package org.whispersystems.dropwizard.simpleauth; import org.junit.Test; import org.mockito.ArgumentCaptor; import javax.ws.rs.WebApplicationException; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedHashMap; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.SecurityContext; import java.io.IOException; import java.util.Optional; import io.dropwizard.auth.AuthenticationException; import io.dropwizard.auth.basic.BasicCredentials; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.mockito.Mockito.*; public class BasicCredentialAuthFilterTest { @Test public void testValidAuth() throws IOException { AuthFilter authFilter = new BasicCredentialAuthFilter.Builder<String>().setAuthenticator(new StringAuthenticator()) .setPrincipal(String.class) .setRealm("Hmm") .buildAuthFilter(); MultivaluedMap<String, String> headers = new MultivaluedHashMap<String, String>() {{ add(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpmb28="); }}; ContainerRequestContext containerRequestContext = mock(ContainerRequestContext.class); when(containerRequestContext.getHeaders()).thenReturn(headers); authFilter.filter(containerRequestContext); ArgumentCaptor<SecurityContext> captor = ArgumentCaptor.forClass(SecurityContext.class); verify(containerRequestContext).setSecurityContext(captor.capture()); assertTrue(captor.getValue().getUserPrincipal() instanceof AuthPrincipal); assertEquals(((AuthPrincipal) captor.getValue().getUserPrincipal()).getAuthenticated(), "user"); } @Test public void testInvalidAuth() throws Exception { AuthFilter authFilter = new BasicCredentialAuthFilter.Builder<String>().setAuthenticator(new StringAuthenticator()) .setPrincipal(String.class) .setRealm("Hmm") .buildAuthFilter(); MultivaluedMap<String, String> headers = new MultivaluedHashMap<String, String>() {{ add(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpiYXo="); }}; ContainerRequestContext containerRequestContext = mock(ContainerRequestContext.class); when(containerRequestContext.getHeaders()).thenReturn(headers); try { authFilter.filter(containerRequestContext); throw new AssertionError("Shouldn't succeed"); } catch (WebApplicationException wae) { verify(containerRequestContext, times(0)).setSecurityContext(any(SecurityContext.class)); assertEquals(wae.getResponse().getStatus(), 401); } } private static class StringAuthenticator implements Authenticator<BasicCredentials, String> { @Override public Optional<String> authenticate(BasicCredentials credentials) throws AuthenticationException { if (credentials.getUsername().equals("user") && credentials.getPassword().equals("foo")) { return Optional.of("user"); } return Optional.empty(); } } }