@Override protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { ParticipantId user = sessionManager.getLoggedInUser(req.getSession(false)); String path = req.getRequestURI().replace("/waveref/", ""); if (user != null) { resp.sendRedirect("/#" + path); } else { resp.sendRedirect("/auth/signin?r=/#" + path); } } }
private ParticipantId authenticate(String token) { HttpSession session = provider.sessionManager.getSessionFromToken(token); return provider.sessionManager.getLoggedInUser(session); }
/** * Creates HTTP response to the profile query. Main entrypoint for this class. */ @Override protected void doGet(HttpServletRequest req, HttpServletResponse response) throws IOException { ParticipantId user = sessionManager.getLoggedInUser(req.getSession(false)); if (user == null) { response.setStatus(HttpServletResponse.SC_FORBIDDEN); return; } ProfileRequest profileRequest = parseProfileRequest(req, response); ProfileResponse profileResponse = fetchProfiles(profileRequest, user); printJson(profileResponse, response); }
public void testGetRedirects() throws IOException { String location = "/abc123?nested=query&string"; when(req.getSession(eq(false))).thenReturn(session); when(manager.getLoggedInUser(eq(session))).thenReturn(USER); when(manager.getLoggedInUser(eq(req))).thenReturn(USER); configureRedirectString(location); servlet.doGet(req, resp); verify(resp).sendRedirect(location); }
@Override public Object createWebSocket(ServletUpgradeRequest req, ServletUpgradeResponse resp) { ParticipantId loggedInUser = provider.sessionManager.getLoggedInUser(req.getSession()); return new WebSocketConnection(loggedInUser, provider).getWebSocketServerChannel(); } });
public void testDoAuthorizeTokenUnauthorizedOnWrongToken() throws Exception { when(req.getPathInfo()).thenReturn(AUTHORIZE_TOKEN_PATH); when(req.getMethod()).thenReturn("GET"); Map<String, String[]> params = getDoAuthorizeTokenParams(); params.put(OAuth.OAUTH_TOKEN, new String[] {"wrong_token"}); when(req.getParameterMap()).thenReturn(params); when(sessionManager.getLoggedInUser(any(HttpSession.class))).thenReturn(ALEX); servlet.doGet(req, resp); verify(resp).sendError(eq(HttpServletResponse.SC_UNAUTHORIZED), anyString()); }
public void testDoAuthorizeTokenPostUnauthorizedOnFailingXsrf() throws Exception { when(req.getPathInfo()).thenReturn(AUTHORIZE_TOKEN_PATH); when(req.getMethod()).thenReturn("POST"); Map<String, String[]> params = getDoAuthorizeTokenParams(); when(req.getParameterMap()).thenReturn(params); when(req.getParameter("token")).thenReturn("wrong_token"); when(sessionManager.getLoggedInUser(any(HttpSession.class))).thenReturn(ALEX); servlet.doPost(req, resp); verify(resp).sendError(eq(HttpServletResponse.SC_UNAUTHORIZED), anyString()); }
public void testDoAuthorizeTokenPostUnauthorizedOnFailingXsrf() throws Exception { when(req.getPathInfo()).thenReturn(AUTHORIZE_TOKEN_PATH); when(req.getMethod()).thenReturn("POST"); Map<String, String[]> params = getDoAuthorizeTokenParams(); when(req.getParameterMap()).thenReturn(params); when(req.getParameter("token")).thenReturn("wrong_token"); when(sessionManager.getLoggedInUser(any(HttpSession.class))).thenReturn(ALEX); servlet.doPost(req, resp); verify(resp).sendError(eq(HttpServletResponse.SC_UNAUTHORIZED), anyString()); }
public void testDoAuthorizeTokenUnauthorizedOnWrongToken() throws Exception { when(req.getPathInfo()).thenReturn(AUTHORIZE_TOKEN_PATH); when(req.getMethod()).thenReturn("GET"); Map<String, String[]> params = getDoAuthorizeTokenParams(); params.put(OAuth.OAUTH_TOKEN, new String[] {"wrong_token"}); when(req.getParameterMap()).thenReturn(params); when(sessionManager.getLoggedInUser(any(HttpSession.class))).thenReturn(ALEX); servlet.doGet(req, resp); verify(resp).sendError(eq(HttpServletResponse.SC_UNAUTHORIZED), anyString()); }
public void testDoAuthorizeTokenGet() throws Exception { when(req.getPathInfo()).thenReturn(AUTHORIZE_TOKEN_PATH); when(req.getMethod()).thenReturn("GET"); Map<String, String[]> params = getDoAuthorizeTokenParams(); when(req.getParameterMap()).thenReturn(params); when(sessionManager.getLoggedInUser(any(HttpSession.class))).thenReturn(ALEX); servlet.doGet(req, resp); verify(resp).getWriter(); assertFalse("Output must have been written", outputWriter.toString().isEmpty()); verify(resp).setStatus(HttpServletResponse.SC_OK); }
public void testDoAuthorizeTokenGet() throws Exception { when(req.getPathInfo()).thenReturn(AUTHORIZE_TOKEN_PATH); when(req.getMethod()).thenReturn("GET"); Map<String, String[]> params = getDoAuthorizeTokenParams(); when(req.getParameterMap()).thenReturn(params); when(sessionManager.getLoggedInUser(any(HttpSession.class))).thenReturn(ALEX); servlet.doGet(req, resp); verify(resp).getWriter(); assertFalse("Output must have been written", outputWriter.toString().isEmpty()); verify(resp).setStatus(HttpServletResponse.SC_OK); }
public void testDoAuthorizeTokenRedirectsForLogin() throws Exception { when(req.getPathInfo()).thenReturn(AUTHORIZE_TOKEN_PATH); when(req.getMethod()).thenReturn("GET"); Map<String, String[]> params = getDoAuthorizeTokenParams(); when(req.getParameterMap()).thenReturn(params); String expectedRedirect = "/auth/login/fake"; when(sessionManager.getLoginUrl(anyString())).thenReturn(expectedRedirect); // No user logged in. when(sessionManager.getLoggedInUser(any(HttpSession.class))).thenReturn(null); servlet.doGet(req, resp); verify(resp).sendRedirect(expectedRedirect); }
public void testDoAuthorizeTokenRedirectsForLogin() throws Exception { when(req.getPathInfo()).thenReturn(AUTHORIZE_TOKEN_PATH); when(req.getMethod()).thenReturn("GET"); Map<String, String[]> params = getDoAuthorizeTokenParams(); when(req.getParameterMap()).thenReturn(params); String expectedRedirect = "/auth/login/fake"; when(sessionManager.getLoginUrl(anyString())).thenReturn(expectedRedirect); // No user logged in. when(sessionManager.getLoggedInUser(any(HttpSession.class))).thenReturn(null); servlet.doGet(req, resp); verify(resp).sendRedirect(expectedRedirect); }
public void testGetRedirects() throws IOException { String location = "/abc123?nested=query&string"; when(req.getSession(false)).thenReturn(session); when(manager.getLoggedInUser(session)).thenReturn(USER); configureRedirectString(location); servlet.doGet(req, resp); verify(resp).sendRedirect(location); }
public void testDoAuthorizeTokenPostBadRequestWhenOmittedPostData() throws Exception { when(req.getPathInfo()).thenReturn(AUTHORIZE_TOKEN_PATH); when(req.getMethod()).thenReturn("POST"); Map<String, String[]> params = getDoAuthorizeTokenParams(); when(req.getParameterMap()).thenReturn(params); String token = servlet.getOrGenerateXsrfToken(ALEX); when(req.getParameter("token")).thenReturn(token); when(sessionManager.getLoggedInUser(any(HttpSession.class))).thenReturn(ALEX); // We didn't set the cancel nor agree param, i.e. something is wrong with // the form being submitted. servlet.doPost(req, resp); verify(resp).setStatus(HttpServletResponse.SC_BAD_REQUEST); }
public void testDoAuthorizeTokenPostBadRequestWhenOmittedPostData() throws Exception { when(req.getPathInfo()).thenReturn(AUTHORIZE_TOKEN_PATH); when(req.getMethod()).thenReturn("POST"); Map<String, String[]> params = getDoAuthorizeTokenParams(); when(req.getParameterMap()).thenReturn(params); String token = servlet.getOrGenerateXsrfToken(ALEX); when(req.getParameter("token")).thenReturn(token); when(sessionManager.getLoggedInUser(any(HttpSession.class))).thenReturn(ALEX); // We didn't set the cancel nor agree param, i.e. something is wrong with // the form being submitted. servlet.doPost(req, resp); verify(resp).setStatus(HttpServletResponse.SC_BAD_REQUEST); }
public void testSessionFetchesAddress() { HttpSession session = mock(HttpSession.class); ParticipantId id = ParticipantId.ofUnsafe("tubes@example.com"); when(session.getAttribute("user")).thenReturn(id); assertEquals(id, sessionManager.getLoggedInUser(session)); assertSame(account, sessionManager.getLoggedInAccount(session)); }
public void testSessionFetchesAddress() { HttpSession session = mock(HttpSession.class); ParticipantId id = ParticipantId.ofUnsafe("tubes@example.com"); when(session.getAttribute("user")).thenReturn(id); assertEquals(id, sessionManager.getLoggedInUser(session)); assertSame(account, sessionManager.getLoggedInAccount(session)); }
public void testNullSessionReturnsNull() { assertNull(sessionManager.getLoggedInUser((HttpSession) null)); assertNull(sessionManager.getLoggedInAccount((HttpSession) null)); }
public void testNullSessionReturnsNull() { assertNull(sessionManager.getLoggedInUser(null)); assertNull(sessionManager.getLoggedInAccount(null)); }