LogoutCommandTest.java

/*
 * Copyright 2013-2017 Simba Open Source
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */
package org.simbasecurity.core.chain.session;

import static org.junit.Assert.*;
import static org.mockito.Matchers.isA;
import static org.mockito.Mockito.*;

import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Spy;
import org.mockito.runners.MockitoJUnitRunner;
import org.simbasecurity.api.service.thrift.ActionType;
import org.simbasecurity.api.service.thrift.SSOToken;
import org.simbasecurity.core.audit.Audit;
import org.simbasecurity.core.audit.AuditLogEvent;
import org.simbasecurity.core.audit.AuditLogEventCategory;
import org.simbasecurity.core.audit.AuditLogEventFactory;
import org.simbasecurity.core.audit.AuditMessages;
import org.simbasecurity.core.chain.ChainContext;
import org.simbasecurity.core.chain.Command.State;
import org.simbasecurity.core.domain.Session;
import org.simbasecurity.core.service.SessionService;

@RunWith(MockitoJUnitRunner.class)
public class LogoutCommandTest {

    private static final String CLIENT_IP = "127.0.0.1";
    private static final String USERNAME = "user1";

    @Mock private SessionService sessionService;
    @Mock private ChainContext chainContext;
    @Mock private Audit auditMock;

    @Spy private AuditLogEventFactory auditLogEventFactory;

    @InjectMocks
    private LogoutCommand logoutCommand;

    private ArgumentCaptor<AuditLogEvent> captor = ArgumentCaptor.forClass(AuditLogEvent.class);
    
    @Test
    public void onLogoutRequestRemoveSessionAndRedirectAndDeleteCookie() throws Exception {
        
    	SSOToken sSOToken = new SSOToken("token");
		when(chainContext.getUserName()).thenReturn(USERNAME);
		when(chainContext.getClientIpAddress()).thenReturn(CLIENT_IP);
		when(chainContext.isLogoutRequest()).thenReturn(true);
		
		Session sessionMock = mock(Session.class);
		when(chainContext.getCurrentSession()).thenReturn(sessionMock);
		when(chainContext.getRequestSSOToken()).thenReturn(sSOToken);
		
    	State state = logoutCommand.execute(chainContext);

        assertEquals(State.FINISH, state);
        verify(sessionService).removeSession(isA(Session.class));
        verify(chainContext).activateAction(ActionType.DELETE_COOKIE);
        verify(chainContext).redirectToLogout();
        verify(auditMock).log(captor.capture());
		AuditLogEvent resultAuditLogEvent = captor.getValue();
		
		assertEquals(AuditLogEventCategory.SESSION, resultAuditLogEvent.getCategory());
		assertEquals(AuditMessages.SUCCESS + AuditMessages.LOGGED_OUT + ": SSOToken="+sSOToken, resultAuditLogEvent.getMessage());
		
    }

    @Test
    public void continuesIfNotLogoutRequest() throws Exception {
        when(chainContext.isLogoutRequest()).thenReturn(false);

        State state = logoutCommand.execute(chainContext);

        assertEquals(State.CONTINUE, state);
    }
}