Search in sources :

Example 6 with NanoServerHandler

use of org.zaproxy.zap.testutils.NanoServerHandler in project zaproxy by zaproxy.

the class DownloadManagerUnitTest method shouldDownloadAllFiles.

@Test
@Timeout(30)
void shouldDownloadAllFiles() throws Exception {
    // Given
    nano.addHandler(new NanoServerHandler("/") {

        @Override
        protected Response serve(IHTTPSession session) {
            return newFixedLengthResponse("");
        }
    });
    downloadManager.start();
    int numberOfDownloads = 1000;
    // When
    for (int i = 0; i < numberOfDownloads; i++) {
        downloadManager.downloadFile(createDownloadUrl(i), createTargetFile(i), 0L, HASH);
    }
    // Then
    waitDownloadManagerFinished();
    List<Downloader> progress = downloadManager.getProgress();
    assertThat(progress, hasSize(numberOfDownloads));
    progress.forEach(download -> {
        assertThat(download.getFinished(), is(not(nullValue())));
    });
}
Also used : Response(fi.iki.elonen.NanoHTTPD.Response) NanoHTTPD.newFixedLengthResponse(fi.iki.elonen.NanoHTTPD.newFixedLengthResponse) NanoServerHandler(org.zaproxy.zap.testutils.NanoServerHandler) IHTTPSession(fi.iki.elonen.NanoHTTPD.IHTTPSession) Test(org.junit.jupiter.api.Test) Timeout(org.junit.jupiter.api.Timeout)

Example 7 with NanoServerHandler

use of org.zaproxy.zap.testutils.NanoServerHandler in project zaproxy by zaproxy.

the class JsonBasedAuthenticationMethodTypeUnitTest method shouldNotReplacePasswordInPollRequest.

@Test
void shouldNotReplacePasswordInPollRequest() throws NullPointerException, IOException {
    // Given
    String test = "/shouldNotReplacePasswordInPollRequest/test";
    String pollUrl = "/shouldNotReplacePasswordInPollRequest/pollUrl";
    String pollData = "pwd=" + PostBasedAuthenticationMethod.MSG_PASS_PATTERN;
    String password = "password123!";
    final List<String> orderedReqData = new ArrayList<>();
    this.nano.addHandler(new NanoServerHandler(pollUrl) {

        @Override
        protected Response serve(IHTTPSession session) {
            HashMap<String, String> map = new HashMap<>();
            try {
                session.parseBody(map);
                orderedReqData.add(map.get("postData"));
            } catch (Exception e) {
            }
            return newFixedLengthResponse(LOGGED_IN_BODY);
        }
    });
    HttpMessage testMsg = this.getHttpMessage(test);
    HttpMessage pollMsg = this.getHttpMessage(pollUrl);
    method.setPollUrl(pollMsg.getRequestHeader().getURI().toString());
    method.setPollData(pollData);
    User user = mock(User.class);
    given(user.getAuthenticationState()).willReturn(new AuthenticationState());
    given(user.getAuthenticationCredentials()).willReturn(new UsernamePasswordAuthenticationCredentials("", password));
    // When/Then
    assertThat(method.isAuthenticated(testMsg, user), is(true));
    assertThat(orderedReqData.size(), is(1));
    assertThat(orderedReqData.get(0), is(pollData));
}
Also used : User(org.zaproxy.zap.users.User) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) IHTTPSession(fi.iki.elonen.NanoHTTPD.IHTTPSession) IOException(java.io.IOException) AuthenticationState(org.zaproxy.zap.users.AuthenticationState) Response(fi.iki.elonen.NanoHTTPD.Response) NanoHTTPD.newFixedLengthResponse(fi.iki.elonen.NanoHTTPD.newFixedLengthResponse) NanoServerHandler(org.zaproxy.zap.testutils.NanoServerHandler) HttpMessage(org.parosproxy.paros.network.HttpMessage) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest)

Example 8 with NanoServerHandler

use of org.zaproxy.zap.testutils.NanoServerHandler in project zaproxy by zaproxy.

the class FormBasedAuthenticationMethodTypeUnitTest method shouldNotReplacePasswordInPollRequest.

@Test
void shouldNotReplacePasswordInPollRequest() throws NullPointerException, IOException {
    // Given
    String test = "/shouldNotReplacePasswordInPollRequest/test";
    String pollUrl = "/shouldNotReplacePasswordInPollRequest/pollUrl";
    String pollData = "pwd=" + PostBasedAuthenticationMethod.MSG_PASS_PATTERN;
    String password = "password123!";
    final List<String> orderedReqData = new ArrayList<>();
    this.nano.addHandler(new NanoServerHandler(pollUrl) {

        @Override
        protected Response serve(IHTTPSession session) {
            HashMap<String, String> map = new HashMap<>();
            try {
                session.parseBody(map);
                orderedReqData.add(map.get("postData"));
            } catch (Exception e) {
            }
            return newFixedLengthResponse(LOGGED_IN_BODY);
        }
    });
    HttpMessage testMsg = this.getHttpMessage(test);
    HttpMessage pollMsg = this.getHttpMessage(pollUrl);
    method.setPollUrl(pollMsg.getRequestHeader().getURI().toString());
    method.setPollData(pollData);
    User user = mock(User.class);
    given(user.getAuthenticationState()).willReturn(new AuthenticationState());
    given(user.getAuthenticationCredentials()).willReturn(new UsernamePasswordAuthenticationCredentials("", password));
    // When/Then
    assertThat(method.isAuthenticated(testMsg, user), is(true));
    assertThat(orderedReqData.size(), is(1));
    assertThat(orderedReqData.get(0), is(pollData));
}
Also used : User(org.zaproxy.zap.users.User) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) IHTTPSession(fi.iki.elonen.NanoHTTPD.IHTTPSession) IOException(java.io.IOException) AuthenticationState(org.zaproxy.zap.users.AuthenticationState) Response(fi.iki.elonen.NanoHTTPD.Response) NanoHTTPD.newFixedLengthResponse(fi.iki.elonen.NanoHTTPD.newFixedLengthResponse) NanoServerHandler(org.zaproxy.zap.testutils.NanoServerHandler) HttpMessage(org.parosproxy.paros.network.HttpMessage) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest)

Example 9 with NanoServerHandler

use of org.zaproxy.zap.testutils.NanoServerHandler in project zaproxy by zaproxy.

the class FormBasedAuthenticationMethodTypeUnitTest method shouldReplaceUsernameInPollRequest.

@Test
void shouldReplaceUsernameInPollRequest() throws NullPointerException, IOException {
    // Given
    String test = "/shouldReplaceUsernameInPollRequest/test";
    String encodedPattern = URLEncoder.encode(PostBasedAuthenticationMethod.MSG_USER_PATTERN, StandardCharsets.UTF_8.name());
    String pollUrl = "/shouldReplaceUsernameInPollRequest/pollUrl";
    String pollData = "user=" + PostBasedAuthenticationMethod.MSG_USER_PATTERN;
    String username = "user";
    final List<String> orderedReqUrls = new ArrayList<>();
    final List<String> orderedReqData = new ArrayList<>();
    this.nano.addHandler(new NanoServerHandler(pollUrl.replace(encodedPattern, username)) {

        @Override
        protected Response serve(IHTTPSession session) {
            orderedReqUrls.add(session.getUri() + "?" + session.getQueryParameterString());
            HashMap<String, String> map = new HashMap<>();
            try {
                session.parseBody(map);
                orderedReqData.add(map.get("postData"));
            } catch (Exception e) {
            }
            return newFixedLengthResponse(LOGGED_IN_BODY);
        }
    });
    HttpMessage testMsg = this.getHttpMessage(test);
    HttpMessage pollMsg = this.getHttpMessage(pollUrl + "?" + encodedPattern);
    method.setPollUrl(pollMsg.getRequestHeader().getURI().toString());
    method.setPollData(pollData);
    User user = mock(User.class);
    given(user.getAuthenticationState()).willReturn(new AuthenticationState());
    given(user.getAuthenticationCredentials()).willReturn(new UsernamePasswordAuthenticationCredentials(username, ""));
    // When/Then
    assertThat(method.isAuthenticated(testMsg, user), is(true));
    assertThat(orderedReqUrls.size(), is(1));
    assertThat(orderedReqUrls.get(0), is(pollUrl + "?" + username));
    assertThat(orderedReqData.size(), is(1));
    assertThat(orderedReqData.get(0), is(pollData.replace(PostBasedAuthenticationMethod.MSG_USER_PATTERN, username)));
}
Also used : User(org.zaproxy.zap.users.User) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) IHTTPSession(fi.iki.elonen.NanoHTTPD.IHTTPSession) IOException(java.io.IOException) AuthenticationState(org.zaproxy.zap.users.AuthenticationState) Response(fi.iki.elonen.NanoHTTPD.Response) NanoHTTPD.newFixedLengthResponse(fi.iki.elonen.NanoHTTPD.newFixedLengthResponse) NanoServerHandler(org.zaproxy.zap.testutils.NanoServerHandler) HttpMessage(org.parosproxy.paros.network.HttpMessage) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest)

Example 10 with NanoServerHandler

use of org.zaproxy.zap.testutils.NanoServerHandler in project zaproxy by zaproxy.

the class AuthenticationMethodPollUrlUnitTest method shouldPollOnSpecifiedNumberOfRequests.

@Test
void shouldPollOnSpecifiedNumberOfRequests() throws NullPointerException, IOException {
    // Given
    String test = "/shouldPollOnFirstRequest/test";
    String pollUrl = "/shouldPollOnFirstRequest/pollUrl";
    final List<String> orderedReqs = new ArrayList<>();
    this.nano.addHandler(new NanoServerHandler(pollUrl) {

        @Override
        protected Response serve(IHTTPSession session) {
            orderedReqs.add(session.getUri());
            return newFixedLengthResponse(LOGGED_IN_BODY);
        }
    });
    HttpMessage testMsg = this.getHttpMessage(test);
    HttpMessage pollMsg = this.getHttpMessage(pollUrl);
    method.setAuthCheckingStrategy(AuthCheckingStrategy.POLL_URL);
    method.setPollUrl(pollMsg.getRequestHeader().getURI().toString());
    method.setPollFrequencyUnits(AuthPollFrequencyUnits.REQUESTS);
    method.setPollFrequency(5);
    method.setLoggedInIndicatorPattern(LOGGED_IN_INDICATOR);
    User user = mock(User.class);
    given(user.getAuthenticationState()).willReturn(new AuthenticationState());
    // When/Then
    assertThat(method.isAuthenticated(testMsg, user), is(true));
    assertThat(orderedReqs.size(), is(1));
    assertThat(method.isAuthenticated(testMsg, user), is(true));
    assertThat(method.isAuthenticated(testMsg, user), is(true));
    assertThat(method.isAuthenticated(testMsg, user), is(true));
    assertThat(method.isAuthenticated(testMsg, user), is(true));
    assertThat(method.isAuthenticated(testMsg, user), is(true));
    assertThat(orderedReqs.size(), is(1));
    assertThat(method.isAuthenticated(testMsg, user), is(true));
    assertThat(orderedReqs.size(), is(2));
    assertThat(orderedReqs.get(0), is(pollUrl));
    assertThat(orderedReqs.get(1), is(pollUrl));
}
Also used : Response(fi.iki.elonen.NanoHTTPD.Response) NanoHTTPD.newFixedLengthResponse(fi.iki.elonen.NanoHTTPD.newFixedLengthResponse) User(org.zaproxy.zap.users.User) NanoServerHandler(org.zaproxy.zap.testutils.NanoServerHandler) ArrayList(java.util.ArrayList) IHTTPSession(fi.iki.elonen.NanoHTTPD.IHTTPSession) HttpMessage(org.parosproxy.paros.network.HttpMessage) AuthenticationState(org.zaproxy.zap.users.AuthenticationState) Test(org.junit.jupiter.api.Test)

Aggregations

IHTTPSession (fi.iki.elonen.NanoHTTPD.IHTTPSession)12 Response (fi.iki.elonen.NanoHTTPD.Response)12 NanoHTTPD.newFixedLengthResponse (fi.iki.elonen.NanoHTTPD.newFixedLengthResponse)12 Test (org.junit.jupiter.api.Test)12 NanoServerHandler (org.zaproxy.zap.testutils.NanoServerHandler)12 ArrayList (java.util.ArrayList)11 HttpMessage (org.parosproxy.paros.network.HttpMessage)11 AuthenticationState (org.zaproxy.zap.users.AuthenticationState)11 User (org.zaproxy.zap.users.User)11 IOException (java.io.IOException)6 HashMap (java.util.HashMap)6 WithConfigsTest (org.zaproxy.zap.WithConfigsTest)6 Timeout (org.junit.jupiter.api.Timeout)1