add: defense-in-depth mechanism to prevent unauthorized adding of groups

[gigi.git] / tests / org / cacert / gigi / pages / wot / TestTTPAdmin.java

diff --git a/tests/org/cacert/gigi/pages/wot/TestTTPAdmin.java b/tests/org/cacert/gigi/pages/wot/TestTTPAdmin.java
index b1cbf9aba6625e1349eaf435bc2ed51fa58648fe..d04b0b66cd921f22cef3649fc9cee94045400c5b 100644 (file)
--- a/tests/org/cacert/gigi/pages/wot/TestTTPAdmin.java
+++ b/tests/org/cacert/gigi/pages/wot/TestTTPAdmin.java
@@ -3,57 +3,48 @@ package org.cacert.gigi.pages.wot;
 import static org.junit.Assert.*;
 
 import java.io.IOException;
-import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
-import java.net.URL;
 
+import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.pages.admin.TTPAdminPage;
-import org.cacert.gigi.testUtils.ManagedTest;
+import org.cacert.gigi.testUtils.ClientTest;
 import org.junit.Test;
 
-public class TestTTPAdmin extends ManagedTest {
-
-    User us;
-
-    String cookie;
+public class TestTTPAdmin extends ClientTest {
 
     User us2;
 
     public TestTTPAdmin() throws IOException {
-        String email = uniq + "@example.com";
-        us = User.getById(createVerifiedUser("fn", "ln", email, TEST_PASSWORD));
-        cookie = login(email, TEST_PASSWORD);
         us2 = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@example.com", TEST_PASSWORD));
     }
 
     @Test
-    public void testHasRight() throws IOException {
+    public void testHasRight() throws IOException, GigiApiException {
         testTTPAdmin(true);
     }
 
     @Test
-    public void testHasNoRight() throws IOException {
+    public void testHasNoRight() throws IOException, GigiApiException {
         testTTPAdmin(false);
     }
 
-    public void testTTPAdmin(boolean hasRight) throws IOException {
+    public void testTTPAdmin(boolean hasRight) throws IOException, GigiApiException {
         if (hasRight) {
-            grant(us.getEmail(), Group.getByString("ttp-assurer"));
+            grant(u, Group.getByString("ttp-assurer"));
         }
-        grant(us.getEmail(), TTPAdminPage.TTP_APPLICANT);
-        cookie = login(us.getEmail(), TEST_PASSWORD);
-
-        assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH));
-        assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/"));
-        assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + us.getId()));
-        assertEquals( !hasRight ? 403 : 404, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + us2.getId()));
-        assertEquals( !hasRight ? 403 : 404, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + 100));
+        grant(u, TTPAdminPage.TTP_APPLICANT);
+        cookie = login(u.getEmail(), TEST_PASSWORD);
+
+        assertEquals( !hasRight ? 403 : 200, fetchStatusCode(TTPAdminPage.PATH));
+        assertEquals( !hasRight ? 403 : 200, fetchStatusCode(TTPAdminPage.PATH + "/"));
+        assertEquals( !hasRight ? 403 : 200, fetchStatusCode(TTPAdminPage.PATH + "/" + u.getId()));
+        assertEquals( !hasRight ? 403 : 404, fetchStatusCode(TTPAdminPage.PATH + "/" + us2.getId()));
+        assertEquals( !hasRight ? 403 : 404, fetchStatusCode(TTPAdminPage.PATH + "/" + 100));
     }
 
     private int fetchStatusCode(String path) throws MalformedURLException, IOException {
-        URL u = new URL(path);
-        return ((HttpURLConnection) cookie(u.openConnection(), cookie)).getResponseCode();
+        return get(path).getResponseCode();
     }
 }