View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.wa.starter;
20  
21  import static org.junit.jupiter.api.Assertions.assertEquals;
22  import static org.junit.jupiter.api.Assertions.assertNotEquals;
23  import static org.junit.jupiter.api.Assertions.assertNotNull;
24  import static org.junit.jupiter.api.Assertions.assertTrue;
25  
26  import java.io.IOException;
27  import java.util.ArrayList;
28  import java.util.List;
29  import java.util.stream.Stream;
30  import javax.ws.rs.core.HttpHeaders;
31  import org.apache.http.Consts;
32  import org.apache.http.Header;
33  import org.apache.http.HttpStatus;
34  import org.apache.http.NameValuePair;
35  import org.apache.http.client.entity.UrlEncodedFormEntity;
36  import org.apache.http.client.methods.CloseableHttpResponse;
37  import org.apache.http.client.methods.HttpGet;
38  import org.apache.http.client.methods.HttpPost;
39  import org.apache.http.client.protocol.HttpClientContext;
40  import org.apache.http.impl.client.BasicCookieStore;
41  import org.apache.http.impl.client.CloseableHttpClient;
42  import org.apache.http.impl.client.HttpClients;
43  import org.apache.http.message.BasicHeader;
44  import org.apache.http.message.BasicNameValuePair;
45  import org.apache.http.util.EntityUtils;
46  import org.junit.jupiter.api.Test;
47  
48  public class BasicTest extends AbstractTest {
49  
50      private String getLoginURL() {
51          return "http://localhost:" + port + "/syncope-wa/login";
52      }
53  
54      @Test
55      public void loginLogout() throws IOException {
56          CloseableHttpClient httpclient = HttpClients.createDefault();
57          HttpClientContext context = HttpClientContext.create();
58          context.setCookieStore(new BasicCookieStore());
59  
60          // 1. first GET to fetch execution
61          HttpGet get = new HttpGet(getLoginURL());
62          get.addHeader(new BasicHeader(HttpHeaders.ACCEPT_LANGUAGE, "en-US,en;q=0.5"));
63          CloseableHttpResponse response = httpclient.execute(get, context);
64          assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
65  
66          String responseBody = EntityUtils.toString(response.getEntity());
67          int begin = responseBody.indexOf("name=\"execution\" value=\"");
68          assertNotEquals(-1, begin);
69          int end = responseBody.indexOf("\"/><input type=\"hidden\" name=\"_eventId\"");
70          assertNotEquals(-1, end);
71  
72          String execution = responseBody.substring(begin + 24, end);
73          assertNotNull(execution);
74  
75          // 2. then POST to authenticate
76          List<NameValuePair> form = new ArrayList<>();
77          form.add(new BasicNameValuePair("_eventId", "submit"));
78          form.add(new BasicNameValuePair("execution", execution));
79          form.add(new BasicNameValuePair("username", "mrossi"));
80          form.add(new BasicNameValuePair("password", "password"));
81          form.add(new BasicNameValuePair("geolocation", ""));
82  
83          HttpPost post = new HttpPost(getLoginURL());
84          post.addHeader(new BasicHeader(HttpHeaders.ACCEPT_LANGUAGE, "en-US,en;q=0.5"));
85          post.setEntity(new UrlEncodedFormEntity(form, Consts.UTF_8));
86          response = httpclient.execute(post, context);
87  
88          // 3. check authentication results
89          assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
90  
91          Header[] cookie = response.getHeaders(HttpHeaders.SET_COOKIE);
92          assertNotNull(cookie);
93          assertTrue(cookie.length > 0);
94          assertEquals(1, Stream.of(cookie).filter(item -> item.getValue().startsWith("TGC")).count());
95  
96          String body = EntityUtils.toString(response.getEntity());
97          assertTrue(body.contains("Log In Successful"));
98          assertTrue(body.contains("have successfully logged into the Central Authentication Service"));
99  
100         // 4. logout
101         HttpGet logout = new HttpGet(getLoginURL().replace("login", "logout"));
102         logout.addHeader(new BasicHeader(HttpHeaders.ACCEPT_LANGUAGE, "en-US,en;q=0.5"));
103         response = httpclient.execute(logout, context);
104         assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
105 
106         body = EntityUtils.toString(response.getEntity());
107         assertTrue(body.contains("Logout successful"));
108         assertTrue(body.contains("have successfully logged out of the Central Authentication Service"));
109     }
110 
111     @Test
112     public void loginError() throws IOException {
113         CloseableHttpClient httpclient = HttpClients.createDefault();
114         HttpClientContext context = HttpClientContext.create();
115         context.setCookieStore(new BasicCookieStore());
116 
117         // 1. first GET to fetch execution
118         HttpGet get = new HttpGet(getLoginURL());
119         get.addHeader(new BasicHeader(HttpHeaders.ACCEPT_LANGUAGE, "en-US,en;q=0.5"));
120         CloseableHttpResponse response = httpclient.execute(get, context);
121         assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
122 
123         String responseBody = EntityUtils.toString(response.getEntity());
124         int begin = responseBody.indexOf("name=\"execution\" value=\"");
125         assertNotEquals(-1, begin);
126         int end = responseBody.indexOf("\"/><input type=\"hidden\" name=\"_eventId\"");
127         assertNotEquals(-1, end);
128 
129         String execution = responseBody.substring(begin + 24, end);
130         assertNotNull(execution);
131 
132         // 2. then POST to authenticate
133         List<NameValuePair> form = new ArrayList<>();
134         form.add(new BasicNameValuePair("_eventId", "submit"));
135         form.add(new BasicNameValuePair("execution", execution));
136         form.add(new BasicNameValuePair("username", "mrossi"));
137         form.add(new BasicNameValuePair("password", "WRONG"));
138         form.add(new BasicNameValuePair("geolocation", ""));
139 
140         HttpPost post = new HttpPost(getLoginURL());
141         post.addHeader(new BasicHeader(HttpHeaders.ACCEPT_LANGUAGE, "en-US,en;q=0.5"));
142         post.setEntity(new UrlEncodedFormEntity(form, Consts.UTF_8));
143         response = httpclient.execute(post, context);
144 
145         // 3. check authentication results
146         assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getStatusLine().getStatusCode());
147     }
148 }