aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src/test/java/com/juick/www/WebAppTests.java
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2017-12-14 16:09:27 +0300
committerGravatar Vitaly Takmazov2017-12-14 16:09:46 +0300
commitf84c1e7eac95ee3187885ddea80a4ff2085c0689 (patch)
tree3ce5ebba3980a8fffe155b5f53fc589ddd0721cf /juick-www/src/test/java/com/juick/www/WebAppTests.java
parent6593a618e9ba4cbdbe86fcaefab2492917c2276f (diff)
spring-security: remember-me token was not generated properly in hash filter
Diffstat (limited to 'juick-www/src/test/java/com/juick/www/WebAppTests.java')
-rw-r--r--juick-www/src/test/java/com/juick/www/WebAppTests.java14
1 files changed, 14 insertions, 0 deletions
diff --git a/juick-www/src/test/java/com/juick/www/WebAppTests.java b/juick-www/src/test/java/com/juick/www/WebAppTests.java
index aacfe8ce..32bad137 100644
--- a/juick-www/src/test/java/com/juick/www/WebAppTests.java
+++ b/juick-www/src/test/java/com/juick/www/WebAppTests.java
@@ -61,6 +61,7 @@ import org.springframework.util.FileSystemUtils;
import org.springframework.web.context.WebApplicationContext;
import javax.inject.Inject;
+import javax.servlet.http.Cookie;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.StringWriter;
@@ -75,6 +76,7 @@ import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.startsWith;
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.multipart;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
@@ -277,4 +279,16 @@ public class WebAppTests {
.param("mid", String.valueOf(mid))
.param("body", "yo")).andExpect(redirectedUrl(String.format("/%s/%d#%d", ugnichName, mid, 3)));
}
+ @Test
+ public void hashLoginShouldNotUseSession() throws Exception {
+ String hash = userService.getHashByUID(ugnich.getUid());
+ MvcResult hashLoginResult = mockMvc.perform(get("/?show=my&hash=" + hash)).andExpect(status().isOk()).andReturn();
+ Cookie rememberMeFromHash = hashLoginResult.getResponse().getCookie("juick-remember-me");
+ MvcResult formLoginResult = mockMvc.perform(post("/login")
+ .param("username", ugnichName)
+ .param("password", ugnichPassword)).andReturn();
+ Cookie rememberMeFromForm = formLoginResult.getResponse().getCookie("juick-remember-me");
+ mockMvc.perform(get("/?show=my").cookie(rememberMeFromForm)).andExpect(status().isOk());
+ mockMvc.perform(get("/?show=my").cookie(rememberMeFromHash)).andExpect(status().isOk());
+ }
}