is a Java framework binding Vaadin web components to Java.
| VaadinConnectAccessCheckerTest.java (vaadin-flow-4.0.6) | : | VaadinConnectAccessCheckerTest.java (vaadin-flow-4.0.7) |
|---|
| | |
| skipping to change at line 41 | | skipping to change at line 41 |
|---|
| private HttpServletRequest requestMock; | | private HttpServletRequest requestMock; |
| private HttpSession sessionMock; | | private HttpSession sessionMock; |
| | |
| @Before | | @Before |
| public void before() { | | public void before() { |
| checker = new VaadinConnectAccessChecker(); | | checker = new VaadinConnectAccessChecker(); |
| requestMock = mock(HttpServletRequest.class); | | requestMock = mock(HttpServletRequest.class); |
| sessionMock = mock(HttpSession.class); | | sessionMock = mock(HttpSession.class); |
| when(sessionMock.getAttribute(VaadinService.getCsrfTokenAttributeName())
) | | when(sessionMock.getAttribute(VaadinService.getCsrfTokenAttributeName())
) |
| .thenReturn("Vaadin CCDM"); | | .thenReturn("Vaadin CCDM"); |
|
| when(requestMock.getSession()).thenReturn(sessionMock); | | when(requestMock.getSession(false)).thenReturn(sessionMock); |
| when(requestMock.getUserPrincipal()).thenReturn(mock(Principal.class)); | | when(requestMock.getUserPrincipal()).thenReturn(mock(Principal.class)); |
| when(requestMock.getHeader("X-CSRF-Token")) | | when(requestMock.getHeader("X-CSRF-Token")) |
| .thenReturn("Vaadin CCDM"); | | .thenReturn("Vaadin CCDM"); |
| when(requestMock.isUserInRole("ROLE_USER")).thenReturn(true); | | when(requestMock.isUserInRole("ROLE_USER")).thenReturn(true); |
| } | | } |
| | |
| private void createAnonymousContext() { | | private void createAnonymousContext() { |
| when(requestMock.getUserPrincipal()).thenReturn(null); | | when(requestMock.getUserPrincipal()).thenReturn(null); |
| } | | } |
| | |
| private void createDifferentSessionToken() { | | private void createDifferentSessionToken() { |
| when(sessionMock.getAttribute(VaadinService.getCsrfTokenAttributeName())
) | | when(sessionMock.getAttribute(VaadinService.getCsrfTokenAttributeName())
) |
| .thenReturn("CCDM Token"); | | .thenReturn("CCDM Token"); |
| } | | } |
| | |
| private void createNullTokenContextInHeaderRequest() { | | private void createNullTokenContextInHeaderRequest() { |
| when(requestMock.getHeader("X-CSRF-Token")) | | when(requestMock.getHeader("X-CSRF-Token")) |
| .thenReturn(null); | | .thenReturn(null); |
| } | | } |
| | |
|
| | private void createNullTokenSession() { |
| | when(sessionMock.getAttribute(VaadinService.getCsrfTokenAttributeName()) |
| | ).thenReturn(null); |
| | } |
| | |
| | private void createNullSession() { |
| | when(requestMock.getSession(false)).thenReturn(null); |
| | when(requestMock.getSession()).thenReturn(null); |
| | } |
| | |
| private void shouldPass(Class<?> test) throws Exception { | | private void shouldPass(Class<?> test) throws Exception { |
| Method method = test.getMethod("test"); | | Method method = test.getMethod("test"); |
| assertNull(checker.check(method, requestMock)); | | assertNull(checker.check(method, requestMock)); |
| } | | } |
| | |
| private void shouldFail(Class<?> test) throws Exception { | | private void shouldFail(Class<?> test) throws Exception { |
| Method method = test.getMethod("test"); | | Method method = test.getMethod("test"); |
| assertNotNull(checker.check(method, requestMock)); | | assertNotNull(checker.check(method, requestMock)); |
| } | | } |
| | |
| | |
| skipping to change at line 83 | | skipping to change at line 92 |
|---|
| public void should_fail_When_not_having_token_in_headerRequest() throws Exce
ption { | | public void should_fail_When_not_having_token_in_headerRequest() throws Exce
ption { |
| class Test { | | class Test { |
| public void test() { | | public void test() { |
| } | | } |
| } | | } |
| createNullTokenContextInHeaderRequest(); | | createNullTokenContextInHeaderRequest(); |
| shouldFail(Test.class); | | shouldFail(Test.class); |
| } | | } |
| | |
| @Test | | @Test |
|
| | public void should_fail_When_not_having_token_in_session_but_have_token_in_r |
| | equest_header() throws Exception { |
| | class Test { |
| | public void test() { |
| | } |
| | } |
| | createNullTokenSession(); |
| | shouldFail(Test.class); |
| | } |
| | |
| | @Test |
| | public void should_fail_When_not_having_token_in_session_but_have_token_in_r |
| | equest_header_And_AnonymousAllowed() throws Exception { |
| | @AnonymousAllowed |
| | class Test { |
| | public void test() { |
| | } |
| | } |
| | createNullTokenSession(); |
| | shouldFail(Test.class); |
| | } |
| | |
| | @Test |
| | public void should_pass_When_not_having_session_And_not_having_token_in_requ |
| | est_header() throws Exception { |
| | class Test { |
| | public void test() { |
| | } |
| | } |
| | createNullSession(); |
| | createNullTokenContextInHeaderRequest(); |
| | shouldPass(Test.class); |
| | } |
| | |
| | @Test |
| | public void should_pass_When_not_having_session_And_not_having_token_in_requ |
| | est_header_And_AnonymousAllowed() throws Exception { |
| | @AnonymousAllowed |
| | class Test { |
| | public void test() { |
| | } |
| | } |
| | createNullSession(); |
| | createNullTokenContextInHeaderRequest(); |
| | shouldPass(Test.class); |
| | } |
| | |
| | @Test |
| public void should_pass_When_csrf_disabled() throws Exception { | | public void should_pass_When_csrf_disabled() throws Exception { |
| class Test { | | class Test { |
| public void test() { | | public void test() { |
| } | | } |
| } | | } |
| createNullTokenContextInHeaderRequest(); | | createNullTokenContextInHeaderRequest(); |
| checker.enableCsrf(false); | | checker.enableCsrf(false); |
| shouldPass(Test.class); | | shouldPass(Test.class); |
| } | | } |
| | |
| | |
| skipping to change at line 104 | | skipping to change at line 157 |
|---|
| public void should_fail_When_having_different_token_between_session_and_head
erRequest() throws Exception { | | public void should_fail_When_having_different_token_between_session_and_head
erRequest() throws Exception { |
| class Test { | | class Test { |
| public void test() { | | public void test() { |
| } | | } |
| } | | } |
| createDifferentSessionToken(); | | createDifferentSessionToken(); |
| shouldFail(Test.class); | | shouldFail(Test.class); |
| } | | } |
| | |
| @Test | | @Test |
|
| | public void should_fail_When_having_different_token_between_session_and_head |
| | erRequest_and_NoAuthentication_AnonymousAllowed() throws Exception { |
| | class Test { |
| | @AnonymousAllowed |
| | public void test() { |
| | } |
| | } |
| | createAnonymousContext(); |
| | createDifferentSessionToken(); |
| | shouldFail(Test.class); |
| | } |
| | |
| | @Test |
| public void should_Fail_When_NoAuthentication() throws Exception { | | public void should_Fail_When_NoAuthentication() throws Exception { |
| class Test { | | class Test { |
| public void test() { | | public void test() { |
| } | | } |
| } | | } |
| createAnonymousContext(); | | createAnonymousContext(); |
| shouldFail(Test.class); | | shouldFail(Test.class); |
| } | | } |
| | |
| @Test | | @Test |
| | | |
| End of changes. 4 change blocks. |
|---|
| 1 lines changed or deleted | | 72 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 