src/test/java/org/apache/sling/testing/FormBasedAuthInterceptorTest.java - sling-org-apache-sling-testing-clients - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements. See the NOTICE file distributed with this
  * work for additional information regarding copyright ownership. The ASF
  * licenses this file to You under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  * License for the specific language governing permissions and limitations under
  * the License.
  */
 package org.apache.sling.testing;

 import org.apache.http.cookie.Cookie;
 import org.apache.http.entity.StringEntity;
 import org.apache.sling.testing.clients.HttpServerRule;
 import org.apache.sling.testing.clients.SlingClient;
 import org.apache.sling.testing.clients.interceptors.FormBasedAuthInterceptor;
 import org.junit.Assert;
 import org.junit.ClassRule;
 import org.junit.Test;

 import java.util.Date;
 import java.util.Optional;

 import static org.hamcrest.CoreMatchers.is;

 public class FormBasedAuthInterceptorTest {

     private static final String LOGIN_COOKIE_NAME = "login-token";
     private static final String LOGIN_COOKIE_VALUE = "testvalue";
     private static final String OK_PATH = "/test/ok";
     private static final String LOGIN_OK_PATH = OK_PATH + "/j_security_check";
     private static final String UNAUTHORIZED_PATH = "/test/unauthorized";
     private static final String LOGIN_OK_RESPONSE = "TEST_OK LOGIN";
     private static final String UNAUTHORIZED_RESPONSE = "TEST_UNAUTHORIZED";

     @ClassRule
     public static HttpServerRule httpServer = new HttpServerRule() {
         @Override
         protected void registerHandlers() {
             serverBootstrap.registerHandler(LOGIN_OK_PATH, (request, response, context) -> {
                 response.setEntity(new StringEntity(LOGIN_OK_RESPONSE));
                 response.setStatusCode(200);
                 response.setHeader("set-cookie", LOGIN_COOKIE_NAME + "=" + LOGIN_COOKIE_VALUE +
                         "; Path=/; HttpOnly; Max-Age=3600; Secure; SameSite=Lax");
             });
             serverBootstrap.registerHandler(UNAUTHORIZED_PATH, (request, response, context) -> {
                 response.setEntity(new StringEntity(UNAUTHORIZED_RESPONSE));
                 response.setStatusCode(401);
             });
         }
     };

     @Test
     public void testLoginToken() throws Exception {
         FormBasedAuthInterceptor interceptor = new FormBasedAuthInterceptor(LOGIN_COOKIE_NAME);
         SlingClient c = SlingClient.Builder.create(httpServer.getURI(), "user", "pass")
                 .addInterceptorLast(interceptor).build();

         // Make sure cookie is stored
         c.doGet(LOGIN_OK_PATH, 200);
         Optional<Cookie> loginCookie = getLoginCookie(c);
         Assert.assertThat("login token cookie should be stored on the client config",
                 loginCookie.isPresent(), is(true));
         Assert.assertThat("login token cookie should not be expired",
                 loginCookie.get().isExpired(new Date()), is(false));

         c.doGet(UNAUTHORIZED_PATH, 401);
         loginCookie = getLoginCookie(c);
         Assert.assertThat("login token cookie should be forced removed from the client config",
                 loginCookie.isPresent(), is(false));
     }

     private static Optional<Cookie> getLoginCookie(SlingClient c) {
         return c.getCookieStore().getCookies().stream().filter(
                 cookie -> LOGIN_COOKIE_NAME.equals(cookie.getName())).findFirst();
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with this
	* work for additional information regarding copyright ownership. The ASF
	* licenses this file to You under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	* License for the specific language governing permissions and limitations under
	* the License.
	*/
	package org.apache.sling.testing;

	import org.apache.http.cookie.Cookie;
	import org.apache.http.entity.StringEntity;
	import org.apache.sling.testing.clients.HttpServerRule;
	import org.apache.sling.testing.clients.SlingClient;
	import org.apache.sling.testing.clients.interceptors.FormBasedAuthInterceptor;
	import org.junit.Assert;
	import org.junit.ClassRule;
	import org.junit.Test;

	import java.util.Date;
	import java.util.Optional;

	import static org.hamcrest.CoreMatchers.is;

	public class FormBasedAuthInterceptorTest {

	private static final String LOGIN_COOKIE_NAME = "login-token";
	private static final String LOGIN_COOKIE_VALUE = "testvalue";
	private static final String OK_PATH = "/test/ok";
	private static final String LOGIN_OK_PATH = OK_PATH + "/j_security_check";
	private static final String UNAUTHORIZED_PATH = "/test/unauthorized";
	private static final String LOGIN_OK_RESPONSE = "TEST_OK LOGIN";
	private static final String UNAUTHORIZED_RESPONSE = "TEST_UNAUTHORIZED";

	@ClassRule
	public static HttpServerRule httpServer = new HttpServerRule() {
	@Override
	protected void registerHandlers() {
	serverBootstrap.registerHandler(LOGIN_OK_PATH, (request, response, context) -> {
	response.setEntity(new StringEntity(LOGIN_OK_RESPONSE));
	response.setStatusCode(200);
	response.setHeader("set-cookie", LOGIN_COOKIE_NAME + "=" + LOGIN_COOKIE_VALUE +
	"; Path=/; HttpOnly; Max-Age=3600; Secure; SameSite=Lax");
	});
	serverBootstrap.registerHandler(UNAUTHORIZED_PATH, (request, response, context) -> {
	response.setEntity(new StringEntity(UNAUTHORIZED_RESPONSE));
	response.setStatusCode(401);
	});
	}
	};

	@Test
	public void testLoginToken() throws Exception {
	FormBasedAuthInterceptor interceptor = new FormBasedAuthInterceptor(LOGIN_COOKIE_NAME);
	SlingClient c = SlingClient.Builder.create(httpServer.getURI(), "user", "pass")
	.addInterceptorLast(interceptor).build();

	// Make sure cookie is stored
	c.doGet(LOGIN_OK_PATH, 200);
	Optional<Cookie> loginCookie = getLoginCookie(c);
	Assert.assertThat("login token cookie should be stored on the client config",
	loginCookie.isPresent(), is(true));
	Assert.assertThat("login token cookie should not be expired",
	loginCookie.get().isExpired(new Date()), is(false));

	c.doGet(UNAUTHORIZED_PATH, 401);
	loginCookie = getLoginCookie(c);
	Assert.assertThat("login token cookie should be forced removed from the client config",
	loginCookie.isPresent(), is(false));
	}

	private static Optional<Cookie> getLoginCookie(SlingClient c) {
	return c.getCookieStore().getCookies().stream().filter(
	cookie -> LOGIN_COOKIE_NAME.equals(cookie.getName())).findFirst();
	}

	}