Summary Table

Categories Total Count
PII 0
URL 0
DNS 0
EKL 0
IP 0
PORT 0
VsID 0
CF 0
AI 0
VPD 0
PL 0
Other 0

File Content

package gov.va.oneconsult.seoc.api.filter;

import static org.assertj.core.api.Assertions.assertThat;

import java.io.IOException;

import javax.servlet.ServletException;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

import gov.va.oneconsult.seoc.api.util.Constants;

@RunWith(MockitoJUnitRunner.class)
public class ApiAuthenticationFilterTest
{
@InjectMocks
private ApiAuthenticationFilter apiAuthenticationFilter = new ApiAuthenticationFilter("666666");

@Test
public void testClientKeyGivenForInternalEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("GET");
request.setRequestURI("/v1/seoc/all");
request.addHeader("Client-Key", "666666");

apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
}

@Test
public void testClientKeyNotGivenForInternalEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("GET");
request.setRequestURI("/v1/seoc/all");

apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST.value());
assertThat(response.getErrorMessage()).isEqualTo("Client-Key header is missing in the request");
}

@Test
public void testClientKeyInvalidForInternalEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("GET");
request.setRequestURI("/v1/seoc/all");
request.addHeader("Client-Key", "555555");

apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.FORBIDDEN.value());
assertThat(response.getErrorMessage()).isEqualTo("Access denied. Invalid Client-Key");
}

@Test
public void testClientKeyNotGivenForPublishedSEOCsEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("POST");
request.setRequestURI("/v1/seoc");

apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST.value());
assertThat(response.getErrorMessage()).isEqualTo("Client-Key header is missing in the request");
}

@Test
public void testClientKeyNotGivenForOPTIONSRequestToInternalEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("OPTIONS");
request.setRequestURI("/v1/seoc/all");

apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
}

@Test
public void testClientKeyInvalidForOPTIONSRequestToInternalEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("OPTIONS");
request.setRequestURI("/v1/seoc/all");
request.addHeader("Client-Key", "555555");

apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
}

@Test
public void testClientKeyGivenForOPTIONSRequestToInternalEndpoint() throws ServletException, IOException
{
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("OPTIONS");
request.setRequestURI("/v1/seoc/all");
request.addHeader("Client-Key", "666666");

apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
}

@Test
public void testClientKeyGivenForExternalEndpoints() throws ServletException, IOException
{
Constants.externalUrls.forEach((externalUrl) -> {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("GET");
request.setRequestURI(externalUrl);
request.addHeader("Client-Key", "666666");

try {
apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}

@Test
public void testClientKeyInvalidForExternalEndpoints() throws ServletException, IOException
{
Constants.externalUrls.forEach((externalUrl) -> {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("GET");
request.setRequestURI(externalUrl);
request.addHeader("Client-Key", "555555");

try {
apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}

@Test
public void testClientKeyNotGivenForExternalEndpoints() throws ServletException, IOException
{
Constants.externalUrls.forEach((externalUrl) -> {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("GET");
request.setRequestURI(externalUrl);

try {
apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}

@Test
public void testClientKeyGivenForSwaggerEndpoints() throws ServletException, IOException
{
Constants.swaggerUrls.forEach((externalUrl) -> {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("GET");
request.setRequestURI(externalUrl + "/seoc.json");
request.addHeader("Client-Key", "666666");

try {
apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}

@Test
public void testClientKeyInvalidForSwaggerEndpoints() throws ServletException, IOException
{
Constants.swaggerUrls.forEach((externalUrl) -> {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("GET");
request.setRequestURI(externalUrl + "/seoc.json");
request.addHeader("Client-Key", "555555");

try {
apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}

@Test
public void testClientKeyNotGivenForSwaggerEndpoints() throws ServletException, IOException
{
Constants.swaggerUrls.forEach((externalUrl) -> {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();

request.setMethod("GET");
request.setRequestURI(externalUrl + "/seoc.json");

try {
apiAuthenticationFilter.doFilter(request, response, filterChain);

assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}
}