use of fi.iki.elonen.NanoHTTPD.Response in project zaproxy by zaproxy.
the class AuthenticationMethodPollUrlUnitTest method shouldPollOnSpecifiedNumberOfRequestsPerUser.
@Test
void shouldPollOnSpecifiedNumberOfRequestsPerUser() throws NullPointerException, IOException {
// Given
String test = "/shouldPollOnFirstRequest/test";
String pollUrl = "/shouldPollOnFirstRequest/pollUrl";
final List<String> orderedReqs = new ArrayList<>();
this.nano.addHandler(new NanoServerHandler(pollUrl) {
@Override
protected Response serve(IHTTPSession session) {
orderedReqs.add(session.getUri());
return newFixedLengthResponse(LOGGED_IN_BODY);
}
});
HttpMessage testMsg = this.getHttpMessage(test);
HttpMessage pollMsg = this.getHttpMessage(pollUrl);
method.setAuthCheckingStrategy(AuthCheckingStrategy.POLL_URL);
method.setPollUrl(pollMsg.getRequestHeader().getURI().toString() + "?");
method.setPollFrequencyUnits(AuthPollFrequencyUnits.REQUESTS);
method.setPollFrequency(5);
method.setLoggedInIndicatorPattern(LOGGED_IN_INDICATOR);
User user1 = mock(User.class);
given(user1.getAuthenticationState()).willReturn(new AuthenticationState());
User user2 = mock(User.class);
given(user2.getAuthenticationState()).willReturn(new AuthenticationState());
// When/Then
assertThat(method.isAuthenticated(testMsg, user1), is(true));
// First poll for user1
assertThat(orderedReqs.size(), is(1));
assertThat(method.isAuthenticated(testMsg, user1), is(true));
assertThat(method.isAuthenticated(testMsg, user1), is(true));
assertThat(method.isAuthenticated(testMsg, user2), is(true));
// First poll for user2
assertThat(orderedReqs.size(), is(2));
assertThat(method.isAuthenticated(testMsg, user2), is(true));
assertThat(method.isAuthenticated(testMsg, user1), is(true));
assertThat(method.isAuthenticated(testMsg, user1), is(true));
assertThat(method.isAuthenticated(testMsg, user1), is(true));
// Should not have changed yet
assertThat(orderedReqs.size(), is(2));
assertThat(method.isAuthenticated(testMsg, user1), is(true));
// Second poll for user1
assertThat(orderedReqs.size(), is(3));
assertThat(method.isAuthenticated(testMsg, user1), is(true));
assertThat(method.isAuthenticated(testMsg, user1), is(true));
assertThat(method.isAuthenticated(testMsg, user1), is(true));
assertThat(method.isAuthenticated(testMsg, user2), is(true));
assertThat(method.isAuthenticated(testMsg, user2), is(true));
assertThat(method.isAuthenticated(testMsg, user2), is(true));
assertThat(method.isAuthenticated(testMsg, user2), is(true));
// Should not have changed yet
assertThat(orderedReqs.size(), is(3));
assertThat(method.isAuthenticated(testMsg, user2), is(true));
// Second poll for user2
assertThat(orderedReqs.size(), is(4));
}
use of fi.iki.elonen.NanoHTTPD.Response in project zaproxy by zaproxy.
the class JsonBasedAuthenticationMethodTypeUnitTest method shouldReplaceUsernameInPollRequest.
@Test
void shouldReplaceUsernameInPollRequest() throws NullPointerException, IOException {
// Given
String test = "/shouldReplaceUsernameInPollRequest/test";
String encodedPattern = URLEncoder.encode(PostBasedAuthenticationMethod.MSG_USER_PATTERN, StandardCharsets.UTF_8.name());
String pollUrl = "/shouldReplaceUsernameInPollRequest/pollUrl";
String pollData = "user=" + PostBasedAuthenticationMethod.MSG_USER_PATTERN;
String username = "user";
final List<String> orderedReqUrls = new ArrayList<>();
final List<String> orderedReqData = new ArrayList<>();
this.nano.addHandler(new NanoServerHandler(pollUrl.replace(encodedPattern, username)) {
@Override
protected Response serve(IHTTPSession session) {
orderedReqUrls.add(session.getUri() + "?" + session.getQueryParameterString());
HashMap<String, String> map = new HashMap<>();
try {
session.parseBody(map);
orderedReqData.add(map.get("postData"));
} catch (Exception e) {
}
return newFixedLengthResponse(LOGGED_IN_BODY);
}
});
HttpMessage testMsg = this.getHttpMessage(test);
HttpMessage pollMsg = this.getHttpMessage(pollUrl + "?" + encodedPattern);
method.setPollUrl(pollMsg.getRequestHeader().getURI().toString());
method.setPollData(pollData);
User user = mock(User.class);
given(user.getAuthenticationState()).willReturn(new AuthenticationState());
given(user.getAuthenticationCredentials()).willReturn(new UsernamePasswordAuthenticationCredentials(username, ""));
// When/Then
assertThat(method.isAuthenticated(testMsg, user), is(true));
assertThat(orderedReqUrls.size(), is(1));
assertThat(orderedReqUrls.get(0), is(pollUrl + "?" + username));
assertThat(orderedReqData.size(), is(1));
assertThat(orderedReqData.get(0), is(pollData.replace(PostBasedAuthenticationMethod.MSG_USER_PATTERN, username)));
}
Aggregations