NavigatorTest: add initial security test

mvysny · Aug 1, 2024 · b239692 · b239692
1 parent e7e5730
commit b239692
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/...ting-v10/kt10-tests/src/main/kotlin/com/github/mvysny/kaributesting/v10/MockVaadinTest.kt b/...ting-v10/kt10-tests/src/main/kotlin/com/github/mvysny/kaributesting/v10/MockVaadinTest.kt
@@ -24,6 +24,7 @@ import com.vaadin.flow.component.page.ExtendedClientDetails
 import com.vaadin.flow.function.DeploymentConfiguration
 import com.vaadin.flow.router.*
 import com.vaadin.flow.server.*
+import com.vaadin.flow.server.auth.AnonymousAllowed
 import java.util.concurrent.ExecutorService
 import java.util.concurrent.Executors
 import java.util.concurrent.TimeUnit
@@ -598,6 +599,7 @@ class HelloWorldView : VerticalLayout() {
 
 @Route("")
 @PWA(name = "My Foo PWA", shortName = "Foo PWA")
+@AnonymousAllowed
 class WelcomeView : VerticalLayout() {
     init {
         width = null

diff --git a/...sting-v10/kt10-tests/src/main/kotlin/com/github/mvysny/kaributesting/v10/NavigatorTest.kt b/...sting-v10/kt10-tests/src/main/kotlin/com/github/mvysny/kaributesting/v10/NavigatorTest.kt
@@ -16,6 +16,10 @@ import com.vaadin.flow.component.orderedlayout.VerticalLayout
 import com.vaadin.flow.router.BeforeLeaveEvent
 import com.vaadin.flow.router.BeforeLeaveObserver
 import com.vaadin.flow.router.Route
+import com.vaadin.flow.server.VaadinRequest
+import com.vaadin.flow.server.auth.NavigationAccessControl
+import java.security.Principal
+import java.util.function.Predicate
 import kotlin.test.expect
 
 @DynaTestDsl
@@ -209,6 +213,14 @@ internal fun DynaNodeGroup.navigatorTest() {
             expect(TestingView::class.java) { currentView }
         }
     }
+
+    group("security") {
+        test("when access is rejected, redirect goes to WelcomeView") {
+            UI.getCurrent().addBeforeEnterListener(NoUserLoggedInNavigationAccessControl())
+            navigateTo<TestingView>()
+            expectView<WelcomeView>()
+        }
+    }
 }
 
 @Route("navigation-postpone")
@@ -226,3 +238,11 @@ class NavigationPostponeView : VerticalLayout(), BeforeLeaveObserver {
         }.open()
     }
 }
+
+class NoUserLoggedInNavigationAccessControl : NavigationAccessControl() {
+    init {
+        loginView = WelcomeView::class.java
+    }
+    override fun getPrincipal(request: VaadinRequest?): Principal? = null
+    override fun getRolesChecker(request: VaadinRequest?): Predicate<String> = Predicate { false }
+}