Skip to content

Commit

Permalink
Add Security response tests
Browse files Browse the repository at this point in the history
Signed-off-by: Stephen Crawford <[email protected]>
  • Loading branch information
stephen-crawford committed Nov 15, 2023
1 parent bf52697 commit 5fe7396
Show file tree
Hide file tree
Showing 2 changed files with 118 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,10 @@ public void addHeader(String name, String value) {
List<String> header = headers.get(name);
if (header == null) {
header = new ArrayList<>();
System.out.println("Adding attribute header of " + value);
headers.put(name, header);
}
System.out.println("Adding header of " + value);
header.add(value);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,11 @@

package org.opensearch.security.filter;

import java.util.List;
import java.util.Map;
import org.apache.hc.core5.http.HttpHeaders;
import org.apache.http.HttpStatus;
import org.apache.http.protocol.HTTP;
import org.junit.Test;

import org.opensearch.common.xcontent.XContentType;
Expand All @@ -23,12 +27,124 @@

public class SecurityResponseTests {


/**
* This test should check whether a basic constructor with the JSON content type is successfully converted to RestResponse
*/
@Test
public void testSecurityResponseHasSingleContentType() {
final SecurityResponse response = new SecurityResponse(HttpStatus.SC_OK, null, "foo bar", XContentType.JSON.mediaType());
final RestResponse restResponse = response.asRestResponse();
assertThat(restResponse.status(), equalTo(RestStatus.OK));
assertThat(restResponse.contentType(), equalTo(XContentType.JSON.mediaType()));
}

/**
* This test should check whether adding a new HTTP Header for the content type takes the argument or the added header (should take arg.)
*/
@Test
public void testSecurityResponseMultipleContentTypesUsesPassed() {
final SecurityResponse response = new SecurityResponse(HttpStatus.SC_OK, null, "foo bar", XContentType.JSON.mediaType());
response.addHeader(HttpHeaders.CONTENT_TYPE, "plain/text");
assertThat(response.getHeaders().get("Content-Type"), equalTo(List.of("plain/text")));
final RestResponse restResponse = response.asRestResponse();
assertThat(restResponse.contentType(), equalTo(XContentType.JSON.mediaType()));
assertThat(restResponse.status(), equalTo(RestStatus.OK));
}

/**
* This test should check whether specifying no content type correctly uses JSON
*/
@Test
public void testSecurityResponseDefaultContentTypeIsJson() {
final SecurityResponse response = new SecurityResponse(HttpStatus.SC_OK, null, "foo bar");
final RestResponse restResponse = response.asRestResponse();
assertThat(restResponse.contentType(), equalTo(XContentType.JSON.mediaType()));
assertThat(restResponse.status(), equalTo(RestStatus.OK)); // This fails because it is a text/plain but we should pick one default type and stick to it IMO
}

/**
* This test checks whether adding a new ContentType header actually changes the converted content type header (it should not)
*/
@Test
public void testSecurityResponseSetHeaderContentTypeDoesNothing() {
final SecurityResponse response = new SecurityResponse(HttpStatus.SC_OK, null, "foo bar");
response.addHeader(HttpHeaders.CONTENT_TYPE, XContentType.JSON.mediaType());
final RestResponse restResponse = response.asRestResponse();
assertThat(restResponse.contentType(), equalTo("text/plain; charset=UTF-8"));
assertThat(restResponse.status(), equalTo(RestStatus.OK));
}

/**
* This test should check whether adding a multiple new HTTP Headers for the content type takes the argument or the added header (should take arg.)
*/
@Test
public void testSecurityResponseAddMultipleContentTypeHeaders() {
final SecurityResponse response = new SecurityResponse(HttpStatus.SC_OK, null, "foo bar", XContentType.JSON.mediaType());
response.addHeader(HttpHeaders.CONTENT_TYPE, "plain/text");
assertThat(response.getHeaders().get("Content-Type"), equalTo(List.of("plain/text")));
response.addHeader(HttpHeaders.CONTENT_TYPE, "newContentType");
assertThat(response.getHeaders().get("Content-Type"), equalTo(List.of("plain/text", "newContentType")));
final RestResponse restResponse = response.asRestResponse();
assertThat(restResponse.status(), equalTo(RestStatus.OK));
}

/**
* This test confirms that fake content types work for conversion
*/
@Test
public void testSecurityResponseFakeContentTypeArgumentPasses() {
final SecurityResponse response = new SecurityResponse(HttpStatus.SC_OK, null, "foo bar", "testType");
final RestResponse restResponse = response.asRestResponse();
assertThat(restResponse.contentType(), equalTo("testType"));
assertThat(restResponse.status(), equalTo(RestStatus.OK));
}

/**
* This test checks that types passed as part of the Headers parameter in the argument do not overwrite actual Content Type
*/
@Test
public void testSecurityResponseContentTypeInConstructorHeader() {
final SecurityResponse response = new SecurityResponse(HttpStatus.SC_OK, Map.of("Content-Type", "testType"), "foo bar");
assertThat(response.getHeaders().get("Content-Type"), equalTo(List.of("testType")));
final RestResponse restResponse = response.asRestResponse();
assertThat(restResponse.contentType(), equalTo(XContentType.JSON.mediaType()));
assertThat(restResponse.status(), equalTo(RestStatus.OK));
}

/**
* This test confirms the same as above but with a conflicting content type arg
*/
@Test
public void testSecurityResponseContentTypeInConstructorHeaderConflicts() {
final SecurityResponse response = new SecurityResponse(HttpStatus.SC_OK, Map.of("Content-Type", "testType"), "foo bar", XContentType.JSON.mediaType());
assertThat(response.getHeaders().get("Content-Type"), equalTo(List.of("testType")));
final RestResponse restResponse = response.asRestResponse();
assertThat(restResponse.contentType(), equalTo(XContentType.JSON.mediaType()));
assertThat(restResponse.status(), equalTo(RestStatus.OK));
}

/**
* This test should check whether unauthorized requests are converted properly
*/
@Test
public void testSecurityResponseUnauthorizedRequestWithPlainTextContentType(){
final SecurityResponse response = new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, null, "foo bar");
response.addHeader(HttpHeaders.CONTENT_TYPE, "application/json");
final RestResponse restResponse = response.asRestResponse();
assertThat(restResponse.contentType(), equalTo("text/plain; charset=UTF-8"));
assertThat(restResponse.status(), equalTo(RestStatus.UNAUTHORIZED));
}

/**
* This test should check whether forbidden requests are converted properly
*/
@Test
public void testSecurityResponseForbiddenRequestWithPlainTextContentType(){
final SecurityResponse response = new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, "foo bar");
response.addHeader(HttpHeaders.CONTENT_TYPE, "application/json");
final RestResponse restResponse = response.asRestResponse();
assertThat(restResponse.contentType(), equalTo("text/plain; charset=UTF-8"));
assertThat(restResponse.status(), equalTo(RestStatus.FORBIDDEN));
}
}

0 comments on commit 5fe7396

Please sign in to comment.