add: defense-in-depth mechanism to prevent unauthorized adding of groups

[gigi.git] / tests / org / cacert / gigi / pages / admin / TestSEAdminPageUserDomainSearch.java

diff --git a/tests/org/cacert/gigi/pages/admin/TestSEAdminPageUserDomainSearch.java b/tests/org/cacert/gigi/pages/admin/TestSEAdminPageUserDomainSearch.java
index 5c0f1e0b3c96037ec85e75a8ba508aaf3c9a2b44..57c5c15cdcf84c06df864ff2da9e22c17f651580 100644 (file)
--- a/tests/org/cacert/gigi/pages/admin/TestSEAdminPageUserDomainSearch.java
+++ b/tests/org/cacert/gigi/pages/admin/TestSEAdminPageUserDomainSearch.java
@@ -13,7 +13,7 @@ import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.dbObjects.Domain;
 import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.User;
-import org.cacert.gigi.pages.admin.support.FindDomainPage;
+import org.cacert.gigi.pages.admin.support.FindUserByDomainPage;
 import org.cacert.gigi.pages.admin.support.SupportEnterTicketPage;
 import org.cacert.gigi.pages.admin.support.SupportUserDetailsPage;
 import org.cacert.gigi.testUtils.ClientTest;
@@ -32,7 +32,8 @@ public class TestSEAdminPageUserDomainSearch extends ClientTest {
     private int tid;
 
     public TestSEAdminPageUserDomainSearch() throws IOException, GigiApiException {
-        grant(email, Group.SUPPORTER);
+        grant(u, Group.SUPPORTER);
+        cookie = login(email, TEST_PASSWORD);
         assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
 
         String mail = createUniqueName() + "@example.com";
@@ -45,20 +46,20 @@ public class TestSEAdminPageUserDomainSearch extends ClientTest {
 
     @Test
     public void testDomainSearch() throws MalformedURLException, UnsupportedEncodingException, IOException, GigiApiException {
-        URLConnection uc = post(FindDomainPage.PATH, "process&domain=" + URLEncoder.encode(domainName, "UTF-8"));
+        URLConnection uc = post(FindUserByDomainPage.PATH, "process&domain=" + URLEncoder.encode(domainName, "UTF-8"));
 
-        assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + tid, uc.getHeaderField("Location"));
+        assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + tid + "/", uc.getHeaderField("Location"));
     }
 
     @Test
     public void testDomainSearchById() throws MalformedURLException, UnsupportedEncodingException, IOException, GigiApiException {
-        URLConnection uc = post(FindDomainPage.PATH, "process&domain=#" + d.getId());
-        assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + tid, uc.getHeaderField("Location"));
+        URLConnection uc = post(FindUserByDomainPage.PATH, "process&domain=#" + d.getId());
+        assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + tid + "/", uc.getHeaderField("Location"));
     }
 
     @Test
     public void testDomainSearchNonExist() throws MalformedURLException, UnsupportedEncodingException, IOException, GigiApiException {
-        URLConnection uc = post(FindDomainPage.PATH, "process&domain=" + URLEncoder.encode(createUniqueName() + ".de", "UTF-8"));
+        URLConnection uc = post(FindUserByDomainPage.PATH, "process&domain=" + URLEncoder.encode(createUniqueName() + ".de", "UTF-8"));
         assertNotNull(fetchStartErrorMessage(IOUtils.readURL(uc)));
     }
 
@@ -76,7 +77,7 @@ public class TestSEAdminPageUserDomainSearch extends ClientTest {
             found = true;
         }
         assumeTrue(found);
-        URLConnection uc = post(FindDomainPage.PATH, "process&domain=#" + id);
+        URLConnection uc = post(FindUserByDomainPage.PATH, "process&domain=#" + id);
         assertNotNull(fetchStartErrorMessage(IOUtils.readURL(uc)));
     }
 }