UsernamePasswordAuthenticationCredentialsUnitTest.java

/*
 * Zed Attack Proxy (ZAP) and its related class files.
 *
 * ZAP is an HTTP/HTTPS proxy for assessing web application security.
 *
 * Copyright 2016 The ZAP Development Team
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.zaproxy.zap.authentication;

import net.sf.json.JSON;
import org.junit.Before;
import org.junit.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.equalToIgnoringCase;
import static org.hamcrest.Matchers.allOf;
import static org.hamcrest.Matchers.containsString;

import org.zaproxy.zap.extension.api.ApiResponse;

import java.util.Arrays;
import java.util.List;

/**
 * @author Vahid Rafiei (@vahid_r)
 */
public class UsernamePasswordAuthenticationCredentialsUnitTest {

    private UsernamePasswordAuthenticationCredentials usernamePasswordAuthenticationCredentials;
    private UsernamePasswordAuthenticationCredentials notConfiguredInstance;
    private String username = "myUser";
    private String password = "myPass";

    @Before
    public void setUp() {
        this.usernamePasswordAuthenticationCredentials = new UsernamePasswordAuthenticationCredentials(username, password);
        this.notConfiguredInstance = new UsernamePasswordAuthenticationCredentials();
    }

    @Test
    public void shouldBeConfiguredIfUsernameAndPasswordAreNotNull() {
        // Given/When
        boolean isConfigured = usernamePasswordAuthenticationCredentials.isConfigured();

        // Then
        assertThat(isConfigured, is(true));
    }

    @Test
    public void shouldNotBeConfiguredIfUsernameAndPasswordAreNull() {
        // Given/When
        boolean isConfigured = notConfiguredInstance.isConfigured();

        // Then
        assertThat(isConfigured, is(false));
    }

    @Test
    public void shouldNotBeConfiguredIfPasswordIsNull() {
        // Given
        UsernamePasswordAuthenticationCredentials credentials = new UsernamePasswordAuthenticationCredentials(username, null);
        // When
        boolean isConfigured = notConfiguredInstance.isConfigured();
        // Then
        assertThat(isConfigured, is(false));
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldThrowExceptionWhileEncodeWithFieldSeparator() {
        // Given
        String fieldSeparator = "~";
        usernamePasswordAuthenticationCredentials = new UsernamePasswordAuthenticationCredentials(username, password);

        // When
        usernamePasswordAuthenticationCredentials.encode(fieldSeparator);

        // Then throw IllegalArgumentException
    }

    @Test
    public void shouldEncodeMethodReturnNullPatternIfUsernameIsNull() {
        // Given
        String nullPattern = "AA==";
        username = null;
        password = "something";
        String stringSeparator = "|";
        usernamePasswordAuthenticationCredentials = new UsernamePasswordAuthenticationCredentials(username, password);

        // When
        String encodedResult = usernamePasswordAuthenticationCredentials.encode(stringSeparator);

        // Then
        assertThat(encodedResult, is(nullPattern));
    }

    @Test
    public void shouldEncodeUsernameAndPasswordWithTheCorrectFieldSeparator() {
        // Given
        List<String> someCorrectSeparators = Arrays.asList("-", "|", "/", "\\", "+");

        // When/Then
        for (String correctSeparator : someCorrectSeparators) {
            String encodedUsernamePassword = usernamePasswordAuthenticationCredentials.encode(correctSeparator);

            assertThat(String.format("Failed to encode with '%s'", correctSeparator), encodedUsernamePassword, notNullValue());
            assertThat(
                    String.format("Failed to properly encode with '%s'", correctSeparator),
                    encodedUsernamePassword,
                    is("bXlVc2Vy~bXlQYXNz~"));
        }
    }

    @Test
    public void shouldApiResponseRepresentationReturnApiResponseWithValidNameAndJsonFormat() {
        // Given/When
        ApiResponse apiResponse = usernamePasswordAuthenticationCredentials.getApiResponseRepresentation();
        JSON jsonRepresentation = apiResponse.toJSON();

        // Then
        assertThat(apiResponse, notNullValue());
        assertThat(apiResponse.getName(), equalToIgnoringCase("credentials"));
        assertThat(jsonRepresentation.toString(), allOf(
                containsString("username"),
                containsString(username),
                containsString("password"),
                containsString(password),
                containsString("type"),
                containsString("UsernamePasswordAuthenticationCredentials")));

    }
}