Package javaguide.forms

Source Code of javaguide.forms.JavaCsrf$Controller2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/*
* Copyright (C) 2009-2013 Typesafe Inc. <http://www.typesafe.com>
*/
package javaguide.forms;

import com.google.common.collect.ImmutableMap;
import javaguide.forms.csrf.Global;
import org.junit.Test;

import static org.hamcrest.CoreMatchers.*;
import static org.junit.Assert.*;

import play.filters.csrf.AddCSRFToken;
import play.filters.csrf.CSRFFilter;
import play.filters.csrf.RequireCSRFCheck;
import play.libs.Crypto;
import play.mvc.Result;
import play.test.WithApplication;
import play.test.FakeApplication;

import static play.test.Helpers.*;

import javaguide.testhelpers.MockJavaAction;
import javaguide.testhelpers.MockJavaActionHelper;
import javaguide.forms.html.form;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class JavaCsrf extends WithApplication {
    @Override
    public FakeApplication provideFakeApplication() {
        return fakeApplication(ImmutableMap.of("application.secret", "foobar"));
    }

    public Crypto crypto() {
      return app.getWrappedApplication().injector().instanceOf(Crypto.class);
    }

    @Test
    public void global() {
        assertThat(new Global().filters()[0], equalTo((Class) CSRFFilter.class));
    }

    @Test
    public void templates() {
        String token = crypto().generateSignedToken();
        String body = contentAsString(MockJavaActionHelper.call(new MockJavaAction() {
            public Result index() {
                return ok(javaguide.forms.html.csrf.render());
            }
        }, fakeRequest("GET", "/").withSession("csrfToken", token)));

        Matcher matcher = Pattern.compile("action=\"/items\\?csrfToken=[a-f0-9]+-\\d+-([a-f0-9]+)\"")
                .matcher(body);
        assertTrue(matcher.find());
        assertThat(matcher.group(1), equalTo(crypto().extractSignedToken(token)));

        matcher = Pattern.compile("value=\"[a-f0-9]+-\\d+-([a-f0-9]+)\"")
                .matcher(body);
        assertTrue(matcher.find());
        assertThat(matcher.group(1), equalTo(crypto().extractSignedToken(token)));
    }

    @Test
    public void csrfCheck() {
        assertThat(status(MockJavaActionHelper.call(new Controller1(), fakeRequest("POST", "/")
                .withHeader(CONTENT_TYPE, "application/x-www-form-urlencoded"))), equalTo(FORBIDDEN));
    }

    public static class Controller1 extends MockJavaAction {
        //#csrf-check
        @RequireCSRFCheck
        public Result save() {
            // Handle body
            return ok();
        }
        //#csrf-check
    }

    @Test
    public void csrfAddToken() {
        assertThat(crypto().extractSignedToken(contentAsString(
                MockJavaActionHelper.call(new Controller2(), fakeRequest("GET", "/"))
        )), notNullValue());
    }

    public static class Controller2 extends MockJavaAction {
        //#csrf-add-token
        @AddCSRFToken
        public Result get() {
            return ok(form.render());
        }
        //#csrf-add-token
    }

}
TOP

Related Classes of javaguide.forms.JavaCsrf$Controller2

  • javaguide.forms.csrf.Global
  • javaguide.forms.u1.User
  • javaguide.testhelpers.MockJavaAction
  • play.libs.Comet
  • java.util.regex.Matcher
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.