private void logout(HttpServletRequest request, HttpServletResponse response) { generateAuthenticationEvent(request, response); jwtHttpHandler.removeToken(request, response); }
@Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; if (!request.getMethod().equals(POST.name())) { response.setStatus(HTTP_BAD_REQUEST); return; } logout(request, response); }
@Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; boolean isAuthenticated = authenticate(request, response); response.setContentType(MediaTypes.JSON); try (JsonWriter jsonWriter = JsonWriter.of(response.getWriter())) { jsonWriter.beginObject(); jsonWriter.prop("valid", isAuthenticated); jsonWriter.endObject(); } }
@Test public void logout_logged_user() throws Exception { setUser(USER); executeRequest(); verify(jwtHttpHandler).removeToken(request, response); verifyZeroInteractions(chain); verify(authenticationEvent).logoutSuccess(request, "john"); }
@Test public void return_unauthorized_code_when_empty_password() throws Exception { executeRequest(LOGIN, ""); verify(response).setStatus(401); verify(authenticationEvent).loginFailure(eq(request), any(AuthenticationException.class)); }
@Override public void define(Context context) { NewController controller = context.createController(AUTHENTICATION_CONTROLLER); controller.setDescription("Handle authentication."); actions.forEach(action -> action.define(controller)); controller.done(); } }
@Test public void logout_unlogged_user() throws Exception { setNoUser(); executeRequest(); verify(jwtHttpHandler).removeToken(request, response); verifyZeroInteractions(chain); verify(authenticationEvent).logoutSuccess(request, null); }
private void executeRequest(String login, String password) throws IOException, ServletException { when(request.getMethod()).thenReturn("POST"); when(request.getParameter("login")).thenReturn(login); when(request.getParameter("password")).thenReturn(password); underTest.doFilter(request, response, chain); } }
private void executeRequest() throws IOException, ServletException { when(request.getMethod()).thenReturn("POST"); underTest.doFilter(request, response, chain); }
@Test public void do_get_pattern() { assertThat(underTest.doGetPattern().matches("/api/authentication/logout")).isTrue(); assertThat(underTest.doGetPattern().matches("/api/authentication/login")).isFalse(); assertThat(underTest.doGetPattern().matches("/api/authentication/logou")).isFalse(); assertThat(underTest.doGetPattern().matches("/api/authentication/logoutthing")).isFalse(); assertThat(underTest.doGetPattern().matches("/foo")).isFalse(); }
@Test public void do_get_pattern() { assertThat(underTest.doGetPattern().matches("/api/authentication/login")).isTrue(); assertThat(underTest.doGetPattern().matches("/api/authentication/logout")).isFalse(); assertThat(underTest.doGetPattern().matches("/foo")).isFalse(); }
@Test public void return_false_when_jwt_throws_unauthorized_exception() throws Exception { doThrow(AuthenticationException.class).when(jwtHttpHandler).validateToken(request, response); when(basicAuthentication.authenticate(request)).thenReturn(Optional.empty()); underTest.doFilter(request, response, chain); verify(response).setContentType(MediaTypes.JSON); JsonAssert.assertJson(stringWriter.toString()).isSimilarTo("{\"valid\":false}"); }
@Test public void generate_auth_event_on_failure() throws Exception { setUser(USER); AuthenticationException exception = AuthenticationException.newBuilder().setMessage("error!").setSource(sso()).build(); doThrow(exception).when(jwtHttpHandler).getToken(any(HttpServletRequest.class), any(HttpServletResponse.class)); executeRequest(); verify(authenticationEvent).logoutFailure(request, "error!"); verify(jwtHttpHandler).removeToken(any(HttpServletRequest.class), any(HttpServletResponse.class)); verifyZeroInteractions(chain); }
@Test public void return_unauthorized_code_when_no_password() throws Exception { executeRequest(LOGIN, null); verify(response).setStatus(401); verify(authenticationEvent).loginFailure(eq(request), any(AuthenticationException.class)); }
@Test public void ignore_get_request() { when(request.getMethod()).thenReturn("GET"); underTest.doFilter(request, response, chain); verifyZeroInteractions(credentialsAuthentication, jwtHttpHandler, chain); verifyZeroInteractions(authenticationEvent); }
@Test public void return_400_on_get_request() throws Exception { when(request.getMethod()).thenReturn("GET"); underTest.doFilter(request, response, chain); verifyZeroInteractions(jwtHttpHandler, chain); verify(response).setStatus(400); }
@Test public void return_unauthorized_code_when_no_login() throws Exception { executeRequest(null, PASSWORD); verify(response).setStatus(401); verify(authenticationEvent).loginFailure(eq(request), any(AuthenticationException.class)); }
@Test public void return_unauthorized_code_when_empty_login() throws Exception { executeRequest("", PASSWORD); verify(response).setStatus(401); verify(authenticationEvent).loginFailure(eq(request), any(AuthenticationException.class)); }
@Test public void return_authorized_code_when_unauthorized_exception_is_thrown() throws Exception { doThrow(new UnauthorizedException("error !")).when(credentialsAuthentication).authenticate(new Credentials(LOGIN, PASSWORD), request, FORM); executeRequest(LOGIN, PASSWORD); verify(response).setStatus(401); assertThat(threadLocalUserSession.hasSession()).isFalse(); verifyZeroInteractions(authenticationEvent); }
@Test public void do_authenticate() throws Exception { when(credentialsAuthentication.authenticate(new Credentials(LOGIN, PASSWORD), request, FORM)).thenReturn(user); executeRequest(LOGIN, PASSWORD); assertThat(threadLocalUserSession.isLoggedIn()).isTrue(); verify(credentialsAuthentication).authenticate(new Credentials(LOGIN, PASSWORD), request, FORM); verify(jwtHttpHandler).generateToken(user, request, response); verifyZeroInteractions(chain); verifyZeroInteractions(authenticationEvent); }