Merge pull request #76 from companieshouse/feature/SEC-54

SEC-54 Additional test
companieshouse · Jul 12, 2024 · 1c05193 · 1c05193
2 parents 49407d3 + 8a58cc2
commit 1c05193
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/...eshouse/disqualifiedofficersdataapi/api/controller/DisqualifiedOfficerControllerTest.java b/...eshouse/disqualifiedofficersdataapi/api/controller/DisqualifiedOfficerControllerTest.java
@@ -46,6 +46,7 @@
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 
 @ExtendWith(SpringExtension.class)
 @WebMvcTest(controllers = DisqualifiedOfficerController.class)
@@ -431,6 +432,24 @@ void callDisqualifiedOfficerGetRequestCORS() throws Exception {
         assertEquals(data, objectMapper.readValue(result.getResponse().getContentAsString(), NaturalDisqualificationApi.class));
     }
 
+    @Test
+    @DisplayName("Forbidden Disqualified Officer GET request - CORS")
+    void getCompanyExemptionsForbiddenCORS() throws Exception {
+
+        MvcResult result = mockMvc.perform(get(NATURAL_GET_URL)
+                .contentType(APPLICATION_JSON)
+                .header("Origin", "")
+                .header("ERIC-Allowed-Origin", "")
+                .header("x-request-id", "5342342")
+                .header("ERIC-Identity", "Test-Identity")
+                .header("ERIC-Identity-Type", "oauth2"))
+            .andExpect(status().isForbidden())
+            .andExpect(header().exists(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS))
+            .andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, containsString("GET")))
+            .andExpect(content().string(""))
+            .andReturn();
+    }
+
     @Test
     @DisplayName("Disqualified Officer PUT request - CORS")
     void callDisqualifiedOfficerPutRequestCORS() throws Exception {
@@ -453,6 +472,7 @@ void callDisqualifiedOfficerPutRequestCORS() throws Exception {
                 .andExpect(status().isForbidden())
                 .andExpect(header().exists(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS))
                 .andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, containsString("GET")))
+                .andExpect(content().string(""))
                 .andReturn();
     }