add: defense-in-depth mechanism to prevent unauthorized adding of groups

[gigi.git] / tests / org / cacert / gigi / testUtils / BusinessTest.java

diff --git a/tests/org/cacert/gigi/testUtils/BusinessTest.java b/tests/org/cacert/gigi/testUtils/BusinessTest.java
index c014e2b3a22c427ab811ec9c9304eb360da5993a..db888c03e0088d75bfddd6b78a4549429d7f5ee3 100644 (file)
--- a/tests/org/cacert/gigi/testUtils/BusinessTest.java
+++ b/tests/org/cacert/gigi/testUtils/BusinessTest.java
@@ -15,9 +15,12 @@ import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import org.cacert.gigi.GigiApiException;
+import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.dbObjects.Domain;
 import org.cacert.gigi.dbObjects.EmailAddress;
-import org.cacert.gigi.dbObjects.Name;
+import org.cacert.gigi.dbObjects.Group;
+import org.cacert.gigi.dbObjects.NamePart;
+import org.cacert.gigi.dbObjects.NamePart.NamePartType;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.email.EmailProvider;
 import org.cacert.gigi.ping.PingerDaemon;
@@ -38,8 +41,8 @@ public abstract class BusinessTest extends ConfiguredTest {
         }
 
         @Override
-        public void sendMail(String to, String subject, String message, String from, String replyto, String toname, String fromname, String errorsto, boolean extra) throws IOException {
-            TestMail tm = new TestEmailReceiver.TestMail(to, subject, message, fromname, replyto) {
+        public void sendMail(String to, String subject, String message, String replyto, String toname, String fromname, String errorsto, boolean extra) throws IOException {
+            TestMail tm = new TestEmailReceiver.TestMail(to, subject, message, replyto) {
 
                 @Override
                 public void verify() throws IOException {
@@ -118,17 +121,14 @@ public abstract class BusinessTest extends ConfiguredTest {
         c.set(1950, 1, 1, 0, 0, 0);
         c.set(Calendar.MILLISECOND, 0);
 
-        User u = new User(createUniqueName() + "@email.com", TEST_PASSWORD, new Name("a", "m", "c", ""), new DayDate(c.getTimeInMillis()), Locale.ENGLISH);
+        User u = new User(createUniqueName() + "@email.com", TEST_PASSWORD, new DayDate(c.getTimeInMillis()), Locale.ENGLISH, null, //
+                new NamePart(NamePartType.FIRST_NAME, "a"), new NamePart(NamePartType.FIRST_NAME, "m"), new NamePart(NamePartType.LAST_NAME, "c"));
         InVMEmail.getInstance().mails.poll().verify();
         return u;
     }
 
     public static int createVerifiedUser(String f, String l, String mail, String pw) throws GigiApiException {
-        Calendar c = Calendar.getInstance();
-        c.set(1950, 1, 1, 0, 0, 0);
-        c.set(Calendar.MILLISECOND, 0);
-
-        User u = new User(mail, pw, new Name(f, l, "", ""), new DayDate(c.getTimeInMillis()), Locale.ENGLISH);
+        User u = createUser(f, l, mail, pw);
         try {
             InVMEmail.getInstance().mails.poll().verify();
         } catch (IOException e) {
@@ -137,6 +137,16 @@ public abstract class BusinessTest extends ConfiguredTest {
         return u.getId();
     }
 
+    public static User createUser(String f, String l, String mail, String pw) throws GigiApiException {
+        Calendar c = Calendar.getInstance();
+        c.set(1950, 1, 1, 0, 0, 0);
+        c.set(Calendar.MILLISECOND, 0);
+
+        User u = new User(mail, pw, new DayDate(c.getTimeInMillis()), Locale.ENGLISH, null, //
+                new NamePart(NamePartType.FIRST_NAME, f), new NamePart(NamePartType.LAST_NAME, l));
+        return u;
+    }
+
     public static int createAssuranceUser(String f, String l, String mail, String pw) throws GigiApiException {
         int u = createVerifiedUser(f, l, mail, pw);
         makeAssurer(u);
@@ -147,4 +157,21 @@ public abstract class BusinessTest extends ConfiguredTest {
     public MailReceiver getMailReceiver() {
         return InVMEmail.getInstance();
     }
+
+    private User supporter;
+
+    public User getSupporter() throws GigiApiException, IOException {
+        if (supporter != null) {
+            return supporter;
+        }
+        supporter = createVerifiedUser();
+        try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) {
+            ps.setInt(1, supporter.getId());
+            ps.setString(2, Group.SUPPORTER.getDatabaseName());
+            ps.setInt(3, supporter.getId());
+            ps.execute();
+        }
+        supporter.refreshGroups();
+        return supporter;
+    }
 }