Created
July 4, 2016 03:54
-
-
Save broccolinisoup/17c228689dd87f67c76dd93ca55855d1 to your computer and use it in GitHub Desktop.
RestLimitingFilterTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package org.zanata.rest; | |
import java.io.IOException; | |
import javax.enterprise.inject.Produces; | |
import javax.faces.bean.ApplicationScoped; | |
import javax.inject.Inject; | |
import javax.servlet.FilterChain; | |
import javax.servlet.ServletException; | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
import org.hibernate.Session; | |
import org.jglue.cdiunit.deltaspike.SupportDeltaspikeCore; | |
import org.junit.Before; | |
import org.junit.Test; | |
import org.junit.runner.RunWith; | |
import org.mockito.Answers; | |
import org.mockito.ArgumentCaptor; | |
import org.mockito.Captor; | |
import org.mockito.Mock; | |
import org.mockito.MockitoAnnotations; | |
import org.zanata.ZanataTest; | |
import org.zanata.limits.RateLimitManager; | |
import org.zanata.limits.RateLimitingProcessor; | |
import org.zanata.model.HAccount; | |
import org.zanata.security.annotations.Authenticated; | |
import org.zanata.test.CdiUnitRunner; | |
import org.zanata.util.HttpUtil; | |
import org.zanata.util.IServiceLocator; | |
import org.zanata.util.RunnableEx; | |
import org.zanata.util.ServiceLocator; | |
import static org.mockito.Mockito.*; | |
import static org.mockito.Mockito.doReturn; | |
/** | |
* @author Patrick Huang <a | |
* href="mailto:pahuang@redhat.com">pahuang@redhat.com</a> | |
*/ | |
@RunWith(CdiUnitRunner.class) | |
@SupportDeltaspikeCore | |
public class RestLimitingFilterTest extends ZanataTest { | |
//private RestLimitingFilter dispatcher; | |
private static final String API_KEY = "apiKey123"; | |
@Inject | |
RestLimitingFilter dispatcher; | |
@Produces @Mock(answer = Answers.RETURNS_DEEP_STUBS) | |
private HttpServletRequest request; | |
@Produces @Mock(answer = Answers.RETURNS_DEEP_STUBS) | |
private HttpServletResponse response; | |
@Produces @Mock | |
private RateLimitingProcessor processor; | |
@Captor | |
private ArgumentCaptor<RunnableEx> taskCaptor; | |
@Produces @Mock | |
private FilterChain filterChain; | |
private HAccount authenticatedUser; | |
@Produces @Mock @javax.enterprise.context.ApplicationScoped | |
private RateLimitManager rateLimitManager; | |
@Produces @Mock | |
private Session session; | |
@Produces | |
private IServiceLocator serviceLocator = ServiceLocator.instance(); | |
private String clientIP = "255.255.0.1"; | |
@Before | |
public void beforeMethod() throws ServletException, IOException { | |
when(request.getMethod()).thenReturn("GET"); | |
when(request.getHeader(HttpUtil.X_AUTH_TOKEN_HEADER)).thenReturn( | |
API_KEY); | |
//dispatcher = spy(new RestLimitingFilter(processor)); | |
// this way we can verify the task actually called super.invoke() | |
doNothing().when(filterChain).doFilter(request, response); | |
authenticatedUser = null; | |
} | |
@Produces | |
private @Authenticated HAccount getAuthenticatedUser() { | |
return authenticatedUser; | |
} | |
@Test | |
public void willUseAuthenticatedUserApiKeyIfPresent() throws Exception { | |
authenticatedUser = new HAccount(); | |
authenticatedUser.setApiKey("apiKeyInAuth"); | |
dispatcher.doFilter(request, response, filterChain); | |
verify(processor).processForApiKey(same("apiKeyInAuth"), same(response), | |
taskCaptor.capture()); | |
// verify task is calling filter chain | |
RunnableEx task = taskCaptor.getValue(); | |
task.run(); | |
verify(filterChain).doFilter(request, response); | |
} | |
@Test | |
public void willUseUsernameIfNoApiKeyButAuthenticated() throws Exception { | |
authenticatedUser = new HAccount(); | |
authenticatedUser.setUsername("admin"); | |
dispatcher.doFilter(request, response, filterChain); | |
verify(processor).processForUser(same("admin"), same(response), | |
taskCaptor.capture()); | |
// verify task is calling filter chain | |
RunnableEx task = taskCaptor.getValue(); | |
task.run(); | |
verify(filterChain).doFilter(request, response); | |
} | |
@Test | |
public void willThrowErrorWithPOSTAndNoApiKey() throws Exception { | |
when(request.getMethod()).thenReturn("POST"); | |
when(request.getHeader(HttpUtil.X_AUTH_TOKEN_HEADER)).thenReturn( | |
null); | |
when(request.getRequestURI()).thenReturn("/rest/in/peace"); | |
authenticatedUser = null; | |
dispatcher.doFilter(request, response, filterChain); | |
verify(response).setStatus(401); | |
verify(response).getOutputStream(); | |
verifyZeroInteractions(processor); | |
} | |
@Test | |
public void willProcessAnonymousWithGETAndNoApiKey() throws Exception { | |
when(request.getHeader(HttpUtil.X_AUTH_TOKEN_HEADER)).thenReturn(null); | |
when(request.getRequestURI()).thenReturn("/rest/in/peace"); | |
when(request.getRemoteAddr()).thenReturn(clientIP); | |
authenticatedUser = null; | |
dispatcher.doFilter(request, response, filterChain); | |
verify(processor).processForAnonymousIP(same(clientIP), same(response), | |
taskCaptor.capture()); | |
// verify task is calling filter chain | |
RunnableEx task = taskCaptor.getValue(); | |
task.run(); | |
verify(filterChain).doFilter(request, response); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment