You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by rc...@apache.org on 2020/02/25 03:48:48 UTC
[james-project] 03/04: JAMES-3071 String comparison is supposed to
use equals method
This is an automated email from the ASF dual-hosted git repository.
rcordier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 2e6741f4420400f6b11ef6cd4535d592a8804654
Author: Matthieu Baechler <ma...@apache.org>
AuthorDate: Fri Feb 21 17:21:03 2020 +0100
JAMES-3071 String comparison is supposed to use equals method
---
.../james/webadmin/authentication/JwtFilter.java | 2 +-
.../james/webadmin/authentication/JwtFilterTest.java | 19 +++++++++++++++++++
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/server/protocols/webadmin/webadmin-core/src/main/java/org/apache/james/webadmin/authentication/JwtFilter.java b/server/protocols/webadmin/webadmin-core/src/main/java/org/apache/james/webadmin/authentication/JwtFilter.java
index d72b532..28d8cd6 100644
--- a/server/protocols/webadmin/webadmin-core/src/main/java/org/apache/james/webadmin/authentication/JwtFilter.java
+++ b/server/protocols/webadmin/webadmin-core/src/main/java/org/apache/james/webadmin/authentication/JwtFilter.java
@@ -45,7 +45,7 @@ public class JwtFilter implements AuthenticationFilter {
@Override
public void handle(Request request, Response response) throws Exception {
- if (request.requestMethod() != OPTIONS) {
+ if (!request.requestMethod().equals(OPTIONS)) {
Optional<String> bearer = Optional.ofNullable(request.headers(AUTHORIZATION_HEADER_NAME))
.filter(value -> value.startsWith(AUTHORIZATION_HEADER_PREFIX))
.map(value -> value.substring(AUTHORIZATION_HEADER_PREFIX.length()));
diff --git a/server/protocols/webadmin/webadmin-core/src/test/java/org/apache/james/webadmin/authentication/JwtFilterTest.java b/server/protocols/webadmin/webadmin-core/src/test/java/org/apache/james/webadmin/authentication/JwtFilterTest.java
index 0c4b3df..1b2e659 100644
--- a/server/protocols/webadmin/webadmin-core/src/test/java/org/apache/james/webadmin/authentication/JwtFilterTest.java
+++ b/server/protocols/webadmin/webadmin-core/src/test/java/org/apache/james/webadmin/authentication/JwtFilterTest.java
@@ -20,6 +20,7 @@
package org.apache.james.webadmin.authentication;
import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verifyZeroInteractions;
import static org.mockito.Mockito.when;
import org.apache.james.jwt.JwtTokenVerifier;
@@ -67,8 +68,22 @@ public class JwtFilterTest {
}
@Test
+ public void handleShouldDoNothingOnOptions() throws Exception {
+ Request request = mock(Request.class);
+ //Ensure we don't take OPTIONS string from the constant pool
+ when(request.requestMethod()).thenReturn(new String("OPTIONS"));
+ Response response = mock(Response.class);
+
+ jwtFilter.handle(request, response);
+
+ verifyZeroInteractions(response);
+ }
+
+
+ @Test
public void handleShouldRejectRequestWithHeaders() throws Exception {
Request request = mock(Request.class);
+ when(request.requestMethod()).thenReturn("GET");
when(request.headers()).thenReturn(ImmutableSet.of());
expectedException.expect(HaltException.class);
@@ -80,6 +95,7 @@ public class JwtFilterTest {
@Test
public void handleShouldRejectRequestWithBearersHeaders() throws Exception {
Request request = mock(Request.class);
+ when(request.requestMethod()).thenReturn("GET");
when(request.headers(JwtFilter.AUTHORIZATION_HEADER_NAME)).thenReturn("Invalid value");
expectedException.expect(HaltException.class);
@@ -91,6 +107,7 @@ public class JwtFilterTest {
@Test
public void handleShouldRejectRequestWithInvalidBearerHeaders() throws Exception {
Request request = mock(Request.class);
+ when(request.requestMethod()).thenReturn("GET");
when(request.headers(JwtFilter.AUTHORIZATION_HEADER_NAME)).thenReturn("Bearer value");
when(jwtTokenVerifier.verify("value")).thenReturn(false);
@@ -103,6 +120,7 @@ public class JwtFilterTest {
@Test
public void handleShouldRejectRequestWithoutAdminClaim() throws Exception {
Request request = mock(Request.class);
+ when(request.requestMethod()).thenReturn("GET");
when(request.headers(JwtFilter.AUTHORIZATION_HEADER_NAME)).thenReturn("Bearer value");
when(jwtTokenVerifier.verify("value")).thenReturn(true);
when(jwtTokenVerifier.hasAttribute("admin", true, "value")).thenReturn(false);
@@ -116,6 +134,7 @@ public class JwtFilterTest {
@Test
public void handleShouldAcceptValidJwt() throws Exception {
Request request = mock(Request.class);
+ when(request.requestMethod()).thenReturn("GET");
when(request.headers(JwtFilter.AUTHORIZATION_HEADER_NAME)).thenReturn("Bearer value");
when(jwtTokenVerifier.verify("value")).thenReturn(true);
when(jwtTokenVerifier.hasAttribute("admin", true, "value")).thenReturn(true);
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org