FormLoginIntegrationTests.java example

Explorer
uaa-master
/*******************************************************************************
 *     Cloud Foundry 
 *     Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved.
 *
 *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
 *     You may not use this product except in compliance with the License.
 *
 *     This product includes a number of subcomponents with
 *     separate copyright notices and license terms. Your use of these
 *     subcomponents is subject to the terms and conditions of the
 *     subcomponent's license, as noted in the LICENSE file.
 *******************************************************************************/
package org.cloudfoundry.identity.uaa.integration;

import org.apache.http.Header;
import org.apache.http.HttpHeaders;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;
import org.cloudfoundry.identity.uaa.ServerRunning;
import org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils;
import org.cloudfoundry.identity.uaa.test.TestAccountSetup;
import org.cloudfoundry.identity.uaa.test.UaaTestAccounts;
import org.cloudfoundry.identity.uaa.security.web.CookieBasedCsrfTokenRepository;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.springframework.http.MediaType;

import java.util.Arrays;
import java.util.List;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.springframework.http.HttpStatus.FOUND;
import static org.springframework.http.HttpStatus.OK;

public class FormLoginIntegrationTests {

    @Rule
    public ServerRunning serverRunning = ServerRunning.isRunning();

    private UaaTestAccounts testAccounts = UaaTestAccounts.standard(serverRunning);

    @Rule
    public TestAccountSetup testAccountSetup = TestAccountSetup.standard(serverRunning, testAccounts);

    Header header = new BasicHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML_VALUE);
    List<Header> headers = Arrays.asList(header);

    BasicCookieStore cookieStore = new BasicCookieStore();
    CloseableHttpClient httpclient;

    @Before
    public void createHttpClient() throws Exception {
        httpclient = HttpClients.custom()
            .setDefaultRequestConfig(RequestConfig.DEFAULT)
            .setDefaultHeaders(headers)
            .setDefaultCookieStore(cookieStore)
            .build();
    }

    @After
    public void closeClient() throws Exception {
        httpclient.close();
    }


    @Test
    public void testUnauthenticatedRedirect() throws Exception {
        String location = serverRunning.getBaseUrl() + "/";
        HttpGet httpget = new HttpGet(location);
        httpget.setConfig(
            RequestConfig.custom().setRedirectsEnabled(false).build()
        );
        CloseableHttpResponse response = httpclient.execute(httpget);
        assertEquals(FOUND.value(), response.getStatusLine().getStatusCode());
        location = response.getFirstHeader("Location").getValue();
        response.close();
        httpget.completed();
        assertTrue(location.contains("/login"));
    }

    @Test
    public void testSuccessfulAuthenticationFlow() throws Exception {
        //request home page /
        String location = serverRunning.getBaseUrl() + "/";
        HttpGet httpget = new HttpGet(location);
        CloseableHttpResponse response = httpclient.execute(httpget);

        assertEquals(OK.value(), response.getStatusLine().getStatusCode());

        String body = EntityUtils.toString(response.getEntity());
        EntityUtils.consume(response.getEntity());
        response.close();
        httpget.completed();

        assertTrue(body.contains("/login.do"));
        assertTrue(body.contains("username"));
        assertTrue(body.contains("password"));

        String csrf = IntegrationTestUtils.extractCookieCsrf(body);

        HttpUriRequest loginPost = RequestBuilder.post()
            .setUri(serverRunning.getBaseUrl() + "/login.do")
            .addParameter("username",testAccounts.getUserName())
            .addParameter("password",testAccounts.getPassword())
            .addParameter(CookieBasedCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, csrf)
            .build();

        response = httpclient.execute(loginPost);
        assertEquals(FOUND.value(), response.getStatusLine().getStatusCode());
        location = response.getFirstHeader("Location").getValue();
        response.close();

        httpget = new HttpGet(location);
        response = httpclient.execute(httpget);
        assertEquals(OK.value(), response.getStatusLine().getStatusCode());

        body = EntityUtils.toString(response.getEntity());
        response.close();
        assertTrue(body.contains("Sign Out"));
    }

}