add: defense-in-depth mechanism to prevent unauthorized adding of groups

[gigi.git] / tests / org / cacert / gigi / pages / admin / TestSEAdminNotificationMail.java

diff --git a/tests/org/cacert/gigi/pages/admin/TestSEAdminNotificationMail.java b/tests/org/cacert/gigi/pages/admin/TestSEAdminNotificationMail.java
index 033f69a6a8445b43b637d7f99e788e318631a59c..c51e5cc46a6ae1aa31aeab212d22b6dd4c7ef9da 100644 (file)
--- a/tests/org/cacert/gigi/pages/admin/TestSEAdminNotificationMail.java
+++ b/tests/org/cacert/gigi/pages/admin/TestSEAdminNotificationMail.java
@@ -6,6 +6,7 @@ import static org.junit.Assert.*;
 import java.io.IOException;
 import java.net.MalformedURLException;
 
+import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.pages.admin.support.SupportEnterTicketPage;
 import org.cacert.gigi.pages.admin.support.SupportUserDetailsPage;
@@ -18,8 +19,9 @@ public class TestSEAdminNotificationMail extends ClientTest {
 
     private int targetID;
 
-    public TestSEAdminNotificationMail() throws IOException {
-        grant(email, Group.SUPPORTER);
+    public TestSEAdminNotificationMail() throws IOException, GigiApiException {
+        grant(u, Group.SUPPORTER);
+        cookie = login(email, TEST_PASSWORD);
         assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
 
         String email = createUniqueName() + "@example.com";
@@ -31,7 +33,7 @@ public class TestSEAdminNotificationMail extends ClientTest {
     @Test
     public void testChangeAccountData() throws MalformedURLException, IOException {
 
-        executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID, "dobd=1&dobm=2&doby=2000&detailupdate", 0);
+        executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "dobd=1&dobm=2&doby=2000&detailupdate", 0);
 
         String message = getMailReceiver().receive().getMessage();
         assertThat(message, containsString("The account data was changed."));
@@ -41,7 +43,7 @@ public class TestSEAdminNotificationMail extends ClientTest {
 
     @Test
     public void testPasswordReset() throws MalformedURLException, IOException {
-        executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID, "aword=SecretWord&resetPass", 0);
+        executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "aword=SecretWord&resetPass", 0);
         TestMail tm;
         String targetMail = ServerConstants.getSupportMailAddress();
         do {
@@ -52,7 +54,7 @@ public class TestSEAdminNotificationMail extends ClientTest {
 
     @Test
     public void testGrantUserGroup() throws MalformedURLException, IOException {
-        executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID, "grant&groupToModify=supporter", 0);
+        executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "addGroup&groupToModify=supporter", 0);
 
         String message = getMailReceiver().receive().getMessage();
         assertThat(message, containsString("The group permission supporter was granted."));
@@ -60,7 +62,7 @@ public class TestSEAdminNotificationMail extends ClientTest {
 
     @Test
     public void testRemoveUserGroup() throws MalformedURLException, IOException {
-        executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID, "deny&groupToModify=supporter", 0);
+        executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "removeGroup&groupToModify=supporter", 0);
 
         String message = getMailReceiver().receive().getMessage();
         assertThat(message, containsString("The group permission supporter was revoked."));
@@ -68,7 +70,7 @@ public class TestSEAdminNotificationMail extends ClientTest {
 
     @Test
     public void testRevokeCertificates() throws MalformedURLException, IOException {
-        executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID, "revokeall", 1);
+        executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "revokeall", 1);
 
         String message = getMailReceiver().receive().getMessage();
         assertThat(message, containsString("All certificates in the account have been revoked."));