public void testNullSessionReturnsNull() { assertNull(sessionManager.getLoggedInUser((HttpSession) null)); assertNull(sessionManager.getLoggedInAccount((HttpSession) null)); }
public void testDoAuthorizeTokenRedirectsForLogin() throws Exception { when(req.getPathInfo()).thenReturn(AUTHORIZE_TOKEN_PATH); when(req.getMethod()).thenReturn("GET"); Map<String, String[]> params = getDoAuthorizeTokenParams(); when(req.getParameterMap()).thenReturn(params); String expectedRedirect = "/auth/login/fake"; when(sessionManager.getLoginUrl(anyString())).thenReturn(expectedRedirect); // No user logged in. when(sessionManager.getLoggedInUser(any(HttpSession.class))).thenReturn(null); servlet.doGet(req, resp); verify(resp).sendRedirect(expectedRedirect); }
/** * On GET, sign the user out and redirect them to the redirect URL. */ @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { HttpSession session = req.getSession(false); sessionManager.logout(session); String redirectUrl = req.getParameter("r"); if (redirectUrl != null && redirectUrl.startsWith("/")) { resp.sendRedirect(redirectUrl); } else { resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("text/html"); resp.getWriter().print("<html><body>Logged out.</body></html>"); } } }
private ParticipantId authenticate(String token) { HttpSession session = provider.sessionManager.getSessionFromToken(token); return provider.sessionManager.getLoggedInUser(session); }
@Override protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { ParticipantId user = sessionManager.getLoggedInUser(req.getSession(false)); String path = req.getRequestURI().replace("/waveref/", ""); if (user != null) { resp.sendRedirect("/#" + path); } else { resp.sendRedirect("/auth/signin?r=/#" + path); } } }
@Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { ParticipantId id = sessionManager.getLoggedInUser(request.getSession(false)); response.sendRedirect(sessionManager.getLoginUrl("/")); return; AccountData account = sessionManager.getLoggedInAccount(request.getSession(false)); if (account != null) { String locale = account.asHuman().getLocale();
public void testGetLoginUrlEncodesQueryParameters() { String url = "/abc123?nested=query&string"; String encoded_url = "/abc123?nested%3Dquery%26string"; assertEquals( SessionManager.SIGN_IN_URL + "?r=" + encoded_url, sessionManager.getLoginUrl(url)); }
private void attemptLogin(String address, String password, boolean expectSuccess) throws IOException { // The query string is escaped. PercentEscaper escaper = new PercentEscaper(PercentEscaper.SAFECHARS_URLENCODER, true); String data = "address=" + escaper.escape(address) + "&" + "password=" + escaper.escape(password); Reader reader = new StringReader(data); when(req.getReader()).thenReturn(new BufferedReader(reader)); PrintWriter writer = mock(PrintWriter.class); when(resp.getWriter()).thenReturn(writer); when(req.getSession(false)).thenReturn(null); when(req.getSession(true)).thenReturn(session); when(req.getLocale()).thenReturn(Locale.ENGLISH); // Servlet control flow forces us to set these return values first and // verify the logged in user was set afterwards. if (expectSuccess) { when(manager.getLoggedInUser(Mockito.any())).thenReturn(USER); when(session.getAttribute("user")).thenReturn(USER); } servlet.doPost(req, resp); if (expectSuccess) { verify(manager).setLoggedInUser(session, USER); } } }
when(manager.getLoggedInUser(Mockito.any(HttpSession.class))).thenReturn(ANONYMOUS_USER); when(manager.getLoggedInUser(eq(req))).thenReturn(ANONYMOUS_USER); when(session.getAttribute(eq("user"))).thenReturn(ANONYMOUS_USER); } else { when(manager.getLoggedInUser(Mockito.any(HttpSession.class))).thenReturn(USER); when(manager.getLoggedInUser(eq(req))).thenReturn(USER); when(session.getAttribute(eq("user"))).thenReturn(USER); if (expectSuccess) { if (participant.isAnonymous()) verify(manager).login(session, ANONYMOUS_USER); else verify(manager).login(session, USER);
public void testUnknownUserReturnsNull() { HttpSession session = mock(HttpSession.class); when(session.getAttribute("user")).thenReturn(ParticipantId.ofUnsafe("missing@example.com")); assertNull(sessionManager.getLoggedInAccount(session)); }
public void testQueryAccounts() throws PersistenceException, IOException { // Mock data accountStore.putAccount(ACCOUNT_JOE); accountStore.putAccount(ACCOUNT_TOM); accountStore.putAccount(ACCOUNT_MAT); when(sessionManager.getLoggedInUser((HttpSession) anyObject())).thenReturn(ACCOUNT_MAT.getId()); when(sessionManager.getLoggedInUser((HttpServletRequest) anyObject())).thenReturn( ACCOUNT_MAT.getId()); when(sessionManager.listLoggedInUsers((HttpServletRequest) anyObject())).thenReturn(CollectionUtils.immutableSet(ACCOUNT_MAT.getId())); // Test AccountServiceData requestData = new AccountServiceData(); ByteArrayOutputStream responseStream = new ByteArrayOutputStream(); executeService("/account", "GET", requestData, responseStream, HttpServletResponse.SC_OK, ImmutableMap.<String, String> of("p", "joe@example.com;tom@example.com;mike@example.com;mat@example.com")); AccountServiceData[] responseData = (AccountServiceData[]) ServiceData.arrayFromJson(responseStream.toString("UTF-8"), AccountServiceData[].class); assertEquals(4, responseData.length); // We expect results in the same order as query assertEqualsAccount(ACCOUNT_JOE, responseData[0]); assertEqualsAccount(ACCOUNT_TOM, responseData[1]); assertEqualsAccount(ACCOUNT_MIKE, responseData[2]); assertEqualsAccount(ACCOUNT_MAT, responseData[3]); }
public void testGetSessionFromUnknownToken() { HttpSession session = mock(HttpSession.class); Mockito.when(jettySessionManager.getHttpSession("abc123")).thenReturn(null); assertNull(sessionManager.getSessionFromToken("abc123")); } }
sessionManager.setLoggedInUser(session, loggedInAddress); LOG.info("Authenticated user " + loggedInAddress);
/** * Create an http response to the fetch query. Main entrypoint for this class. */ @Override @VisibleForTesting protected void doGet(HttpServletRequest req, HttpServletResponse response) throws IOException { ParticipantId user = sessionManager.getLoggedInUser(req.getSession(false)); // This path will look like "/example.com/w+abc123/foo.com/conv+root // Strip off the leading '/'. String urlPath = req.getPathInfo().substring(1); // Extract the name of the wavelet from the URL WaveRef waveref; try { waveref = JavaWaverefEncoder.decodeWaveRefFromPath(urlPath); } catch (InvalidWaveRefException e) { // The URL contains an invalid waveref. There's no document at this path. response.sendError(HttpServletResponse.SC_NOT_FOUND); return; } renderSnapshot(waveref, user, response); }
public void testGetLoginUrlWithSimpleRedirect() { assertEquals(SessionManager.SIGN_IN_URL + "?r=/some/other/url", sessionManager.getLoginUrl("/some/other/url")); }
public void testUnknownUserReturnsNull() { HttpSession session = mock(HttpSession.class); when(session.getAttribute("user")).thenReturn(ParticipantId.ofUnsafe("missing@example.com")); assertNull(sessionManager.getLoggedInAccount(session)); }
public void testGetSessionFromToken() { HttpSession session = mock(HttpSession.class); Mockito.when(jettySessionManager.getHttpSession("abc123")).thenReturn(session); assertSame(session, sessionManager.getSessionFromToken("abc123")); }
Preconditions.checkState(sessionManager.getLoggedInUser(req.getSession(false)) != null, "The user is not logged in"); String query = req.getQueryString();
public void testNullSessionReturnsNull() { assertNull(sessionManager.getLoggedInUser(null)); assertNull(sessionManager.getLoggedInAccount(null)); }
public void testDoAuthorizeTokenRedirectsForLogin() throws Exception { when(req.getPathInfo()).thenReturn(AUTHORIZE_TOKEN_PATH); when(req.getMethod()).thenReturn("GET"); Map<String, String[]> params = getDoAuthorizeTokenParams(); when(req.getParameterMap()).thenReturn(params); String expectedRedirect = "/auth/login/fake"; when(sessionManager.getLoginUrl(anyString())).thenReturn(expectedRedirect); // No user logged in. when(sessionManager.getLoggedInUser(any(HttpSession.class))).thenReturn(null); servlet.doGet(req, resp); verify(resp).sendRedirect(expectedRedirect); }