From 47a285e60b0780c7d81e4e1b77736f69e0aaf761 Mon Sep 17 00:00:00 2001 From: Alexander Alexeev Date: Mon, 28 Nov 2016 02:28:06 +0700 Subject: tests are improved: simple cors, preflight cors are added --- .../java/com/juick/api/tests/MessagesTests.java | 123 ++++++++++++++++----- 1 file changed, 96 insertions(+), 27 deletions(-) (limited to 'juick-api/src/test/java') diff --git a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java index 0b16ae7f..7f238b79 100644 --- a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java +++ b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java @@ -6,7 +6,6 @@ import com.juick.User; import com.juick.api.configuration.ApiAppConfiguration; import com.juick.api.configuration.ApiMvcConfiguration; import com.juick.api.configuration.ApiSecurityConfig; -import com.juick.api.configuration.JuickHashFilter; import com.juick.configuration.DataConfiguration; import com.juick.service.MessagesService; import com.juick.service.UserService; @@ -36,6 +35,7 @@ import static org.hamcrest.Matchers.is; import static org.mockito.Mockito.when; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; /** @@ -70,6 +70,28 @@ public class MessagesTests { @Inject private UserService userService; + private static Message getMessage(final User user, final String messageText) { + Message msg = new Message(); + + msg.setMid(1); + msg.setUser(user); + msg.setText(messageText == null ? RandomStringUtils.randomAlphanumeric(24) : messageText); + msg.setTags(Collections.singletonList(new Tag(RandomStringUtils.randomAlphabetic(4)))); + + return msg; + } + + private static User getUser(final int uid, final String name, final String password) { + User user = new User(); + + user.setName(name); + user.setUid(uid); + user.setCredentials(password); + user.setBanned(false); + + return user; + } + @Before public void setUp() { mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) @@ -79,25 +101,34 @@ public class MessagesTests { } @Test - public void messageTests() throws Exception { - String ugnichName = "ugnich"; - String uginchPassword = "MyPassw0rd!"; - String msgText = "Привет, я - Угнич"; + public void testAllUnAuthorized() throws Exception { + mockMvc.perform(get("/")) + .andExpect(status().is4xxClientError()); - User user = new User(); - user.setName(ugnichName); - user.setUid(1); - user.setCredentials(uginchPassword); - user.setBanned(false); + mockMvc.perform(get("/home")) + .andExpect(status().is4xxClientError()); - Message msg = new Message(); - msg.setMid(1); - msg.setUser(user); - msg.setText(msgText); - msg.setTags(Collections.singletonList(new Tag("yo"))); + mockMvc.perform(get("/messages")) + .andExpect(status().is4xxClientError()); - mockMvc.perform(get("/home")) + mockMvc.perform(get("/thread")) + .andExpect(status().is4xxClientError()); + + mockMvc.perform(get("/messages/recommended")) + .andExpect(status().is4xxClientError()); + + mockMvc.perform(get("/messages/set_privacy")) .andExpect(status().is4xxClientError()); + } + + @Test + public void homeTestWithMessages() throws Exception { + String ugnichName = "ugnich"; + String uginchPassword = "MyPassw0rd!"; + String msgText = "Привет, я - Угнич"; + + User user = getUser(1, ugnichName, uginchPassword); + Message msg = getMessage(user, msgText); when(userService.getUserByName(ugnichName)) .thenReturn(user); @@ -108,21 +139,59 @@ public class MessagesTests { when(messagesService.getMessages(Collections.singletonList(1))) .thenReturn(Collections.singletonList(msg)); - mockMvc.perform(get("/home").with(httpBasic(ugnichName, uginchPassword))) + mockMvc.perform( + get("/home") + .with(httpBasic(ugnichName, uginchPassword))) .andExpect(status().isOk()) - .andExpect(header().string("Access-Control-Allow-Origin", "*")) - .andExpect(header().string("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE")) - .andExpect(header().string("Access-Control-Allow-Headers", "*")) .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8)) .andExpect(jsonPath("$", hasSize(1))) .andExpect(jsonPath("$[0].mid", is(1))) .andExpect(jsonPath("$[0].body", is(msgText))); - String hash = RandomStringUtils.random(16); - when(userService.getHashByUID(1)).thenReturn(hash); - when(userService.getUserByHash(hash)).thenReturn(user); - when(userService.getUIDbyHash(hash)).thenReturn(1); - mockMvc.perform(get("/home") - .param("hash", hash)) - .andExpect(status().isOk()); + } + + @Test + public void homeTestWithSimpleCors() throws Exception { + String ugnichName = "ugnich"; + String uginchPassword = "MyPassw0rd!"; + + User user = getUser(1, ugnichName, uginchPassword); + Message msg = getMessage(user, null); + + when(userService.getFullyUserByName(ugnichName)) + .thenReturn(user); + when(userService.getUserByName(ugnichName)) + .thenReturn(user); + when(messagesService.getMyFeed(1, 0)) + .thenReturn(Collections.singletonList(1)); + when(messagesService.getMessages(Collections.singletonList(1))) + .thenReturn(Collections.singletonList(msg)); + + mockMvc.perform( + get("/home") + .with(httpBasic(ugnichName, uginchPassword)) + .header("Origin", "http://api.example.net")) + .andExpect(status().isOk()) + .andExpect(header().string("Access-Control-Allow-Origin", "*")); + } + + @Test + public void homeTestWithPreflightCors() throws Exception { + String ugnichName = "ugnich"; + String uginchPassword = "MyPassw0rd!"; + + User user = getUser(1, ugnichName, uginchPassword); + when(userService.getFullyUserByName(ugnichName)) + .thenReturn(user); + + mockMvc.perform( + options("/home") + .with(httpBasic(ugnichName, uginchPassword)) + .header("Origin", "http://api.example.net") + .header("Access-Control-Request-Method", "POST") + .header("Access-Control-Request-Headers", "X-PINGOTHER, Content-Type")) + .andExpect(status().isOk()) + .andExpect(header().string("Access-Control-Allow-Origin", "*")) + .andExpect(header().string("Access-Control-Allow-Methods", "POST,GET,PUT,OPTIONS,DELETE")) + .andExpect(header().string("Access-Control-Allow-Headers", "X-PINGOTHER, Content-Type")); } } -- cgit v1.2.3