Extend authorization service testing

mgoellnitz · Apr 19, 2016 · 6d37357 · 6d37357
1 parent 323f3f0
commit 6d37357
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 8 deletions.
diff --git a/core/src/org/tangram/components/GenericAuthorizationService.java b/core/src/org/tangram/components/GenericAuthorizationService.java
@@ -146,7 +146,14 @@ public void handleRequest(HttpServletRequest request, HttpServletResponse respon
             if (isAdminUser(request, response)) {
                 request.setAttribute("tangramAdminUser", true);
             } // if
-            if (!users.isEmpty()) {
+            if (users.isEmpty()) {
+                if (closedSystem) {
+                    LOG.info("handleRequest() no logged in user found while application is globally protected");
+                    TargetDescriptor target = getLoginTarget(request);
+                    Link loginLink = linkFactoryAggregator.createLink(request, response, target.getBean(), target.getAction(), target.getView());
+                    response.sendRedirect(loginLink.getUrl());
+                } // if
+            } else {
                 boolean allowed = false;
                 request.setAttribute("tangramLogoutUrl", authenticationService.getLogoutLink(request, response).getUrl());
                 for (User user : users) {
@@ -156,13 +163,6 @@ public void handleRequest(HttpServletRequest request, HttpServletResponse respon
                     LOG.warn("handleRequest() user not allowed to access page: {}", users);
                     response.sendError(HttpServletResponse.SC_FORBIDDEN, users+" not allowed to view page");
                 } // if
-            } else {
-                if (closedSystem) {
-                    LOG.info("handleRequest() no logged in user found while application is globally protected");
-                    TargetDescriptor target = getLoginTarget(request);
-                    Link loginLink = linkFactoryAggregator.createLink(request, response, target.getBean(), target.getAction(), target.getView());
-                    response.sendRedirect(loginLink.getUrl());
-                } // if
             } // if
         } // if
     } // handleRequest()

diff --git a/core/test/org/tangram/components/test/GenericAuthorizationServiceTest.java b/core/test/org/tangram/components/test/GenericAuthorizationServiceTest.java
@@ -18,6 +18,7 @@
  */
 package org.tangram.components.test;
 
+import java.io.IOException;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Map;
@@ -35,6 +36,8 @@
 import org.tangram.authentication.User;
 import org.tangram.components.GenericAuthorizationService;
 import org.tangram.content.CodeResourceCache;
+import org.tangram.link.Link;
+import org.tangram.link.LinkFactoryAggregator;
 import org.tangram.link.TargetDescriptor;
 import org.testng.Assert;
 import org.testng.annotations.Test;
@@ -63,6 +66,9 @@ public class GenericAuthorizationServiceTest {
     @Spy
     private final Set<String> loginProviders = new HashSet<>(); // NOPMD - this field is not really unused
 
+    @Mock
+    private final LinkFactoryAggregator aggregator = null;
+
     @InjectMocks
     private final GenericAuthorizationService authorizationService = new GenericAuthorizationService();
 
@@ -109,4 +115,45 @@ public void testGenericAuthorizationService() {
         Assert.assertEquals(target, loginTarget, "We need a login target.");
     } // testGenericAuthorizationService()
 
+    @Test
+    public void testClosedSystem() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        HttpServletResponse response = new MockHttpServletResponse();
+        Set<User> users = new HashSet<>();
+        Mockito.when(authenticationService.getUsers(request, response)).thenReturn(users);
+        TargetDescriptor target = new TargetDescriptor(this, "log", "in");
+        Mockito.when(authorizationService.getLoginTarget(request)).thenReturn(target);
+        String uri = "/login-test";
+        Link link = new Link(uri);
+        Mockito.when(aggregator.createLink(request, response, target.getBean(), target.getAction(), target.getView())).thenReturn(link);
+        try {
+            authorizationService.handleRequest(request, response);
+        } catch (IOException e) {
+            Assert.fail("Request handling should not throw an exception");
+        } // try/catch
+        Assert.assertEquals(response.getStatus(), 302, "expected redirect to new location");
+        Assert.assertEquals(response.getHeader("Location"), uri, "expected redirect to new location");
+    } // testClosedSystem()
+
+    @Test
+    public void testHandleRequest() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        HttpServletResponse response = new MockHttpServletResponse();
+        Map<String, Object> properties = Collections.EMPTY_MAP;
+        GenericUser user = new GenericUser("form", "testuser", properties);
+        Set<User> users = new HashSet<>();
+        users.add(user);
+        Mockito.when(authenticationService.getUsers(request, response)).thenReturn(users);
+        String uri = "/logout-test";
+        Link link = new Link(uri);
+        Mockito.when(authenticationService.getLogoutLink(request, response)).thenReturn(link);
+        try {
+            authorizationService.handleRequest(request, response);
+        } catch (IOException e) {
+            Assert.fail("Request handling should not throw an exception");
+        } // try/catch
+        Assert.assertEquals(response.getStatus(), 200, "expected normal status result");
+        Assert.assertEquals(request.getAttribute("tangramLogoutUrl"), uri, "expected correct logout link in attribute");
+    } // testHandleRequest()
+
 } // GenericAuthorizationServiceTest