X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=tests%2Fclub%2Fwpia%2Fgigi%2Fpages%2Forga%2FTestOrgManagement.java;h=164facf6d179f9513726c3889341c760d8b45438;hp=a6cd57540306e06f6eaf11218f2aafbe1bd8a2ef;hb=7ea933e2e4cac62194d860cf213c1fd106ce76c5;hpb=bccd4cc0dba0f89aa045b113bac46eb8cc1dab4e diff --git a/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java b/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java index a6cd5754..164facf6 100644 --- a/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java +++ b/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java @@ -9,6 +9,7 @@ import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URLConnection; import java.net.URLEncoder; +import java.security.PrivateKey; import java.sql.SQLException; import java.util.List; @@ -16,14 +17,14 @@ import org.junit.After; import org.junit.Test; import club.wpia.gigi.GigiApiException; +import club.wpia.gigi.dbObjects.CATS.CATSType; +import club.wpia.gigi.dbObjects.Certificate; import club.wpia.gigi.dbObjects.Country; -import club.wpia.gigi.dbObjects.Organisation; -import club.wpia.gigi.dbObjects.User; import club.wpia.gigi.dbObjects.Country.CountryCodeType; +import club.wpia.gigi.dbObjects.Organisation; import club.wpia.gigi.dbObjects.Organisation.Affiliation; +import club.wpia.gigi.dbObjects.User; import club.wpia.gigi.pages.account.MyDetails; -import club.wpia.gigi.pages.orga.CreateOrgPage; -import club.wpia.gigi.pages.orga.ViewOrgPage; import club.wpia.gigi.testUtils.IOUtils; import club.wpia.gigi.testUtils.OrgTest; @@ -53,7 +54,7 @@ public class TestOrgManagement extends OrgTest { assertEquals("opname", orgs[0].getOptionalName()); assertEquals("postaladdress", orgs[0].getPostalAddress()); - User u2 = User.getById(createAssuranceUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); + User u2 = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "email=" + URLEncoder.encode(u2.getEmail(), "UTF-8") + "&do_affiliate=y&master=y", 1)); List allAdmins = orgs[0].getAllAdmins(); assertEquals(1, allAdmins.size()); @@ -61,17 +62,18 @@ public class TestOrgManagement extends OrgTest { assertSame(u2, affiliation.getTarget()); assertTrue(affiliation.isMaster()); - assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "email=" + URLEncoder.encode(u.getEmail(), "UTF-8") + "&do_affiliate=y", 1)); + User u3 = User.getById(createVerificationUser("testworker2", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); + assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "email=" + URLEncoder.encode(u3.getEmail(), "UTF-8") + "&do_affiliate=y", 1)); allAdmins = orgs[0].getAllAdmins(); assertEquals(2, allAdmins.size()); Affiliation affiliation2 = allAdmins.get(0); if (affiliation2.getTarget().getId() == u2.getId()) { affiliation2 = allAdmins.get(1); } - assertEquals(u.getId(), affiliation2.getTarget().getId()); + assertEquals(u3.getId(), affiliation2.getTarget().getId()); assertFalse(affiliation2.isMaster()); - assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "del=" + URLEncoder.encode(u.getEmail(), "UTF-8") + "&email=&do_affiliate=y", 1)); + assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "del=" + URLEncoder.encode(u3.getEmail(), "UTF-8") + "&email=&do_affiliate=y", 1)); assertEquals(1, orgs[0].getAllAdmins().size()); assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "del=" + URLEncoder.encode(u2.getEmail(), "UTF-8") + "&email=&do_affiliate=y", 1)); @@ -84,16 +86,21 @@ public class TestOrgManagement extends OrgTest { } @Test - public void testNonAssurerSeeOnlyOwn() throws IOException, GigiApiException { - User u2 = User.getById(createAssuranceUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); + public void testNonAgentSeeOnlyOwn() throws IOException, GigiApiException { + User u2 = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); Organisation o1 = createUniqueOrg(); Organisation o2 = createUniqueOrg(); o1.addAdmin(u2, u, false); String session2 = login(u2.getEmail(), TEST_PASSWORD); + Certificate c1 = loginCertificate; + PrivateKey pk1 = loginPrivateKey; + loginCertificate = null; + URLConnection uc = get(session2, ViewOrgPage.DEFAULT_PATH); assertEquals(403, ((HttpURLConnection) uc).getResponseCode()); + session2 = cookieWithCertificateLogin(u2); uc = get(session2, MyDetails.PATH); String content = IOUtils.readURL(uc); assertThat(content, containsString(o1.getName())); @@ -103,6 +110,9 @@ public class TestOrgManagement extends OrgTest { uc = get(session2, ViewOrgPage.DEFAULT_PATH + "/" + o2.getId()); assertEquals(403, ((HttpURLConnection) uc).getResponseCode()); + loginCertificate = c1; + loginPrivateKey = pk1; + uc = get(ViewOrgPage.DEFAULT_PATH); content = IOUtils.readURL(uc); assertThat(content, containsString(o1.getName())); @@ -117,8 +127,8 @@ public class TestOrgManagement extends OrgTest { @Test public void testAffiliationRights() throws IOException, GigiApiException { - User u2 = User.getById(createAssuranceUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); - User u3 = User.getById(createAssuranceUser("testmaster", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); + User u2 = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); + User u3 = User.getById(createVerificationUser("testmaster", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); User u4_dummy = User.getById(createVerifiedUser("testmaster", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); Organisation o1 = createUniqueOrg(); o1.addAdmin(u3, u, true); @@ -144,6 +154,20 @@ public class TestOrgManagement extends OrgTest { o1.removeAdmin(u2, u3); o1.removeAdmin(u3, u3); assertEquals(0, o1.getAllAdmins().size()); + try { + // must fail because one may not add oneself + o1.addAdmin(u3, u3, false); + fail("No exception!"); + } catch (GigiApiException e) { + } + assertEquals(0, o1.getAllAdmins().size()); + try { + // must fail because one may not add oneself + o1.addAdmin(u3, u3, true); + fail("No exception!"); + } catch (GigiApiException e) { + } + assertEquals(0, o1.getAllAdmins().size()); o1.delete(); } @@ -254,4 +278,25 @@ public class TestOrgManagement extends OrgTest { return executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + o1.getId(), "action=updateCertificateData&O=" + o + "&C=" + c + "&ST=" + province + "&L=" + ct, 0); } + @Test + public void testAgentWithoutCertLogin() throws IOException, GigiApiException { + cookie = login(u.getEmail(), TEST_PASSWORD); + loginCertificate = null; + URLConnection uc = get(cookie, ViewOrgPage.DEFAULT_PATH); + assertEquals(403, ((HttpURLConnection) uc).getResponseCode()); + uc = get(cookie, CreateOrgPage.DEFAULT_PATH); + assertEquals(403, ((HttpURLConnection) uc).getResponseCode()); + } + + @Test + public void testAgentWithoutValidChallenge() throws IOException, GigiApiException { + User agent = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); + addChallenge(agent.getId(), CATSType.ORG_AGENT_CHALLENGE); + loginCertificate = null; + cookie = cookieWithCertificateLogin(agent); + URLConnection uc = get(cookie, ViewOrgPage.DEFAULT_PATH); + assertEquals(403, ((HttpURLConnection) uc).getResponseCode()); + uc = get(cookie, CreateOrgPage.DEFAULT_PATH); + assertEquals(403, ((HttpURLConnection) uc).getResponseCode()); + } }