You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by cz...@apache.org on 2021/04/20 07:59:56 UTC

[sling-org-apache-sling-auth-core] branch master updated: SLING-10319 : Use the equals method if value comparison was intended. Add another test case for cookies

This is an automated email from the ASF dual-hosted git repository.

cziegeler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-core.git


The following commit(s) were added to refs/heads/master by this push:
     new 95936fe  SLING-10319 : Use the equals method if value comparison was intended. Add another test case for cookies
95936fe is described below

commit 95936fefa97f3928ed42e368a458a9fab3a4057c
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Tue Apr 20 09:59:45 2021 +0200

    SLING-10319 : Use the equals method if value comparison was intended. Add another test case for cookies
---
 .../core/impl/AuthenticatorWebConsolePlugin.java   |  4 ++--
 .../apache/sling/auth/core/impl/LoginServlet.java  |  2 +-
 .../apache/sling/auth/core/impl/LogoutServlet.java |  2 +-
 .../auth/core/impl/SlingAuthenticatorTest.java     | 24 ++++++++++++++++++++++
 4 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java b/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
index b01a85f..a47f443 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
@@ -54,10 +54,10 @@ public class AuthenticatorWebConsolePlugin extends HttpServlet {
     public static final String TITLE = "Authenticator";
 
     @Reference(service = AuthenticationRequirementsManager.class)
-    private PathBasedHolderCache<AuthenticationRequirementHolder> authenticationRequirementsManager;
+    private PathBasedHolderCache<AuthenticationRequirementHolder> authenticationRequirementsManager; // NOSONAR
     
     @Reference
-    private AuthenticationHandlersManager authenticationHoldersManager;
+    private AuthenticationHandlersManager authenticationHoldersManager; // NOSONAR
 
     private final SlingAuthenticator.Config config;
 
diff --git a/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java b/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java
index bbf7409..2e17d5c 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java
@@ -58,7 +58,7 @@ public class LoginServlet extends SlingAllMethodsServlet {
     private final Logger log = LoggerFactory.getLogger(getClass());
 
     @Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL)
-    private volatile Authenticator authenticator;
+    private volatile Authenticator authenticator; // NOSONAR
 
     /**
      * The servlet is registered on this path, and the authenticator allows any
diff --git a/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java b/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java
index a2de3fe..de5a740 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java
@@ -66,7 +66,7 @@ public class LogoutServlet extends SlingAllMethodsServlet {
     private final Logger log = LoggerFactory.getLogger(getClass());
 
     @Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL)
-    private volatile Authenticator authenticator;
+    private volatile Authenticator authenticator; // NOSONAR
 
     /**
      * The servlet is registered on this path.
diff --git a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
index 52ae29c..55423e0 100644
--- a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
+++ b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
@@ -434,6 +434,30 @@ public class SlingAuthenticatorTest {
         assertEquals("\"\"", argument.getValue().getValue());
     }
 
+    @Test public void testSudoCookieFlags() {
+        final SlingAuthenticator slingAuthenticator = this.createSlingAuthenticator();
+        final AuthenticationInfo info = new AuthenticationInfo("basic");
+        info.put(ResourceResolverFactory.USER_IMPERSONATION, "newsudo");
+        
+        final SlingHttpServletRequest req = Mockito.mock(SlingHttpServletRequest.class);
+        Mockito.when(req.isSecure()).thenReturn(true);
+        SlingHttpServletResponse res = Mockito.mock(SlingHttpServletResponse.class);
+
+        assertTrue(slingAuthenticator.setSudoCookie(req, res, info));
+        ArgumentCaptor<Cookie> argument1 = ArgumentCaptor.forClass(Cookie.class);
+        Mockito.verify(res).addCookie(argument1.capture());
+        assertTrue(argument1.getValue().isHttpOnly());
+        assertTrue(argument1.getValue().getSecure());
+
+        res = Mockito.mock(SlingHttpServletResponse.class);
+        Mockito.when(req.isSecure()).thenReturn(false);
+        assertTrue(slingAuthenticator.setSudoCookie(req, res, info));
+        ArgumentCaptor<Cookie> argument2 = ArgumentCaptor.forClass(Cookie.class);
+        Mockito.verify(res).addCookie(argument2.capture());
+        assertTrue(argument2.getValue().isHttpOnly());
+        assertFalse(argument2.getValue().getSecure());
+    }
+
     //---------------------------- PRIVATE METHODS -----------------------------
 
     /**