add: test 403/404-Behavior for TTP-admin page

[gigi.git] / tests / org / cacert / gigi / testUtils / ManagedTest.java
diff --git a/tests/org/cacert/gigi/testUtils/ManagedTest.java b/tests/org/cacert/gigi/testUtils/ManagedTest.java

index cc023239250447d610fdeac22019f8236b85c7db..c0c8ad49275843b94aa64ac1de90b78780c53bd7 100644 (file)
--- a/tests/org/cacert/gigi/testUtils/ManagedTest.java
+++ b/tests/org/cacert/gigi/testUtils/ManagedTest.java
@@ -39,13 +39,16 @@ import org.cacert.gigi.database.DatabaseConnection;
  import org.cacert.gigi.database.GigiPreparedStatement;
  import org.cacert.gigi.database.GigiResultSet;
  import org.cacert.gigi.dbObjects.EmailAddress;
+import org.cacert.gigi.dbObjects.Group;
  import org.cacert.gigi.dbObjects.ObjectCache;
  import org.cacert.gigi.dbObjects.User;
  import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.pages.Manager;
  import org.cacert.gigi.pages.account.MyDetails;
  import org.cacert.gigi.pages.main.RegisterPage;
  import org.cacert.gigi.testUtils.TestEmailReciever.TestMail;
  import org.cacert.gigi.util.DatabaseManager;
+import org.cacert.gigi.util.DatabaseManager.ImportType;
  import org.cacert.gigi.util.ServerConstants;
  import org.cacert.gigi.util.SimpleSigner;
  import org.junit.After;
@@ -149,21 +152,24 @@ public class ManagedTest extends ConfiguredTest {
          try {
              DatabaseManager.run(new String[] {
                      testProps.getProperty("sql.driver"), testProps.getProperty("sql.url"), testProps.getProperty("sql.user"), testProps.getProperty("sql.password")
-            }, true);
+            }, ImportType.TRUNCATE);
          } catch (ClassNotFoundException e) {
              e.printStackTrace();
          }
          System.out.println(" in " + (System.currentTimeMillis() - ms) + " ms");
-        String type = testProps.getProperty("type");
+        clearCaches();
+    }
+
+    public static void clearCaches() throws IOException {
          ObjectCache.clearAllCaches();
-        if (type.equals("local")) {
-            URL u = new URL("https://" + getServerName() + "/manage");
-            u.openConnection().getHeaderField("Location");
-        }
+        String type = testProps.getProperty("type");
+        URL u = new URL("https://" + getServerName() + "/manage");
+        u.openConnection().getHeaderField("Location");
      }
  
      private static Properties generateMainProps() {
          Properties mainProps = new Properties();
+        mainProps.setProperty("testrunner", "true");
          mainProps.setProperty("host", "127.0.0.1");
          mainProps.setProperty("name.secure", testProps.getProperty("name.secure"));
          mainProps.setProperty("name.www", testProps.getProperty("name.www"));
@@ -177,6 +183,7 @@ public class ManagedTest extends ConfiguredTest {
          mainProps.setProperty("sql.url", testProps.getProperty("sql.url"));
          mainProps.setProperty("sql.user", testProps.getProperty("sql.user"));
          mainProps.setProperty("sql.password", testProps.getProperty("sql.password"));
+        mainProps.setProperty("testing", "true");
          return mainProps;
      }
  
@@ -284,6 +291,13 @@ public class ManagedTest extends ConfiguredTest {
          }
      }
  
+    public static void grant(String email, Group g) throws IOException {
+        HttpURLConnection huc = (HttpURLConnection) new URL("https://" + getServerName() + Manager.PATH).openConnection();
+        huc.setDoOutput(true);
+        huc.getOutputStream().write(("addpriv=y&priv=" + URLEncoder.encode(g.getDatabaseName(), "UTF-8") + "&email=" + URLEncoder.encode(email, "UTF-8")).getBytes());
+        assertEquals(200, huc.getResponseCode());
+    }
+
      /**
       * Creates a new user with 100 Assurance points given by an (invalid)
       * assurance.
@@ -327,12 +341,21 @@ public class ManagedTest extends ConfiguredTest {
      public static String login(String email, String pw) throws IOException {
          URL u = new URL("https://" + getServerName() + "/login");
          HttpURLConnection huc = (HttpURLConnection) u.openConnection();
+
+        String csrf = getCSRF(huc);
+        String headerField = stripCookie(huc.getHeaderField("Set-Cookie"));
+
+        huc = (HttpURLConnection) u.openConnection();
+        cookie(huc, headerField);
          huc.setDoOutput(true);
          OutputStream os = huc.getOutputStream();
-        String data = "username=" + URLEncoder.encode(email, "UTF-8") + "&password=" + URLEncoder.encode(pw, "UTF-8");
+        String data = "username=" + URLEncoder.encode(email, "UTF-8") + "&password=" + URLEncoder.encode(pw, "UTF-8") + "&csrf=" + URLEncoder.encode(csrf, "UTF-8");
          os.write(data.getBytes());
          os.flush();
-        String headerField = huc.getHeaderField("Set-Cookie");
+        headerField = huc.getHeaderField("Set-Cookie");
+        if (headerField == null) {
+            return "";
+        }
          return stripCookie(headerField);
      }