/*
pro * Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.shindig.gadgets.servlet;
import static junitx.framework.StringAssert.assertContains;
import static org.easymock.EasyMock.expect;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.AuthType;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.oauth.OAuthArguments;
import org.apache.shindig.gadgets.oauth2.OAuth2Arguments;
import org.apache.shindig.gadgets.uri.ProxyUriManager;
import org.apache.shindig.gadgets.uri.ProxyUriManager.ProxyUri;
import org.junit.Before;
import org.junit.Test;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletResponse;
/**
* Tests for ProxyServlet.
*
* Tests are trivial; real tests are in ProxyHandlerTest.
*/
public class ProxyServletTest extends ServletTestFixture {
private static final Uri REQUEST_URL = Uri.parse("http://example.org/file");
private static final String BASIC_SYNTAX_URL = "http://opensocial.org/proxy?foo=bar&url="
+ REQUEST_URL;
private static final String RESPONSE_BODY = "Hello, world!";
private static final String ERROR_MESSAGE = "Broken!";
private static final String POST_CONTENT = "my post stuff";
private static final String POST_METHOD = "POST";
private ServletInputStream postContentStream = new ServletInputStream() {
InputStream is = new ByteArrayInputStream(POST_CONTENT.getBytes());
@Override
public int read() throws IOException {
return is.read();
}
@Override
public void close() throws IOException {
is.close();
}
};
private final ProxyUriManager proxyUriManager = mock(ProxyUriManager.class);
private final LockedDomainService lockedDomainService = mock(LockedDomainService.class);
private final ProxyHandler proxyHandler = mock(ProxyHandler.class);
private final ProxyServlet servlet = new ProxyServlet();
private final ProxyUriManager.ProxyUri proxyUri = mock(ProxyUriManager.ProxyUri.class);
@Before
public void setUp() throws Exception {
servlet.setProxyHandler(proxyHandler);
servlet.setProxyUriManager(proxyUriManager);
servlet.setLockedDomainService(lockedDomainService);
}
private void setupRequest(String str) throws Exception {
setupRequest(str, true);
}
private void setupRequest(String str, boolean ldSafe) throws Exception {
Uri uri = Uri.parse(str);
expect(request.getScheme()).andReturn(uri.getScheme());
expect(request.getServerName()).andReturn(uri.getAuthority());
expect(request.getServerPort()).andReturn(80);
expect(request.getRequestURI()).andReturn(uri.getPath());
expect(request.getQueryString()).andReturn(uri.getQuery());
expect(request.getHeader("Host")).andReturn(uri.getAuthority());
expect(proxyUriManager.process(uri)).andReturn(proxyUri);
expect(lockedDomainService.isSafeForOpenProxy(uri.getAuthority())).andReturn(ldSafe);
}
private void assertResponseOk(int expectedStatus, String expectedBody) {
assertEquals(expectedStatus, recorder.getHttpStatusCode());
assertEquals(expectedBody, recorder.getResponseAsString());
}
@Test
public void testIfModifiedSinceAlwaysReturnsEarly() throws Exception {
expect(request.getHeader("If-Modified-Since")).andReturn("Yes, this is an invalid header");
replay();
servlet.doGet(request, recorder);
verify();
assertEquals(HttpServletResponse.SC_NOT_MODIFIED, recorder.getHttpStatusCode());
assertFalse(rewriter.responseWasRewritten());
}
@Test
public void testDoGetNormal() throws Exception {
setupRequest(BASIC_SYNTAX_URL);
expect(proxyHandler.fetch(proxyUri)).andReturn(new HttpResponse(RESPONSE_BODY));
replay();
servlet.doGet(request, recorder);
verify();
assertResponseOk(HttpResponse.SC_OK, RESPONSE_BODY);
}
@Test
public void testDoGetHttpError() throws Exception {
setupRequest(BASIC_SYNTAX_URL);
expect(proxyHandler.fetch(proxyUri)).andReturn(HttpResponse.notFound());
replay();
servlet.doGet(request, recorder);
verify();
assertResponseOk(HttpResponse.SC_NOT_FOUND, "");
}
@Test
public void testDoGetException() throws Exception {
setupRequest(BASIC_SYNTAX_URL);
expect(proxyHandler.fetch(proxyUri)).andThrow(
new GadgetException(GadgetException.Code.FAILED_TO_RETRIEVE_CONTENT, ERROR_MESSAGE));
replay();
servlet.doGet(request, recorder);
verify();
assertEquals(HttpServletResponse.SC_BAD_REQUEST, recorder.getHttpStatusCode());
assertContains(ERROR_MESSAGE, recorder.getResponseAsString());
}
@Test
public void testDoGetNormalWithLockedDomainUnsafe() throws Exception {
setupRequest(BASIC_SYNTAX_URL, false);
replay();
servlet.doGet(request, recorder);
verify();
assertEquals(HttpServletResponse.SC_BAD_REQUEST, recorder.getHttpStatusCode());
assertContains("wrong domain", recorder.getResponseAsString());
}
@Test
public void testDoPostNormal() throws Exception {
setupRequest(BASIC_SYNTAX_URL);
expect(request.getInputStream()).andReturn(postContentStream);
expect(request.getMethod()).andReturn(POST_METHOD);
expect(proxyHandler.fetch(proxyUri, POST_CONTENT)).andReturn(new HttpResponse(RESPONSE_BODY));
replay();
servlet.doPost(request, recorder);
verify();
assertResponseOk(HttpResponse.SC_OK, RESPONSE_BODY);
}
@Test
public void testDoPostHttpError() throws Exception {
setupRequest(BASIC_SYNTAX_URL);
expect(proxyHandler.fetch(proxyUri, POST_CONTENT)).andReturn(HttpResponse.notFound());
expect(request.getMethod()).andReturn(POST_METHOD);
expect(request.getInputStream()).andReturn(postContentStream);
replay();
servlet.doPost(request, recorder);
verify();
assertResponseOk(HttpResponse.SC_NOT_FOUND, "");
}
@Test
public void testDoPostException() throws Exception {
setupRequest(BASIC_SYNTAX_URL);
expect(request.getInputStream()).andReturn(postContentStream);
expect(request.getMethod()).andReturn(POST_METHOD);
expect(proxyHandler.fetch(proxyUri, POST_CONTENT)).andThrow(
new GadgetException(GadgetException.Code.FAILED_TO_RETRIEVE_CONTENT, ERROR_MESSAGE));
replay();
servlet.doPost(request, recorder);
verify();
assertEquals(HttpServletResponse.SC_BAD_REQUEST, recorder.getHttpStatusCode());
assertContains(ERROR_MESSAGE, recorder.getResponseAsString());
}
@Test
public void testDoPostNormalWithLockedDomainUnsafe() throws Exception {
setupRequest(BASIC_SYNTAX_URL, false);
replay();
servlet.doGet(request, recorder);
verify();
assertEquals(HttpServletResponse.SC_BAD_REQUEST, recorder.getHttpStatusCode());
assertContains("wrong domain", recorder.getResponseAsString());
}
@Test
public void testDoGetWithOAuth2() throws Exception {
Map<String, String> options = new HashMap<String, String>();
options.put("OAUTH_SERVICE_NAME", "example");
ProxyUriManager.ProxyUri proxyUri = new ProxyUri(-1, false, true, "default", "http://example.org/gadget.xml", REQUEST_URL);
proxyUri.setAuthType(AuthType.OAUTH2);
Uri uri = Uri.parse(BASIC_SYNTAX_URL + "&authz=oauth2&OAUTH_SERVICE_NAME=example&container=default&gadget=http://example.org/gadget.xml");
expect(proxyUriManager.process(uri)).andReturn(proxyUri);
expect(request.getScheme()).andReturn(uri.getScheme());
expect(request.getServerName()).andReturn(uri.getAuthority());
expect(request.getServerPort()).andReturn(80);
expect(request.getRequestURI()).andReturn(uri.getPath());
expect(request.getQueryString()).andReturn(uri.getQuery());
expect(request.getHeader("Host")).andReturn(uri.getAuthority());
expect(request.getParameter("OAUTH_SERVICE_NAME")).andReturn("example");
expect(request.getParameterNames()).andReturn(Collections.enumeration(options.keySet()));
expect(lockedDomainService.isSafeForOpenProxy(uri.getAuthority())).andReturn(true);
ProxyUriManager.ProxyUri pUri = new ProxyUri(-1, false, true, "default", "http://example.org/gadget.xml", REQUEST_URL);
pUri.setAuthType(AuthType.OAUTH2);
pUri.setOAuth2Arguments(new OAuth2Arguments(AuthType.OAUTH2, options));
expect(proxyHandler.fetch(pUri)).andReturn(new HttpResponse(RESPONSE_BODY));
replay();
servlet.doGet(request, recorder);
verify();
assertResponseOk(HttpResponse.SC_OK, RESPONSE_BODY);
}
@Test
public void testDoGetWithOAuth() throws Exception {
Map<String, String> options = new HashMap<String, String>();
options.put("OAUTH_SERVICE_NAME", "example");
ProxyUriManager.ProxyUri proxyUri = new ProxyUri(-1, false, true, "default", "http://example.org/gadget.xml", REQUEST_URL);
proxyUri.setAuthType(AuthType.OAUTH);
Uri uri = Uri.parse(BASIC_SYNTAX_URL + "&authz=oauth&OAUTH_SERVICE_NAME=example&container=default&gadget=http://example.org/gadget.xml");
expect(proxyUriManager.process(uri)).andReturn(proxyUri);
expect(request.getScheme()).andReturn(uri.getScheme());
expect(request.getServerName()).andReturn(uri.getAuthority());
expect(request.getServerPort()).andReturn(80);
expect(request.getRequestURI()).andReturn(uri.getPath());
expect(request.getQueryString()).andReturn(uri.getQuery());
expect(request.getHeader("Host")).andReturn(uri.getAuthority());
expect(request.getParameter("OAUTH_SERVICE_NAME")).andReturn("example");
expect(request.getParameterNames()).andReturn(Collections.enumeration(options.keySet()));
expect(lockedDomainService.isSafeForOpenProxy(uri.getAuthority())).andReturn(true);
ProxyUriManager.ProxyUri pUri = new ProxyUri(-1, false, true, "default", "http://example.org/gadget.xml", REQUEST_URL);
pUri.setAuthType(AuthType.OAUTH);
pUri.setOAuthArguments(new OAuthArguments(AuthType.OAUTH, options));
expect(proxyHandler.fetch(pUri)).andReturn(new HttpResponse(RESPONSE_BODY));
replay();
servlet.doGet(request, recorder);
verify();
assertResponseOk(HttpResponse.SC_OK, RESPONSE_BODY);
}
}