--- /dev/null
+package org.cacert.gigi.pages.wot;
+
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.cacert.gigi.dbObjects.Group;
+import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.pages.admin.TTPAdminPage;
+import org.cacert.gigi.testUtils.ManagedTest;
+import org.junit.Test;
+
+public class TestTTPAdmin extends ManagedTest {
+
+ User us;
+
+ String cookie;
+
+ User us2;
+
+ public TestTTPAdmin() throws IOException {
+ String email = uniq + "@example.com";
+ us = User.getById(createVerifiedUser("fn", "ln", email, TEST_PASSWORD));
+ cookie = login(email, TEST_PASSWORD);
+ us2 = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@example.com", TEST_PASSWORD));
+ }
+
+ @Test
+ public void testHasRight() throws IOException {
+ testTTPAdmin(true);
+ }
+
+ @Test
+ public void testHasNoRight() throws IOException {
+ testTTPAdmin(false);
+ }
+
+ public void testTTPAdmin(boolean hasRight) throws IOException {
+ if (hasRight) {
+ grant(us.getEmail(), Group.getByString("ttp-assurer"));
+ }
+ grant(us.getEmail(), TTPAdminPage.TTP_APPLICANT);
+ cookie = login(us.getEmail(), TEST_PASSWORD);
+
+ assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH));
+ assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/"));
+ assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + us.getId()));
+ assertEquals( !hasRight ? 403 : 404, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + us2.getId()));
+ assertEquals( !hasRight ? 403 : 404, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + 100));
+ }
+
+ private int fetchStatusCode(String path) throws MalformedURLException, IOException {
+ URL u = new URL(path);
+ return ((HttpURLConnection) cookie(u.openConnection(), cookie)).getResponseCode();
+ }
+}
import org.cacert.gigi.database.GigiPreparedStatement;
import org.cacert.gigi.database.GigiResultSet;
import org.cacert.gigi.dbObjects.EmailAddress;
+import org.cacert.gigi.dbObjects.Group;
import org.cacert.gigi.dbObjects.ObjectCache;
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.pages.Manager;
import org.cacert.gigi.pages.account.MyDetails;
import org.cacert.gigi.pages.main.RegisterPage;
import org.cacert.gigi.testUtils.TestEmailReciever.TestMail;
mainProps.setProperty("sql.url", testProps.getProperty("sql.url"));
mainProps.setProperty("sql.user", testProps.getProperty("sql.user"));
mainProps.setProperty("sql.password", testProps.getProperty("sql.password"));
+ mainProps.setProperty("testing", "true");
return mainProps;
}
}
}
+ public static void grant(String email, Group g) throws IOException {
+ HttpURLConnection huc = (HttpURLConnection) new URL("https://" + getServerName() + Manager.PATH).openConnection();
+ huc.setDoOutput(true);
+ huc.getOutputStream().write(("addpriv=y&priv=" + URLEncoder.encode(g.getDatabaseName(), "UTF-8") + "&email=" + URLEncoder.encode(email, "UTF-8")).getBytes());
+ assertEquals(200, huc.getResponseCode());
+ }
+
/**
* Creates a new user with 100 Assurance points given by an (invalid)
* assurance.