Skip to content

Commit

Permalink
[SECURITY-996] Fold tests back into normal files
Browse files Browse the repository at this point in the history
  • Loading branch information
@jsoref
jsoref committed Mar 25, 2019
1 parent ad15e52 commit 24d350d
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 88 deletions.
88 changes: 0 additions & 88 deletions test/src/test/java/hudson/security/TokenBasedRememberMeServices2SEC996Test.java
View file

This file was deleted.

43 changes: 43 additions & 0 deletions test/src/test/java/hudson/security/TokenBasedRememberMeServices2Test.java
View file
Expand Up @@ -35,7 +35,9 @@

import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.text.IsEmptyString.isEmptyString;
import static org.hamcrest.xml.HasXPath.hasXPath;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertThat;

public class TokenBasedRememberMeServices2Test {
Expand Down Expand Up @@ -309,4 +311,45 @@ private void assertUserNotConnected(JenkinsRule.WebClient wc, String notExpected
XmlPage page = (XmlPage) wc.goTo("whoAmI/api/xml", "application/xml");
assertThat(page, hasXPath("//name", not(is(notExpectedUsername))));
}

@Test
@Issue("SECURITY-996")
public void rememberMeToken_shouldNotBeRead_ifOptionIsDisabled() throws Exception {
j.jenkins.setDisableRememberMe(false);
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());

Cookie rememberMeCookie = null;
{
JenkinsRule.WebClient wc = j.createWebClient();
wc.login("alice", "alice", true);


// we should see a remember me cookie
rememberMeCookie = getRememberMeCookie(wc);
assertNotNull(rememberMeCookie);
assertThat(rememberMeCookie.getValue(), not(isEmptyString()));
}

j.jenkins.setDisableRememberMe(true);
{
JenkinsRule.WebClient wc = j.createWebClient();

wc.getCookieManager().addCookie(rememberMeCookie);

// the application should not use the cookie to connect
XmlPage page = (XmlPage) wc.goTo("whoAmI/api/xml", "application/xml");
assertThat(page, hasXPath("//name", not(is("alice"))));
}

j.jenkins.setDisableRememberMe(false);
{
JenkinsRule.WebClient wc = j.createWebClient();

wc.getCookieManager().addCookie(rememberMeCookie);

// if we reactivate the remember me feature, it's ok
XmlPage page = (XmlPage) wc.goTo("whoAmI/api/xml", "application/xml");
assertThat(page, hasXPath("//name", is("alice")));
}
}
}

0 comments on commit 24d350d

Please sign in to comment.