diff --git a/src/app/extension/test/WSTestClientStateful.java b/src/app/extension/test/WSTestClientStateful.java index dd887009..4e7d21dc 100644 --- a/src/app/extension/test/WSTestClientStateful.java +++ b/src/app/extension/test/WSTestClientStateful.java @@ -15,10 +15,12 @@ public class WSTestClientStateful { private WSClient ws; private List cookies; + private boolean followRedirects; public WSTestClientStateful(int port) { this.ws = WSTestClient.newClient(port); this.cookies = new ArrayList<>(); + followRedirects = false; } private void updateCookies(WSResponse response) { @@ -31,14 +33,14 @@ private void updateCookies(WSResponse response) { } public WSResponse get(String url) throws ExecutionException, InterruptedException { - WSResponse response = ws.url(url).setCookies(cookies).get().toCompletableFuture().get(); + WSResponse response = ws.url(url).setFollowRedirects(followRedirects).setCookies(cookies).get().toCompletableFuture().get(); updateCookies(response); return response; } public WSResponse post(String url, List parameter) throws ExecutionException, InterruptedException { String encParameters = URLEncodedUtils.format(parameter, "utf-8"); - WSResponse response = ws.url(url).setCookies(cookies).setContentType("application/x-www-form-urlencoded").post(encParameters).toCompletableFuture().get(); + WSResponse response = ws.url(url).setFollowRedirects(followRedirects).setCookies(cookies).setContentType("application/x-www-form-urlencoded").post(encParameters).toCompletableFuture().get(); updateCookies(response); return response; } @@ -46,4 +48,8 @@ public WSResponse post(String url, List parameter) throws Executi public void close() throws IOException { ws.close(); } + + public void setFollowRedirects(boolean value) { + followRedirects = value; + } } diff --git a/src/test/endToEnd/AuthenticationTests.java b/src/test/endToEnd/AuthenticationTests.java index 4e8a62fd..23ce1ab4 100644 --- a/src/test/endToEnd/AuthenticationTests.java +++ b/src/test/endToEnd/AuthenticationTests.java @@ -3,9 +3,7 @@ import com.google.common.collect.ImmutableList; import extension.test.WSTestClientStateful; import org.apache.http.message.BasicNameValuePair; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; +import org.junit.*; import org.junit.experimental.runners.Enclosed; import org.junit.runner.RunWith; import org.junit.runners.Parameterized; @@ -70,13 +68,175 @@ public static void login(String username, String password) throws Exception { )); } + public static void logout() throws Exception { + String csrfToken = getCsrfToken("/"); + + WSResponse response = ws.post("/logout", ImmutableList.of( + new BasicNameValuePair("csrfToken", csrfToken) + )); + } + + public static void sendRequest(String httpVerb, String httpEndpoint, int expectedHttpStatus, String correspondingGetPage) throws Exception { + if(httpVerb.equals("GET")) { + WSResponse response = ws.get(httpEndpoint); + assertEquals(expectedHttpStatus, response.getStatus()); + } + + else if(httpVerb.equals("POST")) { + String csrfToken = getCsrfToken(correspondingGetPage); + WSResponse response = ws.post(httpEndpoint, ImmutableList.of( + new BasicNameValuePair("csrfToken", csrfToken) + )); + assertEquals(expectedHttpStatus, response.getStatus()); + } + + else { + throw new Exception("Unknown method"); + } + } + + @RunWith(Parameterized.class) + public static class AuthenticatedUserAuthenticationTests { + @Before + public void setup() throws Exception { + login("peter", "peter"); + } + + @After + public void tearDown() throws Exception { + logout(); + } + + @Parameterized.Parameters( + name = "Test #{index} as authenticated user: {0} on endpoint {1} -> HTTP Status {2}" + ) + public static Collection data() { + // This list was created with an Regex on our conf/routes file. + // Regex: ^(GET|POST)\s*(\/\w*(\/*:*\**\w*)*)\s*(controllers.*) + // Substituion: { "\1", "\2", }, // \4 + return Arrays.asList(new Object[][] { + // Administrators can access all pages. Accessing another endpoint which + // requires authentication, will redirect the unauthorized user to /login. + { "GET", "/", Http.Status.OK, "/" }, // controllers.HomeController.index + + // This is see other, as we are logging in as the admin before starting the tests. + { "GET", "/login", Http.Status.SEE_OTHER, "/login" }, // controllers.LoginController.showLoginForm + { "POST", "/login", Http.Status.SEE_OTHER, "/" }, // controllers.LoginController.login + { "POST", "/logout", Http.Status.SEE_OTHER, "/" }, // controllers.LoginController.logout + { "GET", "/changePasswordAfterReset", Http.Status.SEE_OTHER, "/changePasswordAfterReset" }, // controllers.LoginController.showChangePasswordAfterResetForm + { "POST", "/changePasswordAfterReset", Http.Status.SEE_OTHER, "/" }, // controllers.LoginController.changePasswordAfterReset + { "GET", "/resetPassword", Http.Status.SEE_OTHER, "/resetPassword" }, // controllers.LoginController.showResetPasswordForm + { "POST", "/resetPassword", Http.Status.SEE_OTHER, "/" }, // controllers.LoginController.requestResetPassword + { "GET", "/resetPassword/:tokenId", Http.Status.BAD_REQUEST, "/resetPassword/:tokenId" }, // controllers.LoginController.showResetPasswordWithTokenForm(tokenId : java.util.UUID) + { "POST", "/resetPassword/:tokenId", Http.Status.BAD_REQUEST, "/" }, // controllers.LoginController.resetPasswordWithToken(tokenId : java.util.UUID) + + { "POST", "/users/create", Http.Status.BAD_REQUEST, "/" }, // controllers.UserController.createUser + { "GET", "/users/create", Http.Status.FORBIDDEN, "/users/create" }, // controllers.UserController.showCreateUserForm + { "GET", "/users/all", Http.Status.FORBIDDEN, "/users/all" }, // controllers.UserController.showUsers + { "GET", "/users/admins", Http.Status.FORBIDDEN, "/users/all" }, // controllers.UserController.showAdminUsers + { "POST", "/users/confirmDelete", Http.Status.BAD_REQUEST, "/" }, // controllers.UserController.showConfirmDeleteForm + { "POST", "/users/delete", Http.Status.BAD_REQUEST, "/" }, // controllers.UserController.deleteUser + { "GET", "/users/1/settings", Http.Status.FORBIDDEN, "/users/1/settings" }, // controllers.UserController.showUserAdminSettings(userId:Long) + { "POST", "/users/editQuota", Http.Status.BAD_REQUEST , "/"}, // controllers.UserController.changeUserQuotaLimit + { "POST", "/users/deactivateTwoFactorAuth", Http.Status.BAD_REQUEST, "/" }, // controllers.UserController.deactivateSpecificUserTwoFactorAuth + { "GET", "/sessions", Http.Status.OK , "/sessions"}, // controllers.UserController.showActiveUserSessions() + { "POST", "/sessions/delete", Http.Status.BAD_REQUEST, "/sessions" }, // controllers.UserController.deleteUserSession() + { "GET", "/settings", Http.Status.OK, "/settings" }, // controllers.UserController.showUserSettings() + { "POST", "/settings/sessionTimeout", Http.Status.BAD_REQUEST , "/settings"}, // controllers.UserController.changeUserSessionTimeout() + { "POST", "/settings/changePassword", Http.Status.BAD_REQUEST, "/settings" }, // controllers.UserController.changeUserPassword() + { "GET", "/settings/confirmActivateTwoFactorAuth", Http.Status.OK, "/settings/confirmActivateTwoFactorAuth" }, // controllers.UserController.show2FactorAuthConfirmationForm() + { "POST", "/settings/activateTwoFactorAuth", Http.Status.BAD_REQUEST, "/settings/confirmActivateTwoFactorAuth" }, // controllers.UserController.activateTwoFactorAuth() + { "POST", "/settings/deactivateTwoFactorAuth", Http.Status.SEE_OTHER, "/settings"}, // controllers.UserController.deactivateTwoFactorAuth() + + { "GET", "/groups/membership", Http.Status.OK, "/groups/membership" }, // controllers.GroupController.showOwnMemberships + { "GET", "/groups/own", Http.Status.OK, "/groups/own" }, // controllers.GroupController.showOwnGroups + { "GET", "/groups/all", Http.Status.FORBIDDEN, "/groups/all" }, // controllers.GroupController.showAllGroups + { "POST", "/groups/confirmDelete", Http.Status.BAD_REQUEST , "/" }, // controllers.GroupController.confirmDelete + { "POST", "/groups/delete", Http.Status.BAD_REQUEST, "/" }, // controllers.GroupController.deleteGroup + { "GET", "/groups/create", Http.Status.OK, "/groups/create" }, // controllers.GroupController.showCreateGroupForm + { "POST", "/groups/create", Http.Status.BAD_REQUEST, "/groups/create" }, // controllers.GroupController.createGroup + { "GET", "/groups/1", Http.Status.SEE_OTHER, "/groups/1" }, // controllers.GroupController.showGroup(groupId : Long) + { "GET", "/groups/1/files", Http.Status.OK, "/groups/1/files" }, // controllers.GroupController.showGroupFiles(groupId : Long) + { "GET", "/groups/1/members", Http.Status.OK , "/groups/1/members"}, // controllers.GroupController.showGroupMembers(groupId : Long) + { "POST", "/groups/1/members/remove", Http.Status.BAD_REQUEST, "/groups/1/members" }, // controllers.GroupController.removeGroupMember(groupId : Long) + { "GET", "/groups/1/members/add", Http.Status.OK, "/groups/1/members/add" }, // controllers.GroupController.showAddMemberForm(groupId : Long) + { "POST", "/groups/1/members/add", Http.Status.BAD_REQUEST, "/groups/1/members/add" }, // controllers.GroupController.addGroupMember(groupId : Long) + + { "GET", "/files/own", Http.Status.OK, "/files/own" }, // controllers.FileController.showOwnFiles + { "GET", "/files/shared", Http.Status.OK , "/files/shared"}, // controllers.FileController.showSharedFiles + { "GET", "/files/thirdParty", Http.Status.OK, "/files/thirdParty" }, // controllers.FileController.showThirdPartyFiles + { "POST", "/files/delete", Http.Status.BAD_REQUEST, "/files/own" }, // controllers.FileController.deleteFile + { "GET", "/files/upload", Http.Status.OK, "/files/upload" }, // controllers.FileController.showUploadFileForm + { "POST", "/files/upload", Http.Status.BAD_REQUEST, "/files/upload" }, // controllers.FileController.uploadFile + { "GET", "/files/uploadToGroup/1", Http.Status.OK , "/files/uploadToGroup/1"}, // controllers.FileController.showUploadFileToGroupForm(groupId:Long) + { "GET", "/files/quota", Http.Status.OK, "/files/quota" }, // controllers.FileController.showQuotaUsage + { "GET", "/files/2", Http.Status.OK, "/files/2" }, // controllers.FileController.showFile(fileId: Long) + { "GET", "/files/1/download", Http.Status.OK, "/files/2/download" }, // controllers.FileController.downloadFile(fileId: Long) + { "POST", "/files/editComment", Http.Status.BAD_REQUEST, "/" }, // controllers.FileController.editFileComment + { "POST", "/files/editContent", Http.Status.BAD_REQUEST, "/" }, // controllers.FileController.editFileContent + { "POST", "/files/search", Http.Status.BAD_REQUEST, "/" }, // controllers.FileController.searchFiles + + { "POST", "/permissions/editUserPermission", Http.Status.BAD_REQUEST, "/files/2" }, // controllers.PermissionController.showEditUserPermissionForm() + { "POST", "/permissions/editUserPermission/submit", Http.Status.BAD_REQUEST, "/files/2" }, // controllers.PermissionController.editUserPermission() + { "POST", "/permissions/editGroupPermission", Http.Status.BAD_REQUEST, "/files/2" }, // controllers.PermissionController.showEditGroupPermissionForm() + { "POST", "/permissions/editGroupPermission/submit", Http.Status.BAD_REQUEST, "/files/2" }, // controllers.PermissionController.editGroupPermission() + { "GET", "/permissions/createUserPermission/2", Http.Status.OK, "/permissions/createUserPermission/2" }, // controllers.PermissionController.showCreateUserPermission(fileId : Long) + { "GET", "/permissions/createGroupPermission/2", Http.Status.OK, "/permissions/createUserPermission/2" }, // controllers.PermissionController.showCreateGroupPermission(fileId : Long) + { "POST", "/permissions/deletegrouppermission/", Http.Status.BAD_REQUEST, "/files/2" }, // controllers.PermissionController.deleteGroupPermission() + { "POST", "/permissions/deleteuserpermission/", Http.Status.BAD_REQUEST, "/files/2" }, // controllers.PermissionController.deleteUserPermission() + { "POST", "/permissions/creategrouppermission/", Http.Status.BAD_REQUEST, "/files/2" }, // controllers.PermissionController.createGroupPermission() + { "POST", "/permissions/createuserpermission/", Http.Status.BAD_REQUEST, "/files/2" }, // controllers.PermissionController.createUserPermission() + + { "GET", "/netservices/all", Http.Status.FORBIDDEN, "/netservices/all" }, // controllers.NetServiceController.showAllNetServices + { "GET", "/netservices/create", Http.Status.FORBIDDEN , "/netservices/create"}, // controllers.NetServiceController.showAddNetServiceForm + { "POST", "/netservices/create", Http.Status.BAD_REQUEST, "/" }, // controllers.NetServiceController.createNetService + { "POST", "/netservices/confirmDelete", Http.Status.BAD_REQUEST, "/" }, // controllers.NetServiceController.showDeleteNetServiceConfirmation + { "POST", "/netservices/delete", Http.Status.BAD_REQUEST , "/"}, // controllers.NetServiceController.deleteNetService + { "GET", "/netservices/edit/1", Http.Status.FORBIDDEN, "/netservices/edit/1"}, // controllers.NetServiceController.showEditNetService(netServiceId:Long) + { "POST", "/netservices/edit", Http.Status.BAD_REQUEST, "/" }, // controllers.NetServiceController.editNetService + { "POST", "/netservices/addparameter", Http.Status.BAD_REQUEST, "/" }, // controllers.NetServiceController.addNetServiceParameter + { "POST", "/netservices/removeparameter", Http.Status.BAD_REQUEST, "/" }, // controllers.NetServiceController.removeNetServiceParameter + { "GET", "/credentials", Http.Status.OK, "/credentials" }, // controllers.NetServiceController.showUserNetServiceCredentials + { "GET", "/credentials/create", Http.Status.OK, "/credentials/create" }, // controllers.NetServiceController.showCreateNetServiceCredentialForm + { "POST", "/credentials/create", Http.Status.BAD_REQUEST, "/credentials/create" }, // controllers.NetServiceController.createNetServiceCredential + { "POST", "/credentials/delete", Http.Status.BAD_REQUEST, "/credentials" }, // controllers.NetServiceController.deleteNetServiceCredential + { "POST", "/credentials/decrypt", Http.Status.BAD_REQUEST, "/credentials" }, // controllers.NetServiceController.decryptNetServiceCredential(credentialId : Long) + + { "GET", "/assets/css/style.css", Http.Status.OK, "/assets/css/style.css" }, // controllers.Assets.at(path="/public", file) + }); + } + + // first data value (0) is default + @Parameterized.Parameter + public String httpVerb; + + @Parameterized.Parameter(1) + public String httpEndpoint; + + @Parameterized.Parameter(2) + public int expectedHttpStatus; + + @Parameterized.Parameter(3) + public String correspondingGetPage; + + @Test + public void checkThatAuthenticatedUserCanAccessTheirPages() throws Exception { + sendRequest(httpVerb, httpEndpoint, expectedHttpStatus, correspondingGetPage); + } + } + @RunWith(Parameterized.class) public static class AdminUserAuthenticationTests { - @BeforeClass - public static void setup() throws Exception { + @Before + public void setup() throws Exception { login("admin", "admin"); } + @After + public void tearDown() throws Exception { + logout(); + } + @Parameterized.Parameters( name = "Test #{index} as admin: {0} on endpoint {1} -> HTTP Status {2}" ) @@ -85,10 +245,94 @@ public static Collection data() { // Regex: ^(GET|POST)\s*(\/\w*(\/*:*\**\w*)*)\s*(controllers.*) // Substituion: { "\1", "\2", }, // \4 return Arrays.asList(new Object[][] { - // Unauthorized user can only access /login. Accessing another endpoint which + // Administrators can access all pages. Accessing another endpoint which // requires authentication, will redirect the unauthorized user to /login. - { "POST", "/users/create", Http.Status.BAD_REQUEST }, // controllers.UserController.createUser - { "GET", "/users/create", Http.Status.OK }, // controllers.UserController.showCreateUserForm + { "GET", "/", Http.Status.OK, "/" }, // controllers.HomeController.index + + // This is see other, as we are logging in as the admin before starting the tests. + { "GET", "/login", Http.Status.SEE_OTHER, "/login" }, // controllers.LoginController.showLoginForm + { "POST", "/login", Http.Status.SEE_OTHER, "/" }, // controllers.LoginController.login + { "POST", "/logout", Http.Status.SEE_OTHER, "/" }, // controllers.LoginController.logout + { "GET", "/changePasswordAfterReset", Http.Status.SEE_OTHER, "/changePasswordAfterReset" }, // controllers.LoginController.showChangePasswordAfterResetForm + { "POST", "/changePasswordAfterReset", Http.Status.SEE_OTHER, "/" }, // controllers.LoginController.changePasswordAfterReset + { "GET", "/resetPassword", Http.Status.SEE_OTHER, "/resetPassword" }, // controllers.LoginController.showResetPasswordForm + { "POST", "/resetPassword", Http.Status.SEE_OTHER, "/" }, // controllers.LoginController.requestResetPassword + { "GET", "/resetPassword/:tokenId", Http.Status.BAD_REQUEST, "/resetPassword/:tokenId" }, // controllers.LoginController.showResetPasswordWithTokenForm(tokenId : java.util.UUID) + { "POST", "/resetPassword/:tokenId", Http.Status.BAD_REQUEST, "/" }, // controllers.LoginController.resetPasswordWithToken(tokenId : java.util.UUID) + + { "POST", "/users/create", Http.Status.BAD_REQUEST, "/users/create" }, // controllers.UserController.createUser + { "GET", "/users/create", Http.Status.OK, "/users/create" }, // controllers.UserController.showCreateUserForm + { "GET", "/users/all", Http.Status.OK, "/users/all" }, // controllers.UserController.showUsers + { "GET", "/users/admins", Http.Status.OK, "/users/all" }, // controllers.UserController.showAdminUsers + { "POST", "/users/confirmDelete", Http.Status.BAD_REQUEST, "/users/all" }, // controllers.UserController.showConfirmDeleteForm + { "POST", "/users/delete", Http.Status.BAD_REQUEST, "/users/all" }, // controllers.UserController.deleteUser + { "GET", "/users/1/settings", Http.Status.OK, "/users/1/settings" }, // controllers.UserController.showUserAdminSettings(userId:Long) + { "POST", "/users/editQuota", Http.Status.BAD_REQUEST , "/users/1/settings"}, // controllers.UserController.changeUserQuotaLimit + { "POST", "/users/deactivateTwoFactorAuth", Http.Status.BAD_REQUEST, "/users/1/settings" }, // controllers.UserController.deactivateSpecificUserTwoFactorAuth + { "GET", "/sessions", Http.Status.OK , "/sessions"}, // controllers.UserController.showActiveUserSessions() + { "POST", "/sessions/delete", Http.Status.BAD_REQUEST, "/sessions" }, // controllers.UserController.deleteUserSession() + { "GET", "/settings", Http.Status.OK, "/settings" }, // controllers.UserController.showUserSettings() + { "POST", "/settings/sessionTimeout", Http.Status.BAD_REQUEST , "/settings"}, // controllers.UserController.changeUserSessionTimeout() + { "POST", "/settings/changePassword", Http.Status.BAD_REQUEST, "/settings" }, // controllers.UserController.changeUserPassword() + { "GET", "/settings/confirmActivateTwoFactorAuth", Http.Status.OK, "/settings/confirmActivateTwoFactorAuth" }, // controllers.UserController.show2FactorAuthConfirmationForm() + { "POST", "/settings/activateTwoFactorAuth", Http.Status.BAD_REQUEST, "/settings/confirmActivateTwoFactorAuth" }, // controllers.UserController.activateTwoFactorAuth() + { "POST", "/settings/deactivateTwoFactorAuth", Http.Status.SEE_OTHER, "/settings"}, // controllers.UserController.deactivateTwoFactorAuth() + + { "GET", "/groups/membership", Http.Status.OK, "/groups/membership" }, // controllers.GroupController.showOwnMemberships + { "GET", "/groups/own", Http.Status.OK, "/groups/own" }, // controllers.GroupController.showOwnGroups + { "GET", "/groups/all", Http.Status.OK, "/groups/all" }, // controllers.GroupController.showAllGroups + { "POST", "/groups/confirmDelete", Http.Status.BAD_REQUEST , "/groups/all" }, // controllers.GroupController.confirmDelete + { "POST", "/groups/delete", Http.Status.BAD_REQUEST, "/groups/all" }, // controllers.GroupController.deleteGroup + { "GET", "/groups/create", Http.Status.OK, "/groups/create" }, // controllers.GroupController.showCreateGroupForm + { "POST", "/groups/create", Http.Status.BAD_REQUEST, "/groups/create" }, // controllers.GroupController.createGroup + { "GET", "/groups/1", Http.Status.SEE_OTHER, "/groups/1" }, // controllers.GroupController.showGroup(groupId : Long) + { "GET", "/groups/1/files", Http.Status.OK, "/groups/1/files" }, // controllers.GroupController.showGroupFiles(groupId : Long) + { "GET", "/groups/1/members", Http.Status.OK , "/groups/1/members"}, // controllers.GroupController.showGroupMembers(groupId : Long) + { "POST", "/groups/1/members/remove", Http.Status.BAD_REQUEST, "/groups/1/members" }, // controllers.GroupController.removeGroupMember(groupId : Long) + { "GET", "/groups/1/members/add", Http.Status.OK, "/groups/1/members/add" }, // controllers.GroupController.showAddMemberForm(groupId : Long) + { "POST", "/groups/1/members/add", Http.Status.BAD_REQUEST, "/groups/1/members/add" }, // controllers.GroupController.addGroupMember(groupId : Long) + + { "GET", "/files/own", Http.Status.OK, "/files/own" }, // controllers.FileController.showOwnFiles + { "GET", "/files/shared", Http.Status.OK , "/files/shared"}, // controllers.FileController.showSharedFiles + { "GET", "/files/thirdParty", Http.Status.OK, "/files/thirdParty" }, // controllers.FileController.showThirdPartyFiles + { "POST", "/files/delete", Http.Status.BAD_REQUEST, "/files/own" }, // controllers.FileController.deleteFile + { "GET", "/files/upload", Http.Status.OK, "/files/upload" }, // controllers.FileController.showUploadFileForm + { "POST", "/files/upload", Http.Status.BAD_REQUEST, "/files/upload" }, // controllers.FileController.uploadFile + { "GET", "/files/uploadToGroup/1", Http.Status.OK , "/files/uploadToGroup/1"}, // controllers.FileController.showUploadFileToGroupForm(groupId:Long) + { "GET", "/files/quota", Http.Status.OK, "/files/quota" }, // controllers.FileController.showQuotaUsage + { "GET", "/files/1", Http.Status.OK, "/files/1" }, // controllers.FileController.showFile(fileId: Long) + { "GET", "/files/1/download", Http.Status.OK, "/files/1/download" }, // controllers.FileController.downloadFile(fileId: Long) + { "POST", "/files/editComment", Http.Status.BAD_REQUEST, "/" }, // controllers.FileController.editFileComment + { "POST", "/files/editContent", Http.Status.BAD_REQUEST, "/" }, // controllers.FileController.editFileContent + { "POST", "/files/search", Http.Status.BAD_REQUEST, "/" }, // controllers.FileController.searchFiles + + { "POST", "/permissions/editUserPermission", Http.Status.BAD_REQUEST, "/files/1" }, // controllers.PermissionController.showEditUserPermissionForm() + { "POST", "/permissions/editUserPermission/submit", Http.Status.BAD_REQUEST, "/files/1" }, // controllers.PermissionController.editUserPermission() + { "POST", "/permissions/editGroupPermission", Http.Status.BAD_REQUEST, "/files/1" }, // controllers.PermissionController.showEditGroupPermissionForm() + { "POST", "/permissions/editGroupPermission/submit", Http.Status.BAD_REQUEST, "/files/1" }, // controllers.PermissionController.editGroupPermission() + { "GET", "/permissions/createUserPermission/1", Http.Status.OK, "/permissions/createUserPermission/1" }, // controllers.PermissionController.showCreateUserPermission(fileId : Long) + { "GET", "/permissions/createGroupPermission/1", Http.Status.OK, "/permissions/createUserPermission/1" }, // controllers.PermissionController.showCreateGroupPermission(fileId : Long) + { "POST", "/permissions/deletegrouppermission/", Http.Status.BAD_REQUEST, "/files/1" }, // controllers.PermissionController.deleteGroupPermission() + { "POST", "/permissions/deleteuserpermission/", Http.Status.BAD_REQUEST, "/files/1" }, // controllers.PermissionController.deleteUserPermission() + { "POST", "/permissions/creategrouppermission/", Http.Status.BAD_REQUEST, "/files/1" }, // controllers.PermissionController.createGroupPermission() + { "POST", "/permissions/createuserpermission/", Http.Status.BAD_REQUEST, "/files/1" }, // controllers.PermissionController.createUserPermission() + + { "GET", "/netservices/all", Http.Status.OK, "/netservices/all" }, // controllers.NetServiceController.showAllNetServices + { "GET", "/netservices/create", Http.Status.OK , "/netservices/create"}, // controllers.NetServiceController.showAddNetServiceForm + { "POST", "/netservices/create", Http.Status.BAD_REQUEST, "/netservices/create" }, // controllers.NetServiceController.createNetService + { "POST", "/netservices/confirmDelete", Http.Status.BAD_REQUEST, "/netservices/all" }, // controllers.NetServiceController.showDeleteNetServiceConfirmation + { "POST", "/netservices/delete", Http.Status.BAD_REQUEST , "/netservices/all"}, // controllers.NetServiceController.deleteNetService + { "GET", "/netservices/edit/1", Http.Status.OK, "/netservices/edit/1"}, // controllers.NetServiceController.showEditNetService(netServiceId:Long) + { "POST", "/netservices/edit", Http.Status.BAD_REQUEST, "/netservices/edit/1" }, // controllers.NetServiceController.editNetService + { "POST", "/netservices/addparameter", Http.Status.BAD_REQUEST, "/netservices/edit/1" }, // controllers.NetServiceController.addNetServiceParameter + { "POST", "/netservices/removeparameter", Http.Status.BAD_REQUEST, "/netservices/edit/1" }, // controllers.NetServiceController.removeNetServiceParameter + { "GET", "/credentials", Http.Status.OK, "/credentials" }, // controllers.NetServiceController.showUserNetServiceCredentials + { "GET", "/credentials/create", Http.Status.OK, "/credentials/create" }, // controllers.NetServiceController.showCreateNetServiceCredentialForm + { "POST", "/credentials/create", Http.Status.BAD_REQUEST, "/credentials/create" }, // controllers.NetServiceController.createNetServiceCredential + { "POST", "/credentials/delete", Http.Status.BAD_REQUEST, "/credentials" }, // controllers.NetServiceController.deleteNetServiceCredential + { "POST", "/credentials/decrypt", Http.Status.BAD_REQUEST, "/credentials" }, // controllers.NetServiceController.decryptNetServiceCredential(credentialId : Long) + + { "GET", "/assets/css/style.css", Http.Status.OK, "/assets/css/style.css" }, // controllers.Assets.at(path="/public", file) }); } @@ -102,24 +346,12 @@ public static Collection data() { @Parameterized.Parameter(2) public int expectedHttpStatus; + @Parameterized.Parameter(3) + public String correspondingGetPage; + @Test - public void checkThatUnauthorizedUserCanOnlyAccessTheirPages() throws Exception { - if(httpVerb.equals("GET")) { - WSResponse response = ws.get(httpEndpoint); - assertEquals(expectedHttpStatus, response.getStatus()); - } - - else if(httpVerb.equals("POST")) { - String csrfToken = getCsrfToken(httpEndpoint); - WSResponse response = ws.post(httpEndpoint, ImmutableList.of( - new BasicNameValuePair("csrfToken", csrfToken) - )); - assertEquals(expectedHttpStatus, response.getStatus()); - } - - else { - throw new Exception("Unkown method"); - } + public void checkThatAdminCanAccessAllPages() throws Exception { + sendRequest(httpVerb, httpEndpoint, expectedHttpStatus, correspondingGetPage); } } @@ -220,9 +452,6 @@ public static Collection data() { { "POST", "/credentials/delete", Http.Status.SEE_OTHER }, // controllers.NetServiceController.deleteNetServiceCredential { "POST", "/credentials/decrypt", Http.Status.SEE_OTHER }, // controllers.NetServiceController.decryptNetServiceCredential(credentialId : Long) - { "GET", "/forbidden", Http.Status.FORBIDDEN }, // controllers.ErrorController.showForbiddenMessage() - { "GET", "/badrequest", Http.Status.BAD_REQUEST }, // controllers.ErrorController.showBadRequestMessage() - { "GET", "/assets/css/style.css", Http.Status.OK }, // controllers.Assets.at(path="/public", file) }); } @@ -238,7 +467,7 @@ public static Collection data() { public int expectedHttpStatus; @Test - public void checkThatUnauthorizedUserCanOnlyAccessTheirPages() { + public void checkThatUnauthorizedUserCanOnlyAccessTheirPages() throws Exception { Http.RequestBuilder builder = Helpers.fakeRequest(httpVerb, httpEndpoint) .host("localhost:19001"); builder = CSRFTokenHelper.addCSRFToken(builder);