@Test
public void givenInValidAPIKey_WhenCallingSecureAPI_ThenShouldNotBeAllowed() throws Exception {
request.setRequestURI("/api/v1/fortress/");
request.addHeader("api-key", "someKey");
TestCase.assertFalse(
"didn't fail pre-flight", apiKeyInterceptor.preHandle(request, response, null));
}
@Test
public void givenNoAPIKey_WhenCallingSecureAPI_ThenShouldNotBeAllowed() throws Exception {
setSecurity(sally_admin); // Sally is Authorised and has not API Key
request.setRequestURI("/api/v1/fortress/");
// exception.expect(SecurityException.class);
// ToDo: Move to MVC tests
TestCase.assertFalse(apiKeyInterceptor.preHandle(request, response, null));
TestCase.assertNotNull(response.getErrorMessage());
TestCase.assertEquals(HttpStatus.UNAUTHORIZED.value(), response.getStatus());
}
@Test
public void givenValidAPIKey_WhenCallingSecureAPI_ThenShouldBeAllowed() throws Exception {
String companyName = "SecAPI";
String apiKey = registerSystemUser(companyName, "abc123").getApiKey();
request.setRequestURI("/fortress/");
request.addHeader("api-key", apiKey);
boolean status = apiKeyInterceptor.preHandle(request, response, null);
assertEquals(true, status);
Company company = (Company) request.getAttribute("company");
assertNotNull(company);
assertEquals(companyName, company.getName());
}
