mirror of
https://github.com/scm-manager/scm-manager.git
synced 2025-11-11 07:55:47 +01:00
Test things
This commit is contained in:
René Pfeuffer
@@ -21,8 +21,12 @@ import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
|
||||
import static java.util.Optional.empty;
|
||||
import static java.util.Optional.of;
|
||||
|
||||
@Priority(Filters.PRIORITY_POST_AUTHENTICATION)
|
||||
@WebElement(value = Filters.PATTERN_RESTAPI,
|
||||
morePatterns = { Filters.PATTERN_DEBUG })
|
||||
@@ -31,15 +35,13 @@ public class TokenRefreshFilter extends HttpFilter {
|
||||
private static final Logger LOG = LoggerFactory.getLogger(TokenRefreshFilter.class);
|
||||
|
||||
private final Set<WebTokenGenerator> tokenGenerators;
|
||||
private final AccessTokenCookieIssuer cookieIssuer;
|
||||
private final JwtAccessTokenRefresher refresher;
|
||||
private final AccessTokenResolver resolver;
|
||||
private final AccessTokenCookieIssuer issuer;
|
||||
|
||||
@Inject
|
||||
public TokenRefreshFilter(Set<WebTokenGenerator> tokenGenerators, AccessTokenCookieIssuer cookieIssuer, JwtAccessTokenRefresher refresher, AccessTokenResolver resolver, AccessTokenCookieIssuer issuer) {
|
||||
public TokenRefreshFilter(Set<WebTokenGenerator> tokenGenerators, JwtAccessTokenRefresher refresher, AccessTokenResolver resolver, AccessTokenCookieIssuer issuer) {
|
||||
this.tokenGenerators = tokenGenerators;
|
||||
this.cookieIssuer = cookieIssuer;
|
||||
this.refresher = refresher;
|
||||
this.resolver = resolver;
|
||||
this.issuer = issuer;
|
||||
@@ -47,29 +49,30 @@ public class TokenRefreshFilter extends HttpFilter {
|
||||
|
||||
@Override
|
||||
protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
|
||||
AuthenticationToken token = createToken(request);
|
||||
if (token != null && token instanceof BearerToken) {
|
||||
AccessToken accessToken = resolver.resolve((BearerToken) token);
|
||||
extractToken(request).ifPresent(token -> examineToken(request, response, token));
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
private Optional<BearerToken> extractToken(HttpServletRequest request) {
|
||||
for (WebTokenGenerator generator : tokenGenerators) {
|
||||
AuthenticationToken token = generator.createToken(request);
|
||||
if (token instanceof BearerToken) {
|
||||
return of((BearerToken) token);
|
||||
}
|
||||
}
|
||||
return empty();
|
||||
}
|
||||
|
||||
private void examineToken(HttpServletRequest request, HttpServletResponse response, BearerToken token) {
|
||||
AccessToken accessToken = resolver.resolve(token);
|
||||
if (accessToken instanceof JwtAccessToken) {
|
||||
refresher.refresh((JwtAccessToken) accessToken)
|
||||
.ifPresent(jwtAccessToken -> refreshToken(request, response, jwtAccessToken));
|
||||
}
|
||||
}
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
private void refreshToken(HttpServletRequest request, HttpServletResponse response, JwtAccessToken jwtAccessToken) {
|
||||
LOG.debug("refreshing authentication token");
|
||||
issuer.authenticate(request, response, jwtAccessToken);
|
||||
}
|
||||
|
||||
private AuthenticationToken createToken(HttpServletRequest request) {
|
||||
for (WebTokenGenerator generator : tokenGenerators) {
|
||||
AuthenticationToken token = generator.createToken(request);
|
||||
if (token != null) {
|
||||
return token;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,107 @@
|
||||
package sonia.scm.web.security;
|
||||
|
||||
import org.apache.shiro.authc.AuthenticationToken;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import sonia.scm.security.AccessTokenCookieIssuer;
|
||||
import sonia.scm.security.AccessTokenResolver;
|
||||
import sonia.scm.security.BearerToken;
|
||||
import sonia.scm.security.JwtAccessToken;
|
||||
import sonia.scm.security.JwtAccessTokenRefresher;
|
||||
import sonia.scm.web.WebTokenGenerator;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.util.Set;
|
||||
|
||||
import static java.util.Collections.singleton;
|
||||
import static java.util.Optional.of;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@ExtendWith({MockitoExtension.class})
|
||||
class TokenRefreshFilterTest {
|
||||
|
||||
@Mock
|
||||
private Set<WebTokenGenerator> tokenGenerators;
|
||||
@Mock
|
||||
private WebTokenGenerator tokenGenerator;
|
||||
@Mock
|
||||
private JwtAccessTokenRefresher refresher;
|
||||
@Mock
|
||||
private AccessTokenResolver resolver;
|
||||
@Mock
|
||||
private AccessTokenCookieIssuer issuer;
|
||||
|
||||
@InjectMocks
|
||||
private TokenRefreshFilter filter;
|
||||
|
||||
@Mock
|
||||
private HttpServletRequest request;
|
||||
@Mock
|
||||
private HttpServletResponse response;
|
||||
@Mock
|
||||
private FilterChain filterChain;
|
||||
|
||||
@BeforeEach
|
||||
void initGenerators() {
|
||||
when(tokenGenerators.iterator()).thenReturn(singleton(tokenGenerator).iterator());
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldContinueChain() throws IOException, ServletException {
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
verify(filterChain).doFilter(request, response);
|
||||
verify(issuer, never()).authenticate(any(), any(), any());
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldNotRefreshNonBearerToken() throws IOException, ServletException {
|
||||
AuthenticationToken token = mock(AuthenticationToken.class);
|
||||
when(tokenGenerator.createToken(request)).thenReturn(token);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
verify(issuer, never()).authenticate(any(), any(), any());
|
||||
verify(filterChain).doFilter(request, response);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldNotRefreshNonJwtToken() throws IOException, ServletException {
|
||||
BearerToken token = mock(BearerToken.class);
|
||||
JwtAccessToken jwtToken = mock(JwtAccessToken.class);
|
||||
when(tokenGenerator.createToken(request)).thenReturn(token);
|
||||
when(resolver.resolve(token)).thenReturn(jwtToken);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
verify(issuer, never()).authenticate(any(), any(), any());
|
||||
verify(filterChain).doFilter(request, response);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldRefreshIfRefreshable() throws IOException, ServletException {
|
||||
BearerToken token = mock(BearerToken.class);
|
||||
JwtAccessToken jwtToken = mock(JwtAccessToken.class);
|
||||
JwtAccessToken newJwtToken = mock(JwtAccessToken.class);
|
||||
when(tokenGenerator.createToken(request)).thenReturn(token);
|
||||
when(resolver.resolve(token)).thenReturn(jwtToken);
|
||||
when(refresher.refresh(jwtToken)).thenReturn(of(newJwtToken));
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
verify(issuer).authenticate(request, response, newJwtToken);
|
||||
verify(filterChain).doFilter(request, response);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user