1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 package waffle.util;
25
26 import jakarta.servlet.http.HttpServletRequest;
27
28 import mockit.Expectations;
29 import mockit.Mocked;
30 import mockit.Verifications;
31
32 import org.junit.jupiter.api.Assertions;
33 import org.junit.jupiter.api.Test;
34
35
36
37
38 class CorsPreFlightCheckTest {
39
40
41 @Mocked
42 HttpServletRequest preflightRequest;
43
44
45 @Mocked
46 HttpServletRequest noOriginPreflightRequest;
47
48
49 @Mocked
50 HttpServletRequest noCorsMethodPreflightRequest;
51
52
53 @Mocked
54 HttpServletRequest noCorsHeadersPreflightHeaderRequest;
55
56
57
58
59 @Test
60 void testExpectedCorsPreflightHeadersPresent() {
61
62 new Expectations() {
63 {
64 CorsPreFlightCheckTest.this.preflightRequest.getMethod();
65 this.result = "OPTIONS";
66 CorsPreFlightCheckTest.this.preflightRequest.getHeader("Access-Control-Request-Method");
67 this.result = "LOGIN";
68 CorsPreFlightCheckTest.this.preflightRequest.getHeader("Access-Control-Request-Headers");
69 this.result = "X-Request-For";
70 CorsPreFlightCheckTest.this.preflightRequest.getHeader("Origin");
71 this.result = "https://theorigin.localhost";
72 }
73 };
74
75 Assertions.assertTrue(CorsPreFlightCheck.isPreflight(this.preflightRequest));
76
77 new Verifications() {
78 {
79 CorsPreFlightCheckTest.this.preflightRequest.getMethod();
80 this.times = 1;
81 CorsPreFlightCheckTest.this.preflightRequest.getHeader("Access-Control-Request-Method");
82 this.times = 1;
83 CorsPreFlightCheckTest.this.preflightRequest.getHeader("Access-Control-Request-Headers");
84 this.times = 1;
85 CorsPreFlightCheckTest.this.preflightRequest.getHeader("Origin");
86 this.times = 1;
87 }
88 };
89 }
90
91
92
93
94 @Test
95 void testNoCorsPreflightOriginPresent() {
96 new Expectations() {
97 {
98 CorsPreFlightCheckTest.this.noOriginPreflightRequest.getMethod();
99 this.result = "OPTIONS";
100 CorsPreFlightCheckTest.this.noOriginPreflightRequest.getHeader("Access-Control-Request-Method");
101 this.result = "LOGIN";
102 CorsPreFlightCheckTest.this.noOriginPreflightRequest.getHeader("Access-Control-Request-Headers");
103 this.result = "X-Request-For";
104
105 CorsPreFlightCheckTest.this.noOriginPreflightRequest.getHeader("Origin");
106 this.result = null;
107 }
108 };
109
110 Assertions.assertFalse(CorsPreFlightCheck.isPreflight(this.noOriginPreflightRequest));
111
112 new Verifications() {
113 {
114 CorsPreFlightCheckTest.this.noOriginPreflightRequest.getMethod();
115 this.times = 1;
116 CorsPreFlightCheckTest.this.noOriginPreflightRequest.getHeader("Access-Control-Request-Method");
117 this.times = 1;
118 CorsPreFlightCheckTest.this.noOriginPreflightRequest.getHeader("Access-Control-Request-Headers");
119 this.times = 1;
120 CorsPreFlightCheckTest.this.noOriginPreflightRequest.getHeader("Origin");
121 this.times = 1;
122 }
123 };
124
125 }
126
127
128
129
130 @Test
131 void testCorsMethodPreflightHeadersPresent() {
132 new Expectations() {
133 {
134 CorsPreFlightCheckTest.this.noCorsMethodPreflightRequest.getMethod();
135 this.result = "OPTIONS";
136 CorsPreFlightCheckTest.this.noCorsMethodPreflightRequest.getHeader("Access-Control-Request-Method");
137 this.result = "LOGIN";
138 }
139 };
140
141 Assertions.assertFalse(CorsPreFlightCheck.isPreflight(this.noCorsMethodPreflightRequest));
142
143 new Verifications() {
144 {
145 CorsPreFlightCheckTest.this.noCorsMethodPreflightRequest.getMethod();
146 this.times = 1;
147 CorsPreFlightCheckTest.this.noCorsMethodPreflightRequest.getHeader("Access-Control-Request-Method");
148 this.times = 1;
149 }
150 };
151
152 }
153
154
155
156
157 @Test
158 void testNoCorsHeadersPreflightHeaderPresent() {
159
160 new Expectations() {
161 {
162 CorsPreFlightCheckTest.this.noCorsHeadersPreflightHeaderRequest.getMethod();
163 this.result = "OPTIONS";
164 CorsPreFlightCheckTest.this.noCorsHeadersPreflightHeaderRequest
165 .getHeader("Access-Control-Request-Method");
166 this.result = "LOGIN";
167 CorsPreFlightCheckTest.this.noCorsHeadersPreflightHeaderRequest
168 .getHeader("Access-Control-Request-Headers");
169 this.result = null;
170 this.result = "https://theorigin.localhost";
171 }
172 };
173
174 Assertions.assertFalse(CorsPreFlightCheck.isPreflight(this.noCorsHeadersPreflightHeaderRequest));
175
176 new Verifications() {
177 {
178 CorsPreFlightCheckTest.this.noCorsHeadersPreflightHeaderRequest.getMethod();
179 this.times = 1;
180 CorsPreFlightCheckTest.this.noCorsHeadersPreflightHeaderRequest
181 .getHeader("Access-Control-Request-Method");
182 this.times = 1;
183 CorsPreFlightCheckTest.this.noCorsHeadersPreflightHeaderRequest
184 .getHeader("Access-Control-Request-Headers");
185 this.times = 1;
186 }
187 };
188 }
189
190 }