Add cache control and pragma header to login page (#2562)

Sumanth Kumar Mora · zabil · commit 4d871a65f9a1 · 2016-08-17T17:09:58.000+05:30
diff --git a/server/src/com/thoughtworks/go/server/controller/AuthorizationController.java b/server/src/com/thoughtworks/go/server/controller/AuthorizationController.java
@@ -18,47 +18,44 @@
 
 import com.thoughtworks.go.i18n.Localizer;
 import com.thoughtworks.go.plugin.access.authentication.AuthenticationPluginRegistry;
-import com.thoughtworks.go.server.service.SecurityService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.servlet.ModelAndView;
 
-import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.HashMap;
 
 @Controller
 public class AuthorizationController {
     private final Localizer localizer;
-    private final SecurityService securityService;
     private AuthenticationPluginRegistry authenticationPluginRegistry;
 
     @Autowired
-    public AuthorizationController(Localizer localizer, SecurityService securityService,
-                                   AuthenticationPluginRegistry authenticationPluginRegistry) {
+    public AuthorizationController(Localizer localizer, AuthenticationPluginRegistry authenticationPluginRegistry) {
         this.localizer = localizer;
-        this.securityService = securityService;
         this.authenticationPluginRegistry = authenticationPluginRegistry;
     }
 
     @RequestMapping(value = "/auth/login", method = RequestMethod.GET)
     public ModelAndView login(@RequestParam(value = "login_error", required = false) Boolean loginError,
-                              HttpServletRequest request, HttpServletResponse response) throws IOException {
+                              HttpServletResponse response) throws IOException {
+
+        response.setHeader("Cache-Control", "no-cache, must-revalidate, no-store");
+        response.setHeader("Pragma", "no-cache");
+
         HashMap model = new HashMap();
         model.put("login_error", loginError);
         model.put("l", localizer);
         model.put("authentication_plugin_registry", authenticationPluginRegistry);
         return new ModelAndView("auth/login", model);
     }
 
-
     @RequestMapping(value = "/auth/security_check", method = RequestMethod.POST)
-    public ModelAndView securityCheckHandlerWhenAuthenticationProcessingFilterIsOff(HttpServletRequest request,
-                                                                                    HttpServletResponse response)
+    public ModelAndView securityCheckHandlerWhenAuthenticationProcessingFilterIsOff(HttpServletResponse response)
             throws IOException {
         response.sendRedirect("/go");
         return null;
diff --git a/server/test/unit/com/thoughtworks/go/server/controller/AuthorizationControllerTest.java b/server/test/unit/com/thoughtworks/go/server/controller/AuthorizationControllerTest.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2016 ThoughtWorks, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.thoughtworks.go.server.controller;
+
+import com.thoughtworks.go.i18n.Localizer;
+import com.thoughtworks.go.plugin.access.authentication.AuthenticationPluginRegistry;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.servlet.ModelAndView;
+
+import java.util.Map;
+
+import static org.hamcrest.core.Is.is;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Mockito.mock;
+
+public class AuthorizationControllerTest {
+
+    Localizer localizer;
+    AuthenticationPluginRegistry authenticationPluginRegistry;
+
+    private AuthorizationController authorizationController;
+    private MockHttpServletResponse response;
+
+    @Before
+    public void setUp() throws Exception {
+        authenticationPluginRegistry = mock(AuthenticationPluginRegistry.class);
+        localizer = mock(Localizer.class);
+
+        authorizationController = new AuthorizationController(localizer, authenticationPluginRegistry);
+        response = new MockHttpServletResponse();
+    }
+
+    @Test
+    public void shouldAddCacheControlHeaderToTheResponse() throws Exception {
+        authorizationController.login(false, response);
+
+        assertThat(response.getHeader("Cache-Control"), is("no-cache, must-revalidate, no-store"));
+    }
+
+    @Test
+    public void shouldAddPragmaHeaderToTheResponse() throws Exception {
+        authorizationController.login(false, response);
+
+        assertThat(response.getHeader("Pragma"), is("no-cache"));
+    }
+
+    @Test
+    public void shouldSetModel() throws Exception {
+        ModelAndView responseModel = authorizationController.login(false, response);
+
+        Map<String, Object> modelMap = new ModelMap() {{
+            put("login_error", false);
+            put("l", localizer);
+            put("authentication_plugin_registry", authenticationPluginRegistry);
+        }};
+
+        Map<String, Object> responseModelMap = responseModel.getModel();
+        assertThat(responseModelMap, is(modelMap));
+    }
+
+    @Test
+    public void shouldRedirectToGo() throws Exception {
+        authorizationController.securityCheckHandlerWhenAuthenticationProcessingFilterIsOff(response);
+
+        assertThat(response.getRedirectedUrl(), is("/go"));
+    }
+}
