JoeKung/print-calculator
1
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(chore): added qodana analysis job
Some checks failed
Build, Test, Deploy and Analysis / test-backend (pull_request) Failing after 0s
Details
Build, Test, Deploy and Analysis / build-and-push (pull_request) Has been skipped
Details
Build, Test, Deploy and Analysis / deploy (pull_request) Has been skipped
Details
Build, Test, Deploy and Analysis / qodana (pull_request) Failing after 0s
Details
Build, Test, Deploy and Analysis / qodana (push) Failing after 32s
Details
Build, Test, Deploy and Analysis / test-backend (push) Successful in 1m30s
Details
Build, Test, Deploy and Analysis / build-and-push (push) Successful in 42s
Details
Build, Test, Deploy and Analysis / deploy (push) Successful in 8s
Details

Browse Source
This commit is contained in:
Joe Küng
2026-03-03 09:19:05 +01:00
parent 9955f23f31
commit c00ca5a32e
6 changed files with 55 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/src/test/java/com/printcalculator/controller/AdminAuthSecurityTest.java
View File

@@ -58,7 +58,8 @@ class AdminAuthSecurityTest {
assertTrue(setCookie.contains("admin_session="));
assertTrue(setCookie.contains("HttpOnly"));
assertTrue(setCookie.contains("Secure"));
assertTrue(setCookie.contains("SameSite=Lax"));
assertTrue(setCookie.contains("SameSite=Strict"));
assertTrue(setCookie.contains("Path=/api/admin"));
}
@Test

25
backend/src/test/java/com/printcalculator/security/AdminLoginThrottleServiceTest.java
View File

@@ -1,12 +1,15 @@
package com.printcalculator.security;
import jakarta.servlet.http.HttpServletRequest;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
class AdminLoginThrottleServiceTest {
private final AdminLoginThrottleService service = new AdminLoginThrottleService();
private final AdminLoginThrottleService service = new AdminLoginThrottleService(false);
@Test
void registerFailure_ShouldDoubleDelay() {
@@ -14,4 +17,24 @@ class AdminLoginThrottleServiceTest {
assertEquals(4L, service.registerFailure("127.0.0.1"));
assertEquals(8L, service.registerFailure("127.0.0.1"));
}
@Test
void resolveClientKey_ShouldUseRemoteAddress_WhenProxyHeadersAreNotTrusted() {
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getHeader("X-Forwarded-For")).thenReturn("203.0.113.10");
when(request.getHeader("X-Real-IP")).thenReturn("203.0.113.11");
when(request.getRemoteAddr()).thenReturn("10.0.0.5");
assertEquals("10.0.0.5", service.resolveClientKey(request));
}
@Test
void resolveClientKey_ShouldUseForwardedFor_WhenProxyHeadersAreTrusted() {
AdminLoginThrottleService trustedService = new AdminLoginThrottleService(true);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getHeader("X-Forwarded-For")).thenReturn("203.0.113.10, 10.0.0.5");
when(request.getRemoteAddr()).thenReturn("10.0.0.5");
assertEquals("203.0.113.10", trustedService.resolveClientKey(request));
}
}