Implemented: a set of unit tests for the
ExternalLoginKeysManager.getExternalLoginKey(...) method.
Minor refactoring of the getExternalLoginKey(...) method to make it more
friendly to unit tests.
git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1776138 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
index c308ddd..fbe8e46 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
@@ -22,7 +22,6 @@
import org.apache.ofbiz.entity.Delegator;
import org.apache.ofbiz.entity.DelegatorFactory;
import org.apache.ofbiz.entity.GenericValue;
-import org.apache.ofbiz.entity.util.EntityUtilProperties;
import org.apache.ofbiz.service.LocalDispatcher;
import org.apache.ofbiz.webapp.WebAppUtil;
@@ -51,13 +50,6 @@
* @return the authentication token as persisted in the session and request objects
*/
public static String getExternalLoginKey(HttpServletRequest request) {
- Delegator delegator = (Delegator) request.getAttribute("delegator");
- boolean externalLoginKeyEnabled = "true".equals(EntityUtilProperties.getPropertyValue("security", "security.login.externalLoginKey.enabled", "true", delegator));
- if (!externalLoginKeyEnabled) {
- return null;
- }
- GenericValue userLogin = (GenericValue) request.getAttribute("userLogin");
-
String externalKey = (String) request.getAttribute(EXTERNAL_LOGIN_KEY_ATTR);
if (externalKey != null) return externalKey;
@@ -72,6 +64,7 @@
externalLoginKeys.remove(sesExtKey);
}
+ GenericValue userLogin = (GenericValue) request.getAttribute("userLogin");
//check the userLogin here, after the old session setting is set so that it will always be cleared
if (userLogin == null) return "";
diff --git a/framework/webapp/src/test/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManagerTests.java b/framework/webapp/src/test/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManagerTests.java
new file mode 100644
index 0000000..1a3dba0
--- /dev/null
+++ b/framework/webapp/src/test/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManagerTests.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ofbiz.webapp.control;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.apache.ofbiz.entity.GenericValue;
+import org.junit.Test;
+import static org.junit.Assert.*;
+import static org.mockito.Mockito.*;
+
+public class ExternalLoginKeysManagerTests {
+ @Test
+ public void getExternalLoginKeyReturnsKeyFromRequest() {
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getAttribute("externalLoginKey")).thenReturn("abcd");
+
+ String externalLoginKey = ExternalLoginKeysManager.getExternalLoginKey(request);
+
+ assertEquals("abcd", externalLoginKey);
+ }
+
+ @Test
+ public void getExternalLoginKeyReturnsEmptyKeyIfUserLoginIsNull() {
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpSession session = mock(HttpSession.class);
+ when(request.getSession()).thenReturn(session);
+
+ String externalLoginKey = ExternalLoginKeysManager.getExternalLoginKey(request);
+
+ assertEquals("", externalLoginKey);
+ }
+
+ @Test
+ public void getExternalLoginKeyReturnsKeyFromSessionForAjaxRequests() {
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getHeader("X-Requested-With")).thenReturn("XMLHttpRequest");
+ HttpSession session = mock(HttpSession.class);
+ when(session.getAttribute("externalLoginKey")).thenReturn("abcd");
+ when(request.getSession()).thenReturn(session);
+
+ String externalLoginKey = ExternalLoginKeysManager.getExternalLoginKey(request);
+
+ assertEquals("abcd", externalLoginKey);
+ }
+
+ @Test
+ public void getExternalLoginKeyGeneratesNewKey() {
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ GenericValue userLogin = new GenericValue();
+ when(request.getAttribute("userLogin")).thenReturn(userLogin);
+ HttpSession session = mock(HttpSession.class);
+ when(request.getSession()).thenReturn(session);
+
+ String externalLoginKey = ExternalLoginKeysManager.getExternalLoginKey(request);
+
+ assertTrue(externalLoginKey.startsWith("EL"));
+ verify(request).setAttribute("externalLoginKey", externalLoginKey);
+ verify(session).setAttribute("externalLoginKey", externalLoginKey);
+ }
+}
diff --git a/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/ScreenRenderer.java b/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/ScreenRenderer.java
index cb6021f..5da2627 100644
--- a/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/ScreenRenderer.java
+++ b/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/ScreenRenderer.java
@@ -46,6 +46,7 @@
import org.apache.ofbiz.entity.Delegator;
import org.apache.ofbiz.entity.GenericEntity;
import org.apache.ofbiz.entity.GenericValue;
+import org.apache.ofbiz.entity.util.EntityUtilProperties;
import org.apache.ofbiz.security.Security;
import org.apache.ofbiz.service.DispatchContext;
import org.apache.ofbiz.service.GenericServiceException;
@@ -257,7 +258,11 @@
context.put("contextRoot", request.getAttribute("_CONTEXT_ROOT_"));
context.put("serverRoot", request.getAttribute("_SERVER_ROOT_URL_"));
context.put("checkLoginUrl", LoginWorker.makeLoginUrl(request));
- String externalLoginKey = ExternalLoginKeysManager.getExternalLoginKey(request);
+ String externalLoginKey = null;
+ boolean externalLoginKeyEnabled = "true".equals(EntityUtilProperties.getPropertyValue("security", "security.login.externalLoginKey.enabled", "true", (Delegator) request.getAttribute("delegator")));
+ if (externalLoginKeyEnabled) {
+ externalLoginKey = ExternalLoginKeysManager.getExternalLoginKey(request);
+ }
String externalKeyParam = externalLoginKey == null ? "" : "&externalLoginKey=" + externalLoginKey;
context.put("externalLoginKey", externalLoginKey);
context.put("externalKeyParam", externalKeyParam);
