private void testContextPathServletPathInvalid(String contextPath, String servletPath, String message) { try { this.builder.contextPath(contextPath); this.builder.servletPath(servletPath); this.builder.buildRequest(this.servletContext); } catch (IllegalArgumentException ex) { assertEquals(message, ex.getMessage()); } }
@Test public void chainMultiple() { MockMvcBuilders .webAppContextSetup(wac) .addFilter(new CharacterEncodingFilter() ) .defaultRequest(get("/").contextPath("/mywebapp")) .build(); }
@Test public void contextPathServletPathEmpty() { this.builder = new MockHttpServletRequestBuilder(HttpMethod.GET, "/travel/hotels/42"); this.builder.contextPath("/travel"); MockHttpServletRequest request = this.builder.buildRequest(this.servletContext); assertEquals("/travel", request.getContextPath()); assertEquals("", request.getServletPath()); assertEquals("/hotels/42", request.getPathInfo()); }
@Test public void contextPathServletPath() { this.builder = new MockHttpServletRequestBuilder(HttpMethod.GET, "/travel/main/hotels/42"); this.builder.contextPath("/travel"); this.builder.servletPath("/main"); MockHttpServletRequest request = this.builder.buildRequest(this.servletContext); assertEquals("/travel", request.getContextPath()); assertEquals("/main", request.getServletPath()); assertEquals("/hotels/42", request.getPathInfo()); }
@Test public void contextPathServletPathInfoEmpty() { this.builder = new MockHttpServletRequestBuilder(HttpMethod.GET, "/travel/hotels/42"); this.builder.contextPath("/travel"); this.builder.servletPath("/hotels/42"); MockHttpServletRequest request = this.builder.buildRequest(this.servletContext); assertEquals("/travel", request.getContextPath()); assertEquals("/hotels/42", request.getServletPath()); assertNull(request.getPathInfo()); }
@Test public void testHandleForcePasswordChange() throws Exception { setAuthentication(); mockMvc.perform( post("/uaa/force_password_change") .param("password","pwd") .param("password_confirmation", "pwd") .contextPath("/uaa")) .andExpect(status().isFound()) .andExpect(redirectedUrl("/uaa/force_password_change_completed")); verify(authentication, times(1)).setAuthenticatedTime(anyLong()); }
private static void attemptUnsuccessfulLogin(MockMvc mockMvc, int numberOfAttempts, String username, String subdomain) throws Exception { String requestDomain = subdomain.equals("") ? "localhost" : subdomain + ".localhost"; MockHttpServletRequestBuilder post = post("/uaa/login.do") .with(new SetServerNameRequestPostProcessor(requestDomain)) .with(cookieCsrf()) .contextPath("/uaa") .param("username", username) .param("password", "wrong_password"); for (int i = 0; i < numberOfAttempts; i++) { mockMvc.perform(post) .andExpect(redirectedUrl("/uaa/login?error=login_failure")) .andExpect(emptyCurrentUserCookie()); } }
@Test void testLogOut() throws Exception { mockMvc.perform(get("/uaa/logout.do").contextPath("/uaa")) .andExpect(status().isFound()) .andExpect(redirectedUrl("/uaa/login")) .andExpect(emptyCurrentUserCookie()); }
public ResultActions performSPAuthentication(String assertion) throws Exception { String spEntityId = spZone.getIdentityZone().getSubdomain() + ".cloudfoundry-saml-login"; return getMockMvc().perform( post("/uaa/saml/SSO/alias/"+spEntityId) .contextPath("/uaa") .header(HttpHeaders.HOST, spZone.getIdentityZone().getSubdomain()+".localhost:8080") .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) .param("SAMLResponse", assertion) ); }
@Test void testLogOutIgnoreRedirectParameter() throws Exception { mockMvc.perform(get("/uaa/logout.do").param("redirect", "https://www.google.com").contextPath("/uaa")) .andExpect(status().isFound()) .andExpect(redirectedUrl("/uaa/login")) .andExpect(emptyCurrentUserCookie()); }
@Test void login_LockoutPolicySucceeds_ForDefaultZone( @Autowired ScimUserProvisioning scimUserProvisioning ) throws Exception { ScimUser userToLockout = createUser(scimUserProvisioning, generator, getUaa().getId()); attemptUnsuccessfulLogin(mockMvc, 5, userToLockout.getUserName(), ""); mockMvc.perform(post("/uaa/login.do") .contextPath("/uaa") .with(cookieCsrf()) .param("username", userToLockout.getUserName()) .param("password", userToLockout.getPassword())) .andExpect(redirectedUrl("/uaa/login?error=account_locked")) .andExpect(emptyCurrentUserCookie()); }
@Test void login_LockoutPolicySucceeds_WhenPolicyIsUpdatedByApi( @Autowired ScimUserProvisioning scimUserProvisioning, @Autowired JdbcIdentityProviderProvisioning jdbcIdentityProviderProvisioning ) throws Exception { String subdomain = generator.generate(); IdentityZone zone = createOtherIdentityZone(subdomain, mockMvc, webApplicationContext, false); changeLockoutPolicyForIdpInZone(jdbcIdentityProviderProvisioning, zone); ScimUser userToLockout = createUser(scimUserProvisioning, generator, zone.getId()); attemptUnsuccessfulLogin(mockMvc, 2, userToLockout.getUserName(), subdomain); mockMvc.perform(post("/uaa/login.do") .contextPath("/uaa") .with(new SetServerNameRequestPostProcessor(subdomain + ".localhost")) .with(cookieCsrf()) .param("username", userToLockout.getUserName()) .param("password", userToLockout.getPassword())) .andExpect(redirectedUrl("/uaa/login?error=account_locked")) .andExpect(emptyCurrentUserCookie()); }
@Test void testLogOutWhitelistedRedirectParameter() throws Exception { Links.Logout original = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); Links.Logout logout = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); logout.setDisableRedirectParameter(false); logout.setWhitelist(singletonList("https://www.google.com")); MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), logout); try { mockMvc.perform(get("/uaa/logout.do").param("redirect", "https://www.google.com").contextPath("/uaa")) .andExpect(status().isFound()) .andExpect(redirectedUrl("https://www.google.com")) .andExpect(emptyCurrentUserCookie()); } finally { MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), original); } }
@Test void testLogOutNotWhitelistedRedirectParameter() throws Exception { Links.Logout original = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); Links.Logout logout = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); logout.setDisableRedirectParameter(false); logout.setWhitelist(singletonList("https://www.yahoo.com")); MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), logout); try { mockMvc.perform(get("/uaa/logout.do").param("redirect", "https://www.google.com").contextPath("/uaa")) .andExpect(status().isFound()) .andExpect(redirectedUrl("/uaa/login")) .andExpect(emptyCurrentUserCookie()); } finally { MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), original); } }
@Test void testLogOutNullWhitelistedRedirectParameter() throws Exception { Links.Logout original = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); Links.Logout logout = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); logout.setDisableRedirectParameter(false); logout.setWhitelist(singletonList("http*://www.google.com")); MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), logout); try { mockMvc.perform(get("/uaa/logout.do").param("redirect", "https://www.google.com").contextPath("/uaa")) .andExpect(status().isFound()) .andExpect(redirectedUrl("https://www.google.com")) .andExpect(emptyCurrentUserCookie()); } finally { MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), original); } }
@Test void testLogOutEnableRedirectParameter() throws Exception { Links.Logout original = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); Links.Logout logout = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); logout.setDisableRedirectParameter(false); logout.setWhitelist(singletonList("https://www.google.com")); MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), logout); try { mockMvc.perform(get("/uaa/logout.do").param("redirect", "https://www.google.com").contextPath("/uaa")) .andExpect(status().isFound()) .andExpect(redirectedUrl("https://www.google.com")) .andExpect(emptyCurrentUserCookie()); } finally { MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), original); } }
@Test void testLogOutAllowInternalRedirect() throws Exception { Links.Logout original = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); Links.Logout logout = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), logout); try { mockMvc.perform(get("/uaa/logout.do").param("redirect", "http://localhost/uaa/internal-location").contextPath("/uaa")) .andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/uaa/internal-location")) .andExpect(emptyCurrentUserCookie()); } finally { MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), original); } }
@Test void testLogOutChangeUrlValue() throws Exception { Links.Logout original = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); assertFalse(original.isDisableRedirectParameter()); Links.Logout logout = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); logout.setRedirectUrl("https://www.google.com"); MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), logout); try { mockMvc.perform(get("/uaa/logout.do").contextPath("/uaa")) .andExpect(status().isFound()) .andExpect(redirectedUrl("https://www.google.com")) .andExpect(emptyCurrentUserCookie()); } finally { MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), original); } }
@Test void testLogin_Post_When_DisableInternalUserManagement_Is_True( @Autowired ScimUserProvisioning scimUserProvisioning ) throws Exception { ScimUser user = createUser(scimUserProvisioning, generator, getUaa().getId()); MockMvcUtils.setDisableInternalAuth(webApplicationContext, getUaa().getId(), true); try { mockMvc.perform(post("/login.do") .with(cookieCsrf()) .param("username", user.getUserName()) .param("password", user.getPassword())) .andExpect(redirectedUrl("/login?error=login_failure")); } finally { MockMvcUtils.setDisableInternalAuth(webApplicationContext, getUaa().getId(), false); } mockMvc.perform(post("/uaa/login.do") .with(cookieCsrf()) .contextPath("/uaa") .param("username", user.getUserName()) .param("password", user.getPassword())) .andDo(print()) .andExpect(redirectedUrl("/uaa/")); }
@Test void testLogOutEmptyWhitelistedRedirectParameter() throws Exception { Links.Logout original = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); Links.Logout logout = MockMvcUtils.getLogout(webApplicationContext, getUaa().getId()); logout.setDisableRedirectParameter(false); logout.setWhitelist(EMPTY_LIST); MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), logout); try { mockMvc.perform(get("/uaa/logout.do").param("redirect", "https://www.google.com").contextPath("/uaa")) .andExpect(status().isFound()) .andExpect(redirectedUrl("/uaa/login")) .andExpect(emptyCurrentUserCookie()); } finally { MockMvcUtils.setLogout(webApplicationContext, getUaa().getId(), original); } }