Summary Table
Categories |
Total Count |
PII |
0 |
URL |
0 |
DNS |
0 |
EKL |
0 |
IP |
0 |
PORT |
0 |
VsID |
0 |
CF |
0 |
AI |
0 |
VPD |
0 |
PL |
0 |
Other |
0 |
File Content
package gov.va.oneconsult.seoc.api.filter;
import static org.assertj.core.api.Assertions.assertThat;
import java.io.IOException;
import javax.servlet.ServletException;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import gov.va.oneconsult.seoc.api.util.Constants;
@RunWith(MockitoJUnitRunner.class)
public class ApiAuthenticationFilterTest
{
@InjectMocks
private ApiAuthenticationFilter apiAuthenticationFilter = new ApiAuthenticationFilter("666666");
@Test
public void testClientKeyGivenForInternalEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("GET");
request.setRequestURI("/v1/seoc/all");
request.addHeader("Client-Key", "666666");
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
}
@Test
public void testClientKeyNotGivenForInternalEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("GET");
request.setRequestURI("/v1/seoc/all");
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST.value());
assertThat(response.getErrorMessage()).isEqualTo("Client-Key header is missing in the request");
}
@Test
public void testClientKeyInvalidForInternalEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("GET");
request.setRequestURI("/v1/seoc/all");
request.addHeader("Client-Key", "555555");
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.FORBIDDEN.value());
assertThat(response.getErrorMessage()).isEqualTo("Access denied. Invalid Client-Key");
}
@Test
public void testClientKeyNotGivenForPublishedSEOCsEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("POST");
request.setRequestURI("/v1/seoc");
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST.value());
assertThat(response.getErrorMessage()).isEqualTo("Client-Key header is missing in the request");
}
@Test
public void testClientKeyNotGivenForOPTIONSRequestToInternalEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("OPTIONS");
request.setRequestURI("/v1/seoc/all");
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
}
@Test
public void testClientKeyInvalidForOPTIONSRequestToInternalEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("OPTIONS");
request.setRequestURI("/v1/seoc/all");
request.addHeader("Client-Key", "555555");
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
}
@Test
public void testClientKeyGivenForOPTIONSRequestToInternalEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("OPTIONS");
request.setRequestURI("/v1/seoc/all");
request.addHeader("Client-Key", "666666");
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
}
@Test
public void testClientKeyGivenForExternalEndpoints() throws ServletException, IOException
{
Constants.externalUrls.forEach((externalUrl) -> {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("GET");
request.setRequestURI(externalUrl);
request.addHeader("Client-Key", "666666");
try {
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}
@Test
public void testClientKeyInvalidForExternalEndpoints() throws ServletException, IOException
{
Constants.externalUrls.forEach((externalUrl) -> {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("GET");
request.setRequestURI(externalUrl);
request.addHeader("Client-Key", "555555");
try {
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}
@Test
public void testClientKeyNotGivenForExternalEndpoints() throws ServletException, IOException
{
Constants.externalUrls.forEach((externalUrl) -> {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("GET");
request.setRequestURI(externalUrl);
try {
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}
@Test
public void testClientKeyGivenForSwaggerEndpoints() throws ServletException, IOException
{
Constants.swaggerUrls.forEach((externalUrl) -> {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("GET");
request.setRequestURI(externalUrl + "/seoc.json");
request.addHeader("Client-Key", "666666");
try {
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}
@Test
public void testClientKeyInvalidForSwaggerEndpoints() throws ServletException, IOException
{
Constants.swaggerUrls.forEach((externalUrl) -> {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("GET");
request.setRequestURI(externalUrl + "/seoc.json");
request.addHeader("Client-Key", "555555");
try {
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}
@Test
public void testClientKeyNotGivenForSwaggerEndpoints() throws ServletException, IOException
{
Constants.swaggerUrls.forEach((externalUrl) -> {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
request.setMethod("GET");
request.setRequestURI(externalUrl + "/seoc.json");
try {
apiAuthenticationFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}
}