntoOtherDirectoryDoesNotWorkWithEncodedSlashes() throws Exception {
        // Some empty headers for now...
        Map<String, String> headers = Maps.newHashMap();
        // /redirect will send a location: redirect in the headers
        String response = ninjaTestBrowser.makeRequest(
                getServerAddress() + "assets/js/prettify.js%2F..%2F..%2F..%2Fconf%2Fapplication.conf",
                headers);
        Assert.assertFalse(response.contains("application.secret"));
    }
    
    @Test
    public void serveStaticWithoutFileNameParam() {
        // Some empty headers for now...
        Map<String, String> headers = Maps.newHashMap();

        String response = ninjaTestBrowser.makeRequest(
            getServerAddress() + "robots.txt",
            headers);

        assertThat(response, containsString("User-agent: *"));
    }

}