/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.web.security.otp;
import org.junit.Before;
import org.junit.Test;
import javax.servlet.http.HttpServletRequest;
import java.util.UUID;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
public class OtpAuthenticationFilterTest {
private final static String UI_EXTENSION_AUTHENTICATED_USER = "ui-extension-token-authenticated-user";
private final static String UI_EXTENSION_TOKEN = "ui-extension-token";
private final static String DOWNLOAD_AUTHENTICATED_USER = "download-token-authenticated-user";
private final static String DOWNLOAD_TOKEN = "download-token";
private OtpAuthenticationFilter otpAuthenticationFilter;
@Before
public void setUp() throws Exception {
otpAuthenticationFilter = new OtpAuthenticationFilter();
}
@Test
public void testInsecureHttp() throws Exception {
final HttpServletRequest request = mock(HttpServletRequest.class);
when(request.isSecure()).thenReturn(false);
assertNull(otpAuthenticationFilter.attemptAuthentication(request));
}
@Test
public void testNoAccessToken() throws Exception {
final HttpServletRequest request = mock(HttpServletRequest.class);
when(request.isSecure()).thenReturn(true);
when(request.getParameter(OtpAuthenticationFilter.ACCESS_TOKEN)).thenReturn(null);
assertNull(otpAuthenticationFilter.attemptAuthentication(request));
}
@Test
public void testUnsupportedDownloadPath() throws Exception {
final HttpServletRequest request = mock(HttpServletRequest.class);
when(request.isSecure()).thenReturn(true);
when(request.getParameter(OtpAuthenticationFilter.ACCESS_TOKEN)).thenReturn("my-access-token");
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn("/flow/cluster/summary");
assertNull(otpAuthenticationFilter.attemptAuthentication(request));
}
@Test
public void testUiExtensionPath() throws Exception {
final HttpServletRequest request = mock(HttpServletRequest.class);
when(request.isSecure()).thenReturn(true);
when(request.getParameter(OtpAuthenticationFilter.ACCESS_TOKEN)).thenReturn(UI_EXTENSION_TOKEN);
when(request.getContextPath()).thenReturn("/nifi-update-attribute-ui");
final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
assertEquals(UI_EXTENSION_TOKEN, result.getToken());
assertFalse(result.isDownloadToken());
}
@Test
public void testProvenanceInputContentDownload() throws Exception {
final HttpServletRequest request = mock(HttpServletRequest.class);
when(request.isSecure()).thenReturn(true);
when(request.getParameter(OtpAuthenticationFilter.ACCESS_TOKEN)).thenReturn(DOWNLOAD_TOKEN);
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn("/provenance-events/0/content/input");
final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
assertEquals(DOWNLOAD_TOKEN, result.getToken());
assertTrue(result.isDownloadToken());
}
@Test
public void testProvenanceOutputContentDownload() throws Exception {
final HttpServletRequest request = mock(HttpServletRequest.class);
when(request.isSecure()).thenReturn(true);
when(request.getParameter(OtpAuthenticationFilter.ACCESS_TOKEN)).thenReturn(DOWNLOAD_TOKEN);
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn("/provenance-events/0/content/output");
final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
assertEquals(DOWNLOAD_TOKEN, result.getToken());
assertTrue(result.isDownloadToken());
}
@Test
public void testFlowFileContentDownload() throws Exception {
final String uuid = UUID.randomUUID().toString();
final HttpServletRequest request = mock(HttpServletRequest.class);
when(request.isSecure()).thenReturn(true);
when(request.getParameter(OtpAuthenticationFilter.ACCESS_TOKEN)).thenReturn(DOWNLOAD_TOKEN);
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn(String.format("/flowfile-queues/%s/flowfiles/%s/content", uuid, uuid));
final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
assertEquals(DOWNLOAD_TOKEN, result.getToken());
assertTrue(result.isDownloadToken());
}
@Test
public void testTemplateDownload() throws Exception {
final String uuid = UUID.randomUUID().toString();
final HttpServletRequest request = mock(HttpServletRequest.class);
when(request.isSecure()).thenReturn(true);
when(request.getParameter(OtpAuthenticationFilter.ACCESS_TOKEN)).thenReturn(DOWNLOAD_TOKEN);
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn(String.format("/templates/%s/download", uuid));
final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
assertEquals(DOWNLOAD_TOKEN, result.getToken());
assertTrue(result.isDownloadToken());
}
}