Merge pull request #4857 from psiinon/dev/testauthdir

zaproxy · Sep 1, 2023 · 8771842 · 8771842
2 parents 1468ba7 + 51b113a
commit 8771842
Show file tree

Hide file tree

Showing 12 changed files with 76 additions and 277 deletions.
diff --git a/addOns/dev/CHANGELOG.md b/addOns/dev/CHANGELOG.md
@@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Changed
 - Update minimum ZAP version to 2.13.0.
+- Added TestAuthDirectory abstract class to reduce duplicated code.
 
 ## [0.2.0] - 2023-05-09
 

diff --git a/addOns/dev/src/main/java/org/zaproxy/addon/dev/TestAuthDirectory.java b/addOns/dev/src/main/java/org/zaproxy/addon/dev/TestAuthDirectory.java
@@ -0,0 +1,55 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2023 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.addon.dev;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+import org.apache.commons.lang.RandomStringUtils;
+
+/** A test directory which uses authentication. */
+public abstract class TestAuthDirectory extends TestDirectory {
+
+    // These are test credentials, so hardcoding them is fine ;)
+    private static final String[][] USERS = {{"test@test.com", "password123"}};
+
+    private Map<String, String> sessions = new HashMap<>();
+
+    public TestAuthDirectory(TestProxyServer server, String name) {
+        super(server, name);
+    }
+
+    public boolean isValid(String username, String password) {
+        return Arrays.stream(USERS)
+                .filter(c -> (c[0].equals(username) && c[1].equals(password)))
+                .findAny()
+                .isPresent();
+    }
+
+    public String getToken(String username) {
+        String token = RandomStringUtils.randomAlphanumeric(32);
+        sessions.put(token, username);
+        return token;
+    }
+
+    public String getUser(String token) {
+        return sessions.get(token);
+    }
+}
diff --git a/.../src/main/java/org/zaproxy/addon/dev/auth/jsonMultipleCookies/JsonMultipleCookiesDir.java b/.../src/main/java/org/zaproxy/addon/dev/auth/jsonMultipleCookies/JsonMultipleCookiesDir.java
@@ -19,23 +19,17 @@
  */
 package org.zaproxy.addon.dev.auth.jsonMultipleCookies;
 
-import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
 import org.apache.commons.lang.RandomStringUtils;
-import org.zaproxy.addon.dev.TestDirectory;
+import org.zaproxy.addon.dev.TestAuthDirectory;
 import org.zaproxy.addon.dev.TestProxyServer;
 
 /**
  * A login page which uses one JSON request to login endpoint. The token is returned in a standard
  * field but is submitted with the "Bearer" prefix and in a cookie.
  */
-public class JsonMultipleCookiesDir extends TestDirectory {
-
-    // These are test credentials, so hardcoding them is fine ;)
-    private static final String[][] USERS = {{"test@test.com", "password123"}};
-
-    private Map<String, String> sessions = new HashMap<>();
+public class JsonMultipleCookiesDir extends TestAuthDirectory {
 
     private Map<String, String> tempTokens = new HashMap<>();
 
@@ -46,29 +40,12 @@ public JsonMultipleCookiesDir(TestProxyServer server, String name) {
         this.addPage(new JsonMultipleCookiesVerificationPage(server));
     }
 
-    public boolean isValid(String username, String password) {
-        return Arrays.stream(USERS)
-                .filter(c -> (c[0].equals(username) && c[1].equals(password)))
-                .findAny()
-                .isPresent();
-    }
-
-    public String getToken(String username) {
-        String token = RandomStringUtils.randomAlphanumeric(32);
-        sessions.put(token, username);
-        return token;
-    }
-
     public String getTempToken(String username) {
         String token = RandomStringUtils.randomAlphanumeric(32);
         tempTokens.put(token, username);
         return token;
     }
 
-    public String getUser(String token) {
-        return sessions.get(token);
-    }
-
     public String getTempUser(String token) {
         return tempTokens.get(token);
     }

diff --git a/...ns/dev/src/main/java/org/zaproxy/addon/dev/auth/nonStdJsonBearer/NonStdJsonBearerDir.java b/...ns/dev/src/main/java/org/zaproxy/addon/dev/auth/nonStdJsonBearer/NonStdJsonBearerDir.java
@@ -19,44 +19,18 @@
  */
 package org.zaproxy.addon.dev.auth.nonStdJsonBearer;
 
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-import org.apache.commons.lang.RandomStringUtils;
-import org.zaproxy.addon.dev.TestDirectory;
+import org.zaproxy.addon.dev.TestAuthDirectory;
 import org.zaproxy.addon.dev.TestProxyServer;
 
 /**
  * A login page which uses one JSON request to login endpoint. The token is returned in a non
  * standard JSON field.
  */
-public class NonStdJsonBearerDir extends TestDirectory {
-
-    // These are test credentials, so hardcoding them is fine ;)
-    private static final String[][] USERS = {{"test@test.com", "password123"}};
-
-    private Map<String, String> sessions = new HashMap<>();
+public class NonStdJsonBearerDir extends TestAuthDirectory {
 
     public NonStdJsonBearerDir(TestProxyServer server, String name) {
         super(server, name);
         this.addPage(new NonStdJsonBearerLoginPage(server));
         this.addPage(new NonStdJsonBearerVerificationPage(server));
     }
-
-    public boolean isValid(String username, String password) {
-        return Arrays.stream(USERS)
-                .filter(c -> (c[0].equals(username) && c[1].equals(password)))
-                .findAny()
-                .isPresent();
-    }
-
-    public String getToken(String username) {
-        String token = RandomStringUtils.randomAlphanumeric(32);
-        sessions.put(token, username);
-        return token;
-    }
-
-    public String getUser(String token) {
-        return sessions.get(token);
-    }
 }
diff --git a/...main/java/org/zaproxy/addon/dev/auth/passswordAddedNoSubmit/PasswordAddedNoSubmitDir.java b/...main/java/org/zaproxy/addon/dev/auth/passswordAddedNoSubmit/PasswordAddedNoSubmitDir.java
@@ -19,44 +19,18 @@
  */
 package org.zaproxy.addon.dev.auth.passswordAddedNoSubmit;
 
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-import org.apache.commons.lang.RandomStringUtils;
-import org.zaproxy.addon.dev.TestDirectory;
+import org.zaproxy.addon.dev.TestAuthDirectory;
 import org.zaproxy.addon.dev.TestProxyServer;
 
 /**
  * A login page which uses one JSON request to login endpoint. The token is returned in a standard
  * field. The submit key does not work so buttons have to be pressed.
  */
-public class PasswordAddedNoSubmitDir extends TestDirectory {
-
-    // These are test credentials, so hardcoding them is fine ;)
-    private static final String[][] USERS = {{"test@test.com", "password123"}};
-
-    private Map<String, String> sessions = new HashMap<>();
+public class PasswordAddedNoSubmitDir extends TestAuthDirectory {
 
     public PasswordAddedNoSubmitDir(TestProxyServer server, String name) {
         super(server, name);
         this.addPage(new PasswordAddedNoSubmitLoginPage(server));
         this.addPage(new PasswordAddedNoSubmitVerificationPage(server));
     }
-
-    public boolean isValid(String username, String password) {
-        return Arrays.stream(USERS)
-                .filter(c -> (c[0].equals(username) && c[1].equals(password)))
-                .findAny()
-                .isPresent();
-    }
-
-    public String getToken(String username) {
-        String token = RandomStringUtils.randomAlphanumeric(32);
-        sessions.put(token, username);
-        return token;
-    }
-
-    public String getUser(String token) {
-        return sessions.get(token);
-    }
 }
diff --git a/.../dev/src/main/java/org/zaproxy/addon/dev/auth/passwordAddedJson/PasswordAddedJsonDir.java b/.../dev/src/main/java/org/zaproxy/addon/dev/auth/passwordAddedJson/PasswordAddedJsonDir.java
@@ -19,44 +19,18 @@
  */
 package org.zaproxy.addon.dev.auth.passwordAddedJson;
 
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-import org.apache.commons.lang.RandomStringUtils;
-import org.zaproxy.addon.dev.TestDirectory;
+import org.zaproxy.addon.dev.TestAuthDirectory;
 import org.zaproxy.addon.dev.TestProxyServer;
 
 /**
  * A login page which uses one JSON request to login endpoint. The token is returned in a standard
  * field.
  */
-public class PasswordAddedJsonDir extends TestDirectory {
-
-    // These are test credentials, so hardcoding them is fine ;)
-    private static final String[][] USERS = {{"test@test.com", "password123"}};
-
-    private Map<String, String> sessions = new HashMap<>();
+public class PasswordAddedJsonDir extends TestAuthDirectory {
 
     public PasswordAddedJsonDir(TestProxyServer server, String name) {
         super(server, name);
         this.addPage(new PasswordAddedJsonLoginPage(server));
         this.addPage(new PasswordAddedJsonVerificationPage(server));
     }
-
-    public boolean isValid(String username, String password) {
-        return Arrays.stream(USERS)
-                .filter(c -> (c[0].equals(username) && c[1].equals(password)))
-                .findAny()
-                .isPresent();
-    }
-
-    public String getToken(String username) {
-        String token = RandomStringUtils.randomAlphanumeric(32);
-        sessions.put(token, username);
-        return token;
-    }
-
-    public String getUser(String token) {
-        return sessions.get(token);
-    }
 }
diff --git a/...ev/src/main/java/org/zaproxy/addon/dev/auth/passwordHiddenJson/PasswordHiddenJsonDir.java b/...ev/src/main/java/org/zaproxy/addon/dev/auth/passwordHiddenJson/PasswordHiddenJsonDir.java
@@ -19,44 +19,18 @@
  */
 package org.zaproxy.addon.dev.auth.passwordHiddenJson;
 
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-import org.apache.commons.lang.RandomStringUtils;
-import org.zaproxy.addon.dev.TestDirectory;
+import org.zaproxy.addon.dev.TestAuthDirectory;
 import org.zaproxy.addon.dev.TestProxyServer;
 
 /**
  * A login page which uses one JSON request to login endpoint. The token is returned in a standard
  * field.
  */
-public class PasswordHiddenJsonDir extends TestDirectory {
-
-    // These are test credentials, so hardcoding them is fine ;)
-    private static final String[][] USERS = {{"test@test.com", "password123"}};
-
-    private Map<String, String> sessions = new HashMap<>();
+public class PasswordHiddenJsonDir extends TestAuthDirectory {
 
     public PasswordHiddenJsonDir(TestProxyServer server, String name) {
         super(server, name);
         this.addPage(new PasswordHiddenJsonLoginPage(server));
         this.addPage(new PasswordHiddenJsonVerificationPage(server));
     }
-
-    public boolean isValid(String username, String password) {
-        return Arrays.stream(USERS)
-                .filter(c -> (c[0].equals(username) && c[1].equals(password)))
-                .findAny()
-                .isPresent();
-    }
-
-    public String getToken(String username) {
-        String token = RandomStringUtils.randomAlphanumeric(32);
-        sessions.put(token, username);
-        return token;
-    }
-
-    public String getUser(String token) {
-        return sessions.get(token);
-    }
 }
diff --git a/addOns/dev/src/main/java/org/zaproxy/addon/dev/auth/passwordNewPage/PasswordNewPageDir.java b/addOns/dev/src/main/java/org/zaproxy/addon/dev/auth/passwordNewPage/PasswordNewPageDir.java
@@ -19,45 +19,19 @@
  */
 package org.zaproxy.addon.dev.auth.passwordNewPage;
 
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-import org.apache.commons.lang.RandomStringUtils;
-import org.zaproxy.addon.dev.TestDirectory;
+import org.zaproxy.addon.dev.TestAuthDirectory;
 import org.zaproxy.addon.dev.TestProxyServer;
 
 /**
  * A login page which uses one JSON request to login endpoint. The token is returned in a standard
  * field.
  */
-public class PasswordNewPageDir extends TestDirectory {
-
-    // These are test credentials, so hardcoding them is fine ;)
-    private static final String[][] USERS = {{"test@test.com", "password123"}};
-
-    private Map<String, String> sessions = new HashMap<>();
+public class PasswordNewPageDir extends TestAuthDirectory {
 
     public PasswordNewPageDir(TestProxyServer server, String name) {
         super(server, name);
         this.addPage(new PasswordNewPageLoginPage(server));
         this.addPage(new PasswordNewPageNextPage(server));
         this.addPage(new PasswordNewPageVerificationPage(server));
     }
-
-    public boolean isValid(String username, String password) {
-        return Arrays.stream(USERS)
-                .filter(c -> (c[0].equals(username) && c[1].equals(password)))
-                .findAny()
-                .isPresent();
-    }
-
-    public String getToken(String username) {
-        String token = RandomStringUtils.randomAlphanumeric(32);
-        sessions.put(token, username);
-        return token;
-    }
-
-    public String getUser(String token) {
-        return sessions.get(token);
-    }
 }