You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by rc...@apache.org on 2020/02/25 03:48:48 UTC

[james-project] 03/04: JAMES-3071 String comparison is supposed to use equals method

This is an automated email from the ASF dual-hosted git repository.

rcordier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit 2e6741f4420400f6b11ef6cd4535d592a8804654
Author: Matthieu Baechler <ma...@apache.org>
AuthorDate: Fri Feb 21 17:21:03 2020 +0100

    JAMES-3071 String comparison is supposed to use equals method
---
 .../james/webadmin/authentication/JwtFilter.java      |  2 +-
 .../james/webadmin/authentication/JwtFilterTest.java  | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/server/protocols/webadmin/webadmin-core/src/main/java/org/apache/james/webadmin/authentication/JwtFilter.java b/server/protocols/webadmin/webadmin-core/src/main/java/org/apache/james/webadmin/authentication/JwtFilter.java
index d72b532..28d8cd6 100644
--- a/server/protocols/webadmin/webadmin-core/src/main/java/org/apache/james/webadmin/authentication/JwtFilter.java
+++ b/server/protocols/webadmin/webadmin-core/src/main/java/org/apache/james/webadmin/authentication/JwtFilter.java
@@ -45,7 +45,7 @@ public class JwtFilter implements AuthenticationFilter {
 
     @Override
     public void handle(Request request, Response response) throws Exception {
-        if (request.requestMethod() != OPTIONS) {
+        if (!request.requestMethod().equals(OPTIONS)) {
             Optional<String> bearer = Optional.ofNullable(request.headers(AUTHORIZATION_HEADER_NAME))
                 .filter(value -> value.startsWith(AUTHORIZATION_HEADER_PREFIX))
                 .map(value -> value.substring(AUTHORIZATION_HEADER_PREFIX.length()));
diff --git a/server/protocols/webadmin/webadmin-core/src/test/java/org/apache/james/webadmin/authentication/JwtFilterTest.java b/server/protocols/webadmin/webadmin-core/src/test/java/org/apache/james/webadmin/authentication/JwtFilterTest.java
index 0c4b3df..1b2e659 100644
--- a/server/protocols/webadmin/webadmin-core/src/test/java/org/apache/james/webadmin/authentication/JwtFilterTest.java
+++ b/server/protocols/webadmin/webadmin-core/src/test/java/org/apache/james/webadmin/authentication/JwtFilterTest.java
@@ -20,6 +20,7 @@
 package org.apache.james.webadmin.authentication;
 
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verifyZeroInteractions;
 import static org.mockito.Mockito.when;
 
 import org.apache.james.jwt.JwtTokenVerifier;
@@ -67,8 +68,22 @@ public class JwtFilterTest {
     }
 
     @Test
+    public void handleShouldDoNothingOnOptions() throws Exception {
+        Request request = mock(Request.class);
+        //Ensure we don't take OPTIONS string from the constant pool
+        when(request.requestMethod()).thenReturn(new String("OPTIONS"));
+        Response response = mock(Response.class);
+
+        jwtFilter.handle(request, response);
+
+        verifyZeroInteractions(response);
+    }
+
+
+    @Test
     public void handleShouldRejectRequestWithHeaders() throws Exception {
         Request request = mock(Request.class);
+        when(request.requestMethod()).thenReturn("GET");
         when(request.headers()).thenReturn(ImmutableSet.of());
 
         expectedException.expect(HaltException.class);
@@ -80,6 +95,7 @@ public class JwtFilterTest {
     @Test
     public void handleShouldRejectRequestWithBearersHeaders() throws Exception {
         Request request = mock(Request.class);
+        when(request.requestMethod()).thenReturn("GET");
         when(request.headers(JwtFilter.AUTHORIZATION_HEADER_NAME)).thenReturn("Invalid value");
 
         expectedException.expect(HaltException.class);
@@ -91,6 +107,7 @@ public class JwtFilterTest {
     @Test
     public void handleShouldRejectRequestWithInvalidBearerHeaders() throws Exception {
         Request request = mock(Request.class);
+        when(request.requestMethod()).thenReturn("GET");
         when(request.headers(JwtFilter.AUTHORIZATION_HEADER_NAME)).thenReturn("Bearer value");
         when(jwtTokenVerifier.verify("value")).thenReturn(false);
 
@@ -103,6 +120,7 @@ public class JwtFilterTest {
     @Test
     public void handleShouldRejectRequestWithoutAdminClaim() throws Exception {
         Request request = mock(Request.class);
+        when(request.requestMethod()).thenReturn("GET");
         when(request.headers(JwtFilter.AUTHORIZATION_HEADER_NAME)).thenReturn("Bearer value");
         when(jwtTokenVerifier.verify("value")).thenReturn(true);
         when(jwtTokenVerifier.hasAttribute("admin", true, "value")).thenReturn(false);
@@ -116,6 +134,7 @@ public class JwtFilterTest {
     @Test
     public void handleShouldAcceptValidJwt() throws Exception {
         Request request = mock(Request.class);
+        when(request.requestMethod()).thenReturn("GET");
         when(request.headers(JwtFilter.AUTHORIZATION_HEADER_NAME)).thenReturn("Bearer value");
         when(jwtTokenVerifier.verify("value")).thenReturn(true);
         when(jwtTokenVerifier.hasAttribute("admin", true, "value")).thenReturn(true);


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org