AuthenticationServiceTest.java example

Explorer

hmac-auth-master
- hmac-auth-cli
  - src
    - main
      - java
        de
        otto
        hmac
        cli
        Churl.java
        Configuration.java
- hmac-auth-common
  - src
    - main
      - java
        de
        otto
        hmac
        HmacAttributes.java
        StringUtils.java
        authentication
        RequestSigningUtil.java
        WrappedOutputStream.java
        WrappedOutputStreamContext.java
        WrappedRequest.java
        WrappedServletInputStream.java
    - test
      - java
        de
        otto
        hmac
        authentication
        RequestSigningUtilTest.java
        WrappedOutputStreamTest.java
        WrappedRequestTest.java
- hmac-auth-jersey-client
  - src
    - main
      - java
        de
        otto
        hmac
        authentication
        jersey
        HMACJerseyClient.java
        filter
        HMACJerseyClientFilter.java
        HMACJerseyClientRequestAdapter.java
        JerseyWrappedOutputStreamContext.java
    - test
      - java
        de
        otto
        hmac
        authentication
        jersey
        HMACJerseyClientTest.java
        filter
        HMACJerseyClientFilterTest.java
        HMACJerseyClientRequestAdapterTest.java
- hmac-auth-jersey2-client
  - src
    - main
      - java
        de
        otto
        hmac
        authentication
        jersey2
        filter
        HmacJersey2ClientRequestFilter.java
        Jersey2WrappedOutputStreamContext.java
        package-info.java
    - test
      - java
        de
        otto
        hmac
        authentication
        jersey2
        test
        JerseyServletTest.java
        de.otto.hmac.authentication.jersey2.filter
        HmacJersey2WriterInterceptorTest.java
- hmac-auth-proxy
  - src
    - main
      - java
        de
        otto
        hmac
        proxy
        CLIParameterToConfigurationReader.java
        ProxyConfiguration.java
        ProxyResource.java
        ProxyServer.java
    - test
      - java
        de
        otto
        hmac
        proxy
        CLIParameterToConfigurationReaderTest.java
        ProxyResourceTest.java
- hmac-auth-server
  - src
    - main
      - java
        de
        otto
        hmac
        DefaultHmacConfiguration.java
        authentication
        AuthenticationFilter.java
        AuthenticationResult.java
        AuthenticationService.java
        HmacRequest.java
        UserRepository.java
        authorization
        AllowedForRoles.java
        AuthorizationException.java
        AuthorizationService.java
        DefaultAuthorizationService.java
        HmacConfiguration.java
        RoleRepository.java
        RolesAuthorizationAspect.java
        repository
        FileSystemUserRepository.java
        PropertyUserRepository.java
        UserCredentials.java
        UserCredentialsList.java
    - test
      - java
        de
        otto
        hmac
        authentication
        AuthenticationFilterTest.java
        AuthenticationServiceTest.java
        RequestSigningFixture.java
        authorization
        DefaultAuthorizationServiceTest.java
        repository
        FileSystemUserRepositoryTest.java
        PropertyUserRepositoryTest.java
- hmac-auth-server-spring
  - src
    - main
      - java
        de
        otto
        hmac
        SpringConfiguration.java

package de.otto.hmac.authentication;

import org.mockito.Mockito;
import org.springframework.mock.web.MockHttpServletRequest;
import org.testng.annotations.Test;

import java.time.Clock;
import java.time.Instant;

import static de.otto.hmac.authentication.AuthenticationResult.Status.FAIL;
import static de.otto.hmac.authentication.AuthenticationResult.Status.SUCCESS;
import static de.otto.hmac.authentication.WrappedRequest.wrap;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.nullValue;
import static org.mockito.Matchers.eq;

@Test
public class AuthenticationServiceTest {

    @Test
    public void shouldAcceptValidRequest() throws Exception {

        MockHttpServletRequest request = new MockHttpServletRequest("PUT", "some/URI");
        request.addHeader("x-hmac-auth-date", Instant.now().toString());

        request.setContent("{ \"key\": \"value\"}".getBytes());
        String requestSignatur = RequestSigningUtil.createRequestSignature(wrap(request), "secretKey");

        request.addHeader("x-hmac-auth-signature", "username:" + requestSignatur);


        AuthenticationResult result = authService().validate(wrap(request));

        assertThat(result.getStatus(), is(SUCCESS));
        assertThat(result.getUsername(), is("username"));

    }

    @Test
    public void shouldRejectRequestIfUserUnknown() throws Exception {
        MockHttpServletRequest request = new MockHttpServletRequest("PUT", "some/URI");
        request.addHeader("x-hmac-auth-date", Instant.now().toString());

        String body = "{ \"key\": \"value\"}";
        request.setContent(body.getBytes());

        String signature = RequestSigningFixture.createSignature(wrap(request), "unknownUser", "secretKey");
        request.addHeader("x-hmac-auth-signature", signature);

        AuthenticationResult result = authService().validate(wrap(request));

        assertThat(result.getStatus(), is(FAIL));
        assertThat(result.getUsername(), is(nullValue()));

    }

    private AuthenticationService authService() {
        UserRepository userRepository = Mockito.mock(UserRepository.class);
        Mockito.when(userRepository.getKey(eq("username"))).thenReturn("secretKey");

        AuthenticationService service = new AuthenticationService(userRepository, Clock.systemUTC());
        return service;
    }


}