Examples with NanoServerHandler org.zaproxy.zap.testutils.NanoServerHandler used on opensource projects

Example 11 with NanoServerHandler

use of org.zaproxy.zap.testutils.NanoServerHandler in project zaproxy by zaproxy.

the class AuthenticationMethodPollUrlUnitTest method shouldPollOnSpecifiedNumberOfRequestsPerUser.

@Test
void shouldPollOnSpecifiedNumberOfRequestsPerUser() throws NullPointerException, IOException {
    // Given
    String test = "/shouldPollOnFirstRequest/test";
    String pollUrl = "/shouldPollOnFirstRequest/pollUrl";
    final List<String> orderedReqs = new ArrayList<>();
    this.nano.addHandler(new NanoServerHandler(pollUrl) {

        @Override
        protected Response serve(IHTTPSession session) {
            orderedReqs.add(session.getUri());
            return newFixedLengthResponse(LOGGED_IN_BODY);
        }
    });
    HttpMessage testMsg = this.getHttpMessage(test);
    HttpMessage pollMsg = this.getHttpMessage(pollUrl);
    method.setAuthCheckingStrategy(AuthCheckingStrategy.POLL_URL);
    method.setPollUrl(pollMsg.getRequestHeader().getURI().toString() + "?");
    method.setPollFrequencyUnits(AuthPollFrequencyUnits.REQUESTS);
    method.setPollFrequency(5);
    method.setLoggedInIndicatorPattern(LOGGED_IN_INDICATOR);
    User user1 = mock(User.class);
    given(user1.getAuthenticationState()).willReturn(new AuthenticationState());
    User user2 = mock(User.class);
    given(user2.getAuthenticationState()).willReturn(new AuthenticationState());
    // When/Then
    assertThat(method.isAuthenticated(testMsg, user1), is(true));
    // First poll for user1
    assertThat(orderedReqs.size(), is(1));
    assertThat(method.isAuthenticated(testMsg, user1), is(true));
    assertThat(method.isAuthenticated(testMsg, user1), is(true));
    assertThat(method.isAuthenticated(testMsg, user2), is(true));
    // First poll for user2
    assertThat(orderedReqs.size(), is(2));
    assertThat(method.isAuthenticated(testMsg, user2), is(true));
    assertThat(method.isAuthenticated(testMsg, user1), is(true));
    assertThat(method.isAuthenticated(testMsg, user1), is(true));
    assertThat(method.isAuthenticated(testMsg, user1), is(true));
    // Should not have changed yet
    assertThat(orderedReqs.size(), is(2));
    assertThat(method.isAuthenticated(testMsg, user1), is(true));
    // Second poll for user1
    assertThat(orderedReqs.size(), is(3));
    assertThat(method.isAuthenticated(testMsg, user1), is(true));
    assertThat(method.isAuthenticated(testMsg, user1), is(true));
    assertThat(method.isAuthenticated(testMsg, user1), is(true));
    assertThat(method.isAuthenticated(testMsg, user2), is(true));
    assertThat(method.isAuthenticated(testMsg, user2), is(true));
    assertThat(method.isAuthenticated(testMsg, user2), is(true));
    assertThat(method.isAuthenticated(testMsg, user2), is(true));
    // Should not have changed yet
    assertThat(orderedReqs.size(), is(3));
    assertThat(method.isAuthenticated(testMsg, user2), is(true));
    // Second poll for user2
    assertThat(orderedReqs.size(), is(4));
}

Example 12 with NanoServerHandler

use of org.zaproxy.zap.testutils.NanoServerHandler in project zaproxy by zaproxy.

the class JsonBasedAuthenticationMethodTypeUnitTest method shouldReplaceUsernameInPollRequest.

@Test
void shouldReplaceUsernameInPollRequest() throws NullPointerException, IOException {
    // Given
    String test = "/shouldReplaceUsernameInPollRequest/test";
    String encodedPattern = URLEncoder.encode(PostBasedAuthenticationMethod.MSG_USER_PATTERN, StandardCharsets.UTF_8.name());
    String pollUrl = "/shouldReplaceUsernameInPollRequest/pollUrl";
    String pollData = "user=" + PostBasedAuthenticationMethod.MSG_USER_PATTERN;
    String username = "user";
    final List<String> orderedReqUrls = new ArrayList<>();
    final List<String> orderedReqData = new ArrayList<>();
    this.nano.addHandler(new NanoServerHandler(pollUrl.replace(encodedPattern, username)) {

        @Override
        protected Response serve(IHTTPSession session) {
            orderedReqUrls.add(session.getUri() + "?" + session.getQueryParameterString());
            HashMap<String, String> map = new HashMap<>();
            try {
                session.parseBody(map);
                orderedReqData.add(map.get("postData"));
            } catch (Exception e) {
            }
            return newFixedLengthResponse(LOGGED_IN_BODY);
        }
    });
    HttpMessage testMsg = this.getHttpMessage(test);
    HttpMessage pollMsg = this.getHttpMessage(pollUrl + "?" + encodedPattern);
    method.setPollUrl(pollMsg.getRequestHeader().getURI().toString());
    method.setPollData(pollData);
    User user = mock(User.class);
    given(user.getAuthenticationState()).willReturn(new AuthenticationState());
    given(user.getAuthenticationCredentials()).willReturn(new UsernamePasswordAuthenticationCredentials(username, ""));
    // When/Then
    assertThat(method.isAuthenticated(testMsg, user), is(true));
    assertThat(orderedReqUrls.size(), is(1));
    assertThat(orderedReqUrls.get(0), is(pollUrl + "?" + username));
    assertThat(orderedReqData.size(), is(1));
    assertThat(orderedReqData.get(0), is(pollData.replace(PostBasedAuthenticationMethod.MSG_USER_PATTERN, username)));
}