Add test for CSRF section visibility

AmoghParmar · AmoghParmar · commit 72fa34fa74ae · 2026-02-22T20:46:28.000+05:30
diff --git a/test/src/test/java/hudson/security/csrf/GlobalCrumbIssuerConfigurationTest.java b/test/src/test/java/hudson/security/csrf/GlobalCrumbIssuerConfigurationTest.java
@@ -0,0 +1,55 @@
+package hudson.security.csrf;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.not;
+
+import org.htmlunit.html.HtmlPage;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.jvnet.hudson.test.JenkinsRule;
+import org.jvnet.hudson.test.junit.jupiter.WithJenkins;
+
+@WithJenkins
+class GlobalCrumbIssuerConfigurationTest {
+
+    private JenkinsRule j;
+
+    @BeforeEach
+    void setUp(JenkinsRule rule) {
+        j = rule;
+    }
+
+    @Test
+    void csrfSectionShownWhenNonDefaultIssuerConfigured() throws Exception {
+        // DefaultCrumbIssuer is default, but other CrumbIssuer descriptors exist in test environment
+        // so the CSRF section should be visible
+        j.jenkins.setCrumbIssuer(new DefaultCrumbIssuer(false));
+
+        JenkinsRule.WebClient wc = j.createWebClient();
+        HtmlPage page = wc.goTo("configureSecurity");
+        String pageContent = page.asNormalizedText();
+
+        // With multiple CrumbIssuer descriptors available (from test extensions),
+        // the CSRF Protection section should always be shown
+        assertThat("CSRF Protection section should be shown when multiple issuers are available",
+                   pageContent, containsString("CSRF Protection"));
+    }
+
+    @Test
+    void csrfSectionShownWhenCsrfProtectionDisabled() throws Exception {
+        boolean original = GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION;
+        try {
+            GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION = true;
+
+            JenkinsRule.WebClient wc = j.createWebClient();
+            HtmlPage page = wc.goTo("configureSecurity");
+            String pageContent = page.asNormalizedText();
+
+            assertThat("CSRF section should be shown when CSRF protection is disabled",
+                       pageContent, containsString("CSRF Protection"));
+        } finally {
+            GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION = original;
+        }
+    }
+}
