CSRFTokenTest.java example

Explorer

bennu-master
- bennu-cas-client
  - src
    - main
      - java
        org
        fenixedu
        bennu
        cas
        client
        CASClientConfiguration.java
        CASLoginProvider.java
        api
        CASResource.java
        servlet
        CASClientInitializer.java
- bennu-core
  - src
    - main
      - java
        org
        fenixedu
        bennu
        core
        annotation
        BennuCoreAnnotationInitializer.java
        DefaultJsonAdapter.java
        GroupArgument.java
        GroupArgumentParser.java
        GroupOperator.java
        api
        BootstrapResource.java
        CheckIsAliveResource.java
        DomainBrowserResource.java
        GroupResource.java
        LogbackResource.java
        ProfileResource.java
        SystemResource.java
        UserResource.java
        json
        AuthenticatedUserViewer.java
        BigIntegerJsonAdapter.java
        DateTimeViewer.java
        DomainObjectViewer.java
        FenixFrameworkProjectViewer.java
        GroupJsonAdapter.java
        JarFileViewer.java
        KeyValuePropertiesViewer.java
        LocaleJsonAdapter.java
        LocalizedStringViewer.java
        ObjectNameViewer.java
        PropertiesViewer.java
        StringJsonAdapter.java
        UserJsonAdapter.java
        bootstrap
        AdminUserBootstrapper.java
        BootstrapError.java
        BootstrapFilter.java
        BootstrapperRegistry.java
        SectionInvocationHandler.java
        SectionsBootstrapper.java
        annotations
        Bootstrap.java
        Bootstrapper.java
        Field.java
        FieldType.java
        Section.java
        domain
        Avatar.java
        Bennu.java
        BennuGroupIndex.java
        NameIndex.java
        NashornStrategy.java
        User.java
        UserLoginPeriod.java
        UserProfile.java
        exceptions
        AuthorizationException.java
        BennuCoreDomainException.java
        DomainException.java
        InvalidJsonException.java
        groups
        GroupConstant.java
        GroupGC.java
        PersistentAnonymousGroup.java
        PersistentAnyoneGroup.java
        PersistentDifferenceGroup.java
        PersistentDynamicGroup.java
        PersistentGroup.java
        PersistentGroupStrategy.java
        PersistentIntersectionGroup.java
        PersistentLoggedGroup.java
        PersistentNegationGroup.java
        PersistentNobodyGroup.java
        PersistentUnionGroup.java
        PersistentUserGroup.java
        groups
        AnonymousGroup.java
        AnyoneGroup.java
        ArgumentParser.java
        CustomGroup.java
        CustomGroupRegistry.java
        DifferenceGroup.java
        DynamicGroup.java
        Group.java
        GroupParser.java
        GroupStrategy.java
        IntersectionGroup.java
        LoggedGroup.java
        NegationGroup.java
        NobodyGroup.java
        UnionGroup.java
        UserGroup.java
        i18n
        BundleUtil.java
        I18NFilter.java
        json
        BennuCoreJsonException.java
        DefaultNotAvailableException.java
        JsonAdapter.java
        JsonBuilder.java
        JsonCreator.java
        JsonUpdater.java
        JsonUtils.java
        JsonViewer.java
        TableRegistry.java
        rest
        BennuJerseyRestApplication.java
        BennuRestResource.java
        ConsistencyExceptionMapper.java
        DomainExceptionMapper.java
        DomainObjectParamConverter.java
        Healthcheck.java
        JsonAwareResource.java
        JsonBodyReaderWriter.java
        JsonParamConverterProvider.java
        NotFoundExceptionMapper.java
        ThrowableExceptionMapper.java
        security
        Authenticate.java
        CSRFApiProtectionFilter.java
        CSRFFeature.java
        SetUserViewFilter.java
        SkipCSRF.java
        UserAuthenticationListener.java
        servlet
        BennuCoreContextListener.java
        CharsetEncodingFilter.java
        CloseTransactionFilter.java
        ExceptionHandlerFilter.java
        StaticCacheFilter.java
        signals
        DomainObjectEvent.java
        HandlerRegistration.java
        Signal.java
        SignalEventBus.java
        util
        ClassInternalizer.java
        CoreConfiguration.java
        ModuleMapper.java
        TransactionalThread.java
- bennu-io
  - src
    - main
      - java
        org
        fenixedu
        bennu
        io
        api
        FileStorageResource.java
        StorageConfigurationResource.java
        json
        FileStorageAdapter.java
        FileStorageConfigurationAdapter.java
        LocalFileSystemStorageAdapter.java
        domain
        DomainStorage.java
        FileDeleterThread.java
        FileRawData.java
        FileStorage.java
        FileStorageConfiguration.java
        FileSupport.java
        GenericFile.java
        GroupBasedFile.java
        LocalFileSystemStorage.java
        LocalFileToDelete.java
        servlet
        BennuIOContextListener.java
        FileDownloadServlet.java
        util
        DownloadUtil.java
- bennu-maven-plugin
  - src
    - main
      - java
        org
        fenixedu
        bennu
        maven
        GenerateConfigurationMojo.java
- bennu-oauth
  - src
    - main
      - java
        bootstrap
        OAuthBootstrapper.java
        org
        fenixedu
        bennu
        oauth
        OAuthProperties.java
        annotation
        OAuthEndpoint.java
        api
        ExternalApplicationAuthorizationResources.java
        ExternalApplicationAuthorizationSessionResources.java
        ExternalApplicationResource.java
        ExternalApplicationScopesResource.java
        OAuthAuthorizationProvider.java
        ServiceApplicationResource.java
        json
        ExternalApplicationAdapter.java
        ExternalApplicationAuthorizationAdapter.java
        ExternalApplicationAuthorizationSessionAdapter.java
        ExternalApplicationForManagersAdapter.java
        ExternalApplicationScopeAdapter.java
        ExternalApplicationUsersAdapter.java
        ServiceApplicationAdapter.java
        domain
        ApplicationUserAuthorization.java
        ApplicationUserSession.java
        ExternalApplication.java
        ExternalApplicationScope.java
        ExternalApplicationState.java
        ServiceApplication.java
        ServiceApplicationAuthorization.java
        jaxrs
        BennuOAuthAuthorizationFilter.java
        BennuOAuthFeature.java
        servlets
        OAuthAuthorizationServlet.java
        OAuthContextListener.java
        test
        TestResource.java
        util
        OAuthUtils.java
- bennu-portal
  - src
    - main
      - java
        org
        fenixedu
        bennu
        alerts
        Alert.java
        AlertType.java
        FlashMap.java
        FlashMapManager.java
        RedirectAttributes.java
        portal
        BennuPortalConfiguration.java
        api
        MenuResource.java
        PortalConfigurationResource.java
        PortalDataResource.java
        json
        ApplicationAdapter.java
        FunctionalityAdapter.java
        MenuItemAdapter.java
        PortalConfigurationAdapter.java
        PortalMenuViewer.java
        UserMenuViewer.java
        client
        ClientSidePortalBackend.java
        ClientSiteBackendInitilizer.java
        domain
        BennuPortalDomainException.java
        MenuContainer.java
        MenuFunctionality.java
        MenuItem.java
        PortalBootstrapper.java
        PortalConfiguration.java
        login
        LoginProvider.java
        model
        Application.java
        ApplicationRegistry.java
        Functionality.java
        servlet
        BennuPortalDispatcher.java
        ForwarderPortalBackend.java
        LazyForTokenParser.java
        PortalBackend.java
        PortalBackendRegistry.java
        PortalBean.java
        PortalDevModeExceptionHandler.java
        PortalExceptionHandler.java
        PortalExtension.java
        PortalInitializer.java
        PortalLayoutInjector.java
        PortalLoginServlet.java
        PortalLogoutFilter.java
        PortalResponseWrapper.java
        RedirectPortalBackend.java
        SemanticURLHandler.java
- bennu-scheduler
  - src
    - main
      - java
        org
        fenixedu
        bennu
        scheduler
        CronTask.java
        SchedulerConfiguration.java
        TaskRunner.java
        annotation
        Task.java
        api
        CustomTaskResource.java
        ExecutionLogResource.java
        ScheduleResource.java
        SchedulerConfigResource.java
        TaskResource.java
        json
        ExecutionLogJsonAdapter.java
        SchedulerSystemAdapter.java
        SimpleExecutionLogJsonAdapter.java
        TaskScheduleJsonAdapter.java
        custom
        ClassBean.java
        CustomTask.java
        domain
        ProcessQueue.java
        SchedulerSystem.java
        TaskSchedule.java
        example
        ExampleTask.java
        HourTask.java
        LoggingTask.java
        log
        ExecutionLog.java
        ExecutionLogRepository.java
        FileSystemLogRepository.java
        servlet
        SchedulerContextListener.java
        SchedulerTaskAnnotationProcessor.java
    - test
      - java
        org
        fenixedu
        bennu
        scheduler
        log
        ExecutionLogTest.java
        FileSystemLogRepositoryTest.java
- bennu-spring
  - src
    - main
      - java
        org
        fenixedu
        bennu
        spring
        BennuSpringConfiguration.java
        BennuSpringInitializer.java
        BennuSpringModule.java
        DomainObjectConverter.java
        I18NBean.java
        converters
        LocalizedStringConverter.java
        UserFromUsernameConverter.java
        portal
        BennuSpringController.java
        PortalHandlerInterceptor.java
        PortalHandlerMapping.java
        PortalHandlerMethod.java
        SpringApplication.java
        SpringFunctionality.java
        SpringPortalBackend.java
        resolvers
        AuthenticatedUserArgumentResolver.java
        BennuSpringExceptionResolver.java
        security
        CSRFInterceptor.java
        CSRFToken.java
        CSRFTokenBean.java
        CSRFTokenRepository.java
    - test
      - java
        org
        fenixedu
        bennu
        spring
        BennuSpringTest.java
        mvc
        BennuSpringTestDomainException.java
        TestController.java
        security
        CSRFTokenTest.java
- bennu-test
  - src
    - test
      - java
        org
        fenixedu
        bennu
        core
        domain
        BennuTest.java
        NashornTest.java
        example
        domain
        groups
        UsersCreatedAfterGroup.java
        groups
        TestAnonymous.java
        TestAnyone.java
        TestCustomGroup.java
        TestDynamicGroup.java
        TestExpressionCornerCases.java
        TestGroupMath.java
        TestLogged.java
        TestNobody.java
        TestUserGroup.java
        groups
        ManualGroupRegister.java
        json
        Contact.java
        ContactType.java
        ContactViewer.java
        Person.java
        PersonViewer.java
        TestDefaultJsonAdapterForInterfaces.java
        TestGsonRegistry.java
        TestJsonSerialization.java
        User.java
        UserAdapter.java
        UserSpecificCreator.java
        UserSpecificViewer.java
        rest
        DomainObjectParamConverterTest.java
        GsonBodyReaderWriterTest.java
        ThrowableExceptionMapperTest.java
        security
        CSRFFeatureTest.java
        PasswordHashingTest.java
        signals
        SignalsTest.java
        user
        LoginPeriodTest.java
        oauth
        OAuthServletTest.java
        TestResource.java
        pt
        ist
        fenixframework
        backend
        jvstm
        InMemDomainObjectValidBackEnd.java
        InMemDomainObjectValidConfig.java
        test
        core
        FenixFrameworkRunner.java
- bennu-toolkit
  - src
    - main
      - java
        org
        fenixedu
        bennu
        toolkit
        Sanitization.java
        ToolkitInitializer.java
        components
        Component.java
        ImageComponent.java
        LinkComponent.java
        TableComponent.java
        ToolkitComponent.java
        ToolkitResources.java
        YouTubeComponent.java
    - test
      - java
        org
        fenixedu
        bennu
        toolkit
        SanitizationTest.java

package org.fenixedu.bennu.spring.security;

import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

import javax.servlet.http.HttpServletRequest;

import org.fenixedu.bennu.spring.BennuSpringConfiguration;
import org.fenixedu.bennu.spring.security.CSRFTokenTest.MyConfig;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;

@WebAppConfiguration
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes = { BennuSpringConfiguration.class, MyConfig.class })
public class CSRFTokenTest {

    private static final CSRFToken TEST_TOKEN = new CSRFToken("RANDOM_TOKEN");

    public static class MyConfig {

        @Bean
        @Order(Ordered.HIGHEST_PRECEDENCE)
        public CSRFTokenRepository csrfTokenRepository() {
            return new CSRFTokenRepository() {
                @Override
                public CSRFToken getToken(HttpServletRequest request) {
                    return TEST_TOKEN;
                }
            };
        }

    }

    @Autowired
    private WebApplicationContext wac;

    private MockMvc mockMvc;

    @Before
    public void setup() {
        this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
    }

    // GET

    @Test
    public void testGetRequestsAreNotAffected() throws Exception {
        this.mockMvc.perform(get("/test/csrf")).andExpect(status().isOk());
    }

    // POST

    @Test
    public void testPOSTRequestsAreProperlyFiltered() throws Exception {
        this.mockMvc.perform(post("/test/csrf")).andExpect(status().isBadRequest());
    }

    @Test
    public void testPOSTRequestsWithWrongToken() throws Exception {
        this.mockMvc.perform(post("/test/csrf").param(TEST_TOKEN.getParameterName(), "WRONG_TOKEN")).andExpect(
                status().isBadRequest());
    }

    @Test
    public void testPOSTRequestsWithParameterWorks() throws Exception {
        this.mockMvc.perform(post("/test/csrf").param(TEST_TOKEN.getParameterName(), TEST_TOKEN.getToken())).andExpect(
                status().isOk());
    }

    @Test
    public void testPOSTRequestsWithHeaderWorks() throws Exception {
        this.mockMvc.perform(post("/test/csrf").header(TEST_TOKEN.getHeaderName(), TEST_TOKEN.getToken())).andExpect(
                status().isOk());
    }

    @Test
    public void testPUTRequestsWithIgnoreAnnotationAreNotAffected() throws Exception {
        this.mockMvc.perform(post("/test/csrf-ignored")).andExpect(status().isOk());
    }

    // POST

    @Test
    public void testPUTRequestsAreProperlyFiltered() throws Exception {
        this.mockMvc.perform(put("/test/csrf")).andExpect(status().isBadRequest());
    }

    @Test
    public void testPUTRequestsWithWrongToken() throws Exception {
        this.mockMvc.perform(put("/test/csrf").param(TEST_TOKEN.getParameterName(), "WRONG_TOKEN")).andExpect(
                status().isBadRequest());
    }

    @Test
    public void testPUTRequestsWithParameterWorks() throws Exception {
        this.mockMvc.perform(put("/test/csrf").param(TEST_TOKEN.getParameterName(), TEST_TOKEN.getToken())).andExpect(
                status().isOk());
    }

    @Test
    public void testPUTRequestsWithHeaderWorks() throws Exception {
        this.mockMvc.perform(put("/test/csrf").header(TEST_TOKEN.getHeaderName(), TEST_TOKEN.getToken())).andExpect(
                status().isOk());
    }

    @Test
    public void testPOSTRequestsWithIgnoreAnnotationAreNotAffected() throws Exception {
        this.mockMvc.perform(put("/test/csrf-ignored")).andExpect(status().isOk());
    }

    // DELETE

    @Test
    public void testDELETERequestsAreProperlyFiltered() throws Exception {
        this.mockMvc.perform(delete("/test/csrf")).andExpect(status().isBadRequest());
    }

    @Test
    public void testDELETERequestsWithWrongToken() throws Exception {
        this.mockMvc.perform(delete("/test/csrf").param(TEST_TOKEN.getParameterName(), "WRONG_TOKEN")).andExpect(
                status().isBadRequest());
    }

    @Test
    public void testDELETERequestsWithParameterWorks() throws Exception {
        this.mockMvc.perform(delete("/test/csrf").param(TEST_TOKEN.getParameterName(), TEST_TOKEN.getToken())).andExpect(
                status().isOk());
    }

    @Test
    public void testDELETERequestsWithHeaderWorks() throws Exception {
        this.mockMvc.perform(delete("/test/csrf").header(TEST_TOKEN.getHeaderName(), TEST_TOKEN.getToken())).andExpect(
                status().isOk());
    }

    @Test
    public void testDELETERequestsWithIgnoreAnnotationAreNotAffected() throws Exception {
        this.mockMvc.perform(delete("/test/csrf-ignored")).andExpect(status().isOk());
    }

}