zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-16 17:37:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

Remove xsrfScope and xsrfProtection authentication attributes

Browse source 
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=159121132
This commit is contained in:
mountford 2017-06-15 10:31:47 -07:00 committed by Ben McIlwain
parent 580c41f2d6
commit 7d2f53a6fe
19 changed files with 103 additions and 185 deletions
Download patch file Download diff file Expand all files Collapse all files

30
javatests/google/registry/request/RequestHandlerTest.java
View file

@ -90,8 +90,6 @@ public final class RequestHandlerTest {
@Action(
path = "/safe-sloth",
method = {GET, POST},
xsrfProtection = true,
xsrfScope = "vampire",
auth = @Auth(minimumLevel = AuthLevel.NONE)
)
public static class SafeSlothTask implements Runnable {
@ -262,8 +260,7 @@ public final class RequestHandlerTest {
}
}),
userService,
requestAuthenticator,
xsrfTokenManager);
requestAuthenticator);
when(rsp.getWriter()).thenReturn(new PrintWriter(httpOutput));
}
@ -283,7 +280,10 @@ public final class RequestHandlerTest {
@Test
public void testHandleRequest_multipleMethodMappings_works() throws Exception {
userService.setUser(testUser, false);
when(req.getMethod()).thenReturn("POST");
when(req.getHeader("X-CSRF-Token"))
.thenReturn(xsrfTokenManager.generateToken(testUser.getEmail()));
when(req.getRequestURI()).thenReturn("/bumblebee");
handler.handleRequest(req, rsp);
verify(bumblebeeTask).run();
@ -299,7 +299,10 @@ public final class RequestHandlerTest {
@Test
public void testHandleRequest_taskHasAutoPrintOk_printsOk() throws Exception {
userService.setUser(testUser, false);
when(req.getMethod()).thenReturn("POST");
when(req.getHeader("X-CSRF-Token"))
.thenReturn(xsrfTokenManager.generateToken(testUser.getEmail()));
when(req.getRequestURI()).thenReturn("/sloth");
handler.handleRequest(req, rsp);
verify(slothTask).run();
@ -378,14 +381,6 @@ public final class RequestHandlerTest {
tester.testAllPublicInstanceMethods(handler);
}
@Test
public void testXsrfProtection_noTokenProvided_returns403Forbidden() throws Exception {
when(req.getMethod()).thenReturn("POST");
when(req.getRequestURI()).thenReturn("/safe-sloth");
handler.handleRequest(req, rsp);
verify(rsp).sendError(403, "Invalid X-CSRF-Token");
}
@Test
public void testXsrfProtection_validTokenProvided_runsAction() throws Exception {
userService.setUser(testUser, false);
@ -397,17 +392,6 @@ public final class RequestHandlerTest {
verify(safeSlothTask).run();
}
@Test
public void testXsrfProtection_tokenWithInvalidUserProvided_returns403() throws Exception {
userService.setUser(testUser, false);
when(req.getMethod()).thenReturn("POST");
when(req.getHeader("X-CSRF-Token"))
.thenReturn(xsrfTokenManager.generateToken("wrong@example.com"));
when(req.getRequestURI()).thenReturn("/safe-sloth");
handler.handleRequest(req, rsp);
verify(rsp).sendError(403, "Invalid X-CSRF-Token");
}
@Test
public void testXsrfProtection_GETMethodWithoutToken_doesntCheckToken() throws Exception {
when(req.getMethod()).thenReturn("GET");