From 72f66415d262c7328d420f0d5af062dbffc412df Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Mon, 10 Nov 2014 18:20:24 +0100
Subject: [PATCH] add: test 403/404-Behavior for TTP-admin page

---
 .../cacert/gigi/pages/wot/TestTTPAdmin.java   | 59 +++++++++++++++++++
 .../cacert/gigi/testUtils/ManagedTest.java    | 10 ++++
 2 files changed, 69 insertions(+)
 create mode 100644 tests/org/cacert/gigi/pages/wot/TestTTPAdmin.java

diff --git a/tests/org/cacert/gigi/pages/wot/TestTTPAdmin.java b/tests/org/cacert/gigi/pages/wot/TestTTPAdmin.java
new file mode 100644
index 00000000..b1cbf9ab
--- /dev/null
+++ b/tests/org/cacert/gigi/pages/wot/TestTTPAdmin.java
@@ -0,0 +1,59 @@
+package org.cacert.gigi.pages.wot;
+
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.cacert.gigi.dbObjects.Group;
+import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.pages.admin.TTPAdminPage;
+import org.cacert.gigi.testUtils.ManagedTest;
+import org.junit.Test;
+
+public class TestTTPAdmin extends ManagedTest {
+
+    User us;
+
+    String cookie;
+
+    User us2;
+
+    public TestTTPAdmin() throws IOException {
+        String email = uniq + "@example.com";
+        us = User.getById(createVerifiedUser("fn", "ln", email, TEST_PASSWORD));
+        cookie = login(email, TEST_PASSWORD);
+        us2 = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@example.com", TEST_PASSWORD));
+    }
+
+    @Test
+    public void testHasRight() throws IOException {
+        testTTPAdmin(true);
+    }
+
+    @Test
+    public void testHasNoRight() throws IOException {
+        testTTPAdmin(false);
+    }
+
+    public void testTTPAdmin(boolean hasRight) throws IOException {
+        if (hasRight) {
+            grant(us.getEmail(), Group.getByString("ttp-assurer"));
+        }
+        grant(us.getEmail(), TTPAdminPage.TTP_APPLICANT);
+        cookie = login(us.getEmail(), TEST_PASSWORD);
+
+        assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH));
+        assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/"));
+        assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + us.getId()));
+        assertEquals( !hasRight ? 403 : 404, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + us2.getId()));
+        assertEquals( !hasRight ? 403 : 404, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + 100));
+    }
+
+    private int fetchStatusCode(String path) throws MalformedURLException, IOException {
+        URL u = new URL(path);
+        return ((HttpURLConnection) cookie(u.openConnection(), cookie)).getResponseCode();
+    }
+}
diff --git a/tests/org/cacert/gigi/testUtils/ManagedTest.java b/tests/org/cacert/gigi/testUtils/ManagedTest.java
index 437031e4..c0c8ad49 100644
--- a/tests/org/cacert/gigi/testUtils/ManagedTest.java
+++ b/tests/org/cacert/gigi/testUtils/ManagedTest.java
@@ -39,9 +39,11 @@ import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.database.GigiResultSet;
 import org.cacert.gigi.dbObjects.EmailAddress;
+import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.ObjectCache;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.pages.Manager;
 import org.cacert.gigi.pages.account.MyDetails;
 import org.cacert.gigi.pages.main.RegisterPage;
 import org.cacert.gigi.testUtils.TestEmailReciever.TestMail;
@@ -181,6 +183,7 @@ public class ManagedTest extends ConfiguredTest {
         mainProps.setProperty("sql.url", testProps.getProperty("sql.url"));
         mainProps.setProperty("sql.user", testProps.getProperty("sql.user"));
         mainProps.setProperty("sql.password", testProps.getProperty("sql.password"));
+        mainProps.setProperty("testing", "true");
         return mainProps;
     }
 
@@ -288,6 +291,13 @@ public class ManagedTest extends ConfiguredTest {
         }
     }
 
+    public static void grant(String email, Group g) throws IOException {
+        HttpURLConnection huc = (HttpURLConnection) new URL("https://" + getServerName() + Manager.PATH).openConnection();
+        huc.setDoOutput(true);
+        huc.getOutputStream().write(("addpriv=y&priv=" + URLEncoder.encode(g.getDatabaseName(), "UTF-8") + "&email=" + URLEncoder.encode(email, "UTF-8")).getBytes());
+        assertEquals(200, huc.getResponseCode());
+    }
+
     /**
      * Creates a new user with 100 Assurance points given by an (invalid)
      * assurance.
-- 
2.39.2