Source Code of samplest.cors.CORSSamplestResourceTest

package samplest.cors;


import com.github.kevinsawicki.http.HttpRequest;
import org.junit.ClassRule;
import org.junit.Test;
import restx.tests.HttpTestClient;
import restx.tests.RestxServerRule;


import java.util.Random;


import static org.assertj.core.api.Assertions.assertThat;


/**
 * Date: 28/12/13
 * Time: 10:21
 */
public class CORSSamplestResourceTest {
    @ClassRule
    public static RestxServerRule server = new RestxServerRule();


    private final String randomOrigin = "http://localhost:" + Math.abs(new Random().nextInt());




    @Test
    public void should_handle_no_origin_request() throws Exception {
        assertHttpResponse(client().GET("/api/cors/1"), 200, "CORS1");
    }


    @Test
    public void should_handle_good_origin_on_get() throws Exception {
        HttpRequest httpRequest = client().GET("/api/cors/1").header("Origin", "http://localhost:9000");
        assertHttpResponse(httpRequest, 200, "CORS1");
        assertThat(httpRequest.header("Access-Control-Allow-Origin")).isEqualTo("http://localhost:9000");
    }


    @Test
    public void should_handle_good_origin_on_post() throws Exception {
        HttpRequest httpRequest = client().POST("/api/cors/1").header("Origin", "http://localhost:9000").send("{}");
        assertHttpResponse(httpRequest, 200, "CORS1");
        assertThat(httpRequest.header("Access-Control-Allow-Origin")).isEqualTo("http://localhost:9000");
    }


    @Test
    public void should_reject_invalid_origin_on_get() throws Exception {
        HttpRequest httpRequest = client().GET("/api/cors/1").header("Origin", "http://localhost:80");
        assertHttpResponse(httpRequest, 403, "");
    }


    @Test
    public void should_accept_same_origin_on_get() throws Exception {
        HttpRequest httpRequest = client().GET("/api/cors/1")
                .header("Origin", server.getServer().baseUrl());
        assertHttpResponse(httpRequest, 200, "CORS1");
    }


    @Test
    public void should_reject_invalid_origin_on_post() throws Exception {
        HttpRequest httpRequest = client().POST("/api/cors/1").header("Origin", "http://localhost:80").send("{}");
        assertHttpResponse(httpRequest, 403, "");
    }


    @Test
    public void should_reject_head_on_cors1() throws Exception {
        HttpRequest httpRequest = client().HEAD("/api/cors/1").header("Origin", "http://localhost:9000");
        assertHttpResponse(httpRequest, 403, "");
    }


    @Test
    public void should_handle_any_origin_on_get() throws Exception {
        HttpRequest httpRequest = client().GET("/api/cors/2").header("Origin", randomOrigin);
        assertHttpResponse(httpRequest, 200, "CORS2");
        assertThat(httpRequest.header("Access-Control-Allow-Origin")).isEqualTo(randomOrigin);
    }


    @Test
    public void should_handle_any_origin_on_post() throws Exception {
        HttpRequest httpRequest = client().POST("/api/cors/2").header("Origin", randomOrigin).send("{}");
        assertHttpResponse(httpRequest, 200, "CORS2");
        assertThat(httpRequest.header("Access-Control-Allow-Origin")).isEqualTo(randomOrigin);
    }


    @Test
    public void should_handle_any_origin_on_head() throws Exception {
        HttpRequest httpRequest = client().HEAD("/api/cors/2").header("Origin", randomOrigin);
        assertHttpResponse(httpRequest, 204, "");
        assertThat(httpRequest.header("Access-Control-Allow-Origin")).isEqualTo(randomOrigin);
    }


    @Test
    public void should_reject_preflight_request_for_put_when_not_configured() throws Exception {
        HttpRequest httpRequest = client().OPTIONS("/api/cors/2")
                .header("Origin", randomOrigin)
                .header("Access-Control-Request-Method", "PUT")
                ;
        assertHttpResponse(httpRequest, 403, "");
    }


    @Test
    public void should_handle_preflight_request_for_put() throws Exception {
        HttpRequest httpRequest = client().OPTIONS("/api/cors/3")
                .header("Origin", randomOrigin)
                .header("Access-Control-Request-Method", "PUT")
                ;
        assertHttpResponse(httpRequest, 200, "");
        assertThat(httpRequest.header("Access-Control-Allow-Origin")).isEqualTo(randomOrigin);
    }


    @Test
    public void should_reject_preflight_request_for_delete_when_not_configured() throws Exception {
        HttpRequest httpRequest = client().OPTIONS("/api/cors/3")
                .header("Origin", randomOrigin)
                .header("Access-Control-Request-Method", "DELETE")
                ;
        assertHttpResponse(httpRequest, 403, "");
    }


    protected HttpRequest assertHttpResponse(HttpRequest httpRequest, int expectedStatus, String expectedBody) {
        assertThat(httpRequest.code()).isEqualTo(expectedStatus);
        assertThat(httpRequest.body().trim()).isEqualTo(expectedBody);
        return httpRequest;
    }




    protected HttpTestClient client() {
        return server.client().authenticatedAs("admin");
    }
}
Source Code of samplest.cors.CORSSamplestResourceTest

Related Classes of samplest.cors.CORSSamplestResourceTest
