Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-08 06:25:45 +01:00
Code Issues Packages Projects Releases Activity

Let integration tests use links from HAL and test brute force links

Browse Source
This commit is contained in:
René Pfeuffer
2018-08-22 12:20:09 +02:00
parent 585d37feed
commit 02f4801b58
2 changed files with 50 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
scm-it/src/test/java/sonia/scm/it/PermissionsITCase.java
View File

@@ -50,10 +50,12 @@ import java.util.List;
import java.util.Objects; import java.util.Objects;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static sonia.scm.it.RepositoryUtil.addAndCommitRandomFile; import static sonia.scm.it.RepositoryUtil.addAndCommitRandomFile;
import static sonia.scm.it.RestUtil.given; import static sonia.scm.it.RestUtil.given;
import static sonia.scm.it.ScmTypes.availableScmTypes; import static sonia.scm.it.ScmTypes.availableScmTypes;
import static sonia.scm.it.TestData.callUserPermissions; import static sonia.scm.it.TestData.USER_SCM_ADMIN;
import static sonia.scm.it.TestData.callRepository;
@RunWith(Parameterized.class) @RunWith(Parameterized.class)
public class PermissionsITCase { public class PermissionsITCase {
@@ -94,15 +96,35 @@ public class PermissionsITCase {
} }
@Test @Test
public void readUserShouldSeePermissions() { public void readUserShouldNotSeePermissions() {
List<Object> userPermissions = TestData.getUserPermissions(USER_READ, USER_PASS, repositoryType); assertNull(callRepository(USER_WRITE, USER_PASS, repositoryType, HttpStatus.SC_OK)
assertEquals(userPermissions.size(), createdPermissions); .extract()
.body().jsonPath().getString("_links.permissions.href"));
} }
@Test @Test
public void writeUserShouldSeePermissions() { public void readUserShouldNotSeeBruteForcePermissions() {
List<Object> userPermissions = TestData.getUserPermissions(USER_WRITE, USER_PASS, repositoryType); given(VndMediaType.PERMISSION, USER_READ, USER_PASS)
assertEquals(userPermissions.size(), createdPermissions); .when()
.get(TestData.getDefaultPermissionUrl(USER_SCM_ADMIN, USER_SCM_ADMIN, repositoryType))
.then()
.statusCode(HttpStatus.SC_FORBIDDEN);
}
@Test
public void writeUserShouldNotSeePermissions() {
assertNull(callRepository(USER_WRITE, USER_PASS, repositoryType, HttpStatus.SC_OK)
.extract()
.body().jsonPath().getString("_links.permissions.href"));
}
@Test
public void writeUserShouldNotSeeBruteForcePermissions() {
given(VndMediaType.PERMISSION, USER_WRITE, USER_PASS)
.when()
.get(TestData.getDefaultPermissionUrl(USER_SCM_ADMIN, USER_SCM_ADMIN, repositoryType))
.then()
.statusCode(HttpStatus.SC_FORBIDDEN);
} }
@Test @Test
@@ -112,8 +134,17 @@ public class PermissionsITCase {
} }
@Test @Test
public void otherUserShouldNotSeePermissions() { public void otherUserShouldNotSeeRepository() {
callUserPermissions(USER_OTHER, USER_PASS, repositoryType, HttpStatus.SC_FORBIDDEN); callRepository(USER_OTHER, USER_PASS, repositoryType, HttpStatus.SC_FORBIDDEN);
}
@Test
public void otherUserShouldNotSeeBruteForcePermissions() {
given(VndMediaType.PERMISSION, USER_OTHER, USER_PASS)
.when()
.get(TestData.getDefaultPermissionUrl(USER_SCM_ADMIN, USER_SCM_ADMIN, repositoryType))
.then()
.statusCode(HttpStatus.SC_FORBIDDEN);
} }
@Test @Test

14
scm-it/src/test/java/sonia/scm/it/TestData.java
View File

@@ -72,7 +72,7 @@ public class TestData {
"\t\"groupPermission\": false\n" + "\t\"groupPermission\": false\n" +
"\t\n" + "\t\n" +
"}") "}")
.post(TestData.getDefaultPermissionUrl(repositoryType)) .post(TestData.getDefaultPermissionUrl(USER_SCM_ADMIN, USER_SCM_ADMIN, repositoryType))
.then() .then()
.statusCode(HttpStatus.SC_CREATED) .statusCode(HttpStatus.SC_CREATED)
; ;
@@ -87,7 +87,7 @@ public class TestData {
public static ValidatableResponse callUserPermissions(String username, String password, String repositoryType, int expectedStatusCode) { public static ValidatableResponse callUserPermissions(String username, String password, String repositoryType, int expectedStatusCode) {
return given(VndMediaType.PERMISSION, username, password) return given(VndMediaType.PERMISSION, username, password)
.when() .when()
.get(TestData.getDefaultPermissionUrl(repositoryType)) .get(TestData.getDefaultPermissionUrl(username, password, repositoryType))
.then() .then()
.statusCode(expectedStatusCode); .statusCode(expectedStatusCode);
} }
@@ -102,8 +102,14 @@ public class TestData {
.statusCode(expectedStatusCode); .statusCode(expectedStatusCode);
} }
public static String getDefaultPermissionUrl(String repositoryType) { public static String getDefaultPermissionUrl(String username, String password, String repositoryType) {
return getDefaultRepositoryUrl(repositoryType) + "/permissions/"; return given(VndMediaType.REPOSITORY, username, password)
.when()
.get(getDefaultRepositoryUrl(repositoryType))
.then()
.statusCode(HttpStatus.SC_OK)
.extract()
.body().jsonPath().getString("_links.permissions.href");
} }