add: test 403/404-Behavior for TTP-admin page
authorFelix Dörre <felix@dogcraft.de>
Mon, 10 Nov 2014 17:20:24 +0000 (18:20 +0100)
committerJanis Streib <janis@dogcraft.de>
Wed, 31 Dec 2014 01:36:08 +0000 (02:36 +0100)
tests/org/cacert/gigi/pages/wot/TestTTPAdmin.java [new file with mode: 0644]
tests/org/cacert/gigi/testUtils/ManagedTest.java

diff --git a/tests/org/cacert/gigi/pages/wot/TestTTPAdmin.java b/tests/org/cacert/gigi/pages/wot/TestTTPAdmin.java
new file mode 100644 (file)
index 0000000..b1cbf9a
--- /dev/null
@@ -0,0 +1,59 @@
+package org.cacert.gigi.pages.wot;
+
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.cacert.gigi.dbObjects.Group;
+import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.pages.admin.TTPAdminPage;
+import org.cacert.gigi.testUtils.ManagedTest;
+import org.junit.Test;
+
+public class TestTTPAdmin extends ManagedTest {
+
+    User us;
+
+    String cookie;
+
+    User us2;
+
+    public TestTTPAdmin() throws IOException {
+        String email = uniq + "@example.com";
+        us = User.getById(createVerifiedUser("fn", "ln", email, TEST_PASSWORD));
+        cookie = login(email, TEST_PASSWORD);
+        us2 = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@example.com", TEST_PASSWORD));
+    }
+
+    @Test
+    public void testHasRight() throws IOException {
+        testTTPAdmin(true);
+    }
+
+    @Test
+    public void testHasNoRight() throws IOException {
+        testTTPAdmin(false);
+    }
+
+    public void testTTPAdmin(boolean hasRight) throws IOException {
+        if (hasRight) {
+            grant(us.getEmail(), Group.getByString("ttp-assurer"));
+        }
+        grant(us.getEmail(), TTPAdminPage.TTP_APPLICANT);
+        cookie = login(us.getEmail(), TEST_PASSWORD);
+
+        assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH));
+        assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/"));
+        assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + us.getId()));
+        assertEquals( !hasRight ? 403 : 404, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + us2.getId()));
+        assertEquals( !hasRight ? 403 : 404, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + 100));
+    }
+
+    private int fetchStatusCode(String path) throws MalformedURLException, IOException {
+        URL u = new URL(path);
+        return ((HttpURLConnection) cookie(u.openConnection(), cookie)).getResponseCode();
+    }
+}
index 437031e4bf8a3b6fef077cfff37c0b52ed64b0a2..c0c8ad49275843b94aa64ac1de90b78780c53bd7 100644 (file)
@@ -39,9 +39,11 @@ import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.database.GigiResultSet;
 import org.cacert.gigi.dbObjects.EmailAddress;
+import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.ObjectCache;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.pages.Manager;
 import org.cacert.gigi.pages.account.MyDetails;
 import org.cacert.gigi.pages.main.RegisterPage;
 import org.cacert.gigi.testUtils.TestEmailReciever.TestMail;
@@ -181,6 +183,7 @@ public class ManagedTest extends ConfiguredTest {
         mainProps.setProperty("sql.url", testProps.getProperty("sql.url"));
         mainProps.setProperty("sql.user", testProps.getProperty("sql.user"));
         mainProps.setProperty("sql.password", testProps.getProperty("sql.password"));
+        mainProps.setProperty("testing", "true");
         return mainProps;
     }
 
@@ -288,6 +291,13 @@ public class ManagedTest extends ConfiguredTest {
         }
     }
 
+    public static void grant(String email, Group g) throws IOException {
+        HttpURLConnection huc = (HttpURLConnection) new URL("https://" + getServerName() + Manager.PATH).openConnection();
+        huc.setDoOutput(true);
+        huc.getOutputStream().write(("addpriv=y&priv=" + URLEncoder.encode(g.getDatabaseName(), "UTF-8") + "&email=" + URLEncoder.encode(email, "UTF-8")).getBytes());
+        assertEquals(200, huc.getResponseCode());
+    }
+
     /**
      * Creates a new user with 100 Assurance points given by an (invalid)
      * assurance.