View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.role;
35  
36  import java.math.BigInteger;
37  import java.security.SecureRandom;
38  import java.util.Locale;
39  import java.util.Random;
40  
41  import org.springframework.mock.web.MockHttpServletRequest;
42  
43  import fr.paris.lutece.portal.business.role.Role;
44  import fr.paris.lutece.portal.business.role.RoleHome;
45  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
46  import fr.paris.lutece.portal.service.i18n.I18nService;
47  import fr.paris.lutece.portal.service.message.AdminMessage;
48  import fr.paris.lutece.portal.service.message.AdminMessageService;
49  import fr.paris.lutece.portal.service.security.SecurityTokenService;
50  import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
51  import fr.paris.lutece.test.LuteceTestCase;
52  import fr.paris.lutece.util.ReferenceItem;
53  import fr.paris.lutece.util.ReferenceList;
54  
55  public class RoleJspBeanTest extends LuteceTestCase
56  {
57      private static final String PARAMETER_PAGE_ROLE = "role";
58      private RoleJspBean bean;
59      private Role role;
60  
61      @Override
62      protected void setUp( ) throws Exception
63      {
64          super.setUp( );
65          bean = new RoleJspBean( );
66          role = new Role( );
67          role.setRole( getRandomName( ) );
68          role.setRoleDescription( role.getRole( ) );
69          role.setWorkgroup( AdminWorkgroupService.ALL_GROUPS );
70          RoleHome.create( role );
71      }
72  
73      @Override
74      protected void tearDown( ) throws Exception
75      {
76          RoleHome.remove( role.getRole( ) );
77          super.tearDown( );
78      }
79  
80      private String getRandomName( )
81      {
82          Random rand = new SecureRandom( );
83          BigInteger bigInt = new BigInteger( 128, rand );
84          return "junit" + bigInt.toString( 36 );
85      }
86  
87      public void testGetRemovePageRole( )
88      {
89          MockHttpServletRequest request = new MockHttpServletRequest( );
90          // no args
91          bean.getRemovePageRole( request );
92          AdminMessage message = AdminMessageService.getMessage( request );
93          assertNotNull( message );
94          ReferenceList listLanguages = I18nService.getAdminLocales( Locale.FRANCE );
95          for ( ReferenceItem lang : listLanguages )
96          {
97              assertTrue( message.getText( new Locale( lang.getCode( ) ) ).contains( PARAMETER_PAGE_ROLE ) );
98          }
99          // invalid arg
100         request = new MockHttpServletRequest( );
101         request.addParameter( PARAMETER_PAGE_ROLE, role.getRole( ) );
102         bean.getRemovePageRole( request );
103         message = AdminMessageService.getMessage( request );
104         assertNotNull( message );
105         for ( ReferenceItem lang : listLanguages )
106         {
107             assertTrue( message.getText( new Locale( lang.getCode( ) ) ).contains( role.getRole( ) ) );
108         }
109         // valid arg
110         request = new MockHttpServletRequest( );
111         request.addParameter( PARAMETER_PAGE_ROLE, role.getRole( ) );
112         bean.getRemovePageRole( request );
113         message = AdminMessageService.getMessage( request );
114         assertNotNull( message );
115         for ( ReferenceItem lang : listLanguages )
116         {
117             assertTrue( message.getText( new Locale( lang.getCode( ) ) ).contains( role.getRole( ) ) );
118         }
119         assertTrue( message.getRequestParameters( ).containsKey( SecurityTokenService.PARAMETER_TOKEN ) );
120     }
121 
122     public void testDoCreatePageRole( ) throws AccessDeniedException
123     {
124         MockHttpServletRequest request = new MockHttpServletRequest( );
125         final String name = getRandomName( );
126         request.setParameter( "role", name );
127         request.setParameter( "role_description", name );
128         request.setParameter( "workgroup_key", AdminWorkgroupService.ALL_GROUPS );
129         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
130                 SecurityTokenService.getInstance( ).getToken( request, "admin/role/create_page_role.html" ) );
131 
132         assertNull( RoleHome.findByPrimaryKey( name ) );
133         try
134         {
135             bean.doCreatePageRole( request );
136             Role stored = RoleHome.findByPrimaryKey( name );
137             assertNotNull( stored );
138             assertEquals( name, stored.getRole( ) );
139             assertEquals( name, stored.getRoleDescription( ) );
140             assertEquals( AdminWorkgroupService.ALL_GROUPS, stored.getWorkgroup( ) );
141         }
142         finally
143         {
144             RoleHome.remove( name );
145         }
146     }
147 
148     public void testDoCreatePageRoleInvalidToken( ) throws AccessDeniedException
149     {
150         MockHttpServletRequest request = new MockHttpServletRequest( );
151         final String name = getRandomName( );
152         request.setParameter( "role", name );
153         request.setParameter( "role_description", name );
154         request.setParameter( "workgroup_key", AdminWorkgroupService.ALL_GROUPS );
155         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
156                 SecurityTokenService.getInstance( ).getToken( request, "admin/role/create_page_role.html" ) + "b" );
157 
158         assertNull( RoleHome.findByPrimaryKey( name ) );
159         try
160         {
161             bean.doCreatePageRole( request );
162             fail( "Shoud have thrown" );
163         }
164         catch( AccessDeniedException e )
165         {
166             assertNull( RoleHome.findByPrimaryKey( name ) );
167         }
168         finally
169         {
170             RoleHome.remove( name );
171         }
172     }
173 
174     public void testDoCreatePageRoleNoToken( ) throws AccessDeniedException
175     {
176         MockHttpServletRequest request = new MockHttpServletRequest( );
177         final String name = getRandomName( );
178         request.setParameter( "role", name );
179         request.setParameter( "role_description", name );
180         request.setParameter( "workgroup_key", AdminWorkgroupService.ALL_GROUPS );
181 
182         assertNull( RoleHome.findByPrimaryKey( name ) );
183         try
184         {
185             bean.doCreatePageRole( request );
186             fail( "Shoud have thrown" );
187         }
188         catch( AccessDeniedException e )
189         {
190             assertNull( RoleHome.findByPrimaryKey( name ) );
191         }
192         finally
193         {
194             RoleHome.remove( name );
195         }
196     }
197 
198     public void testDoModifyPageRole( ) throws AccessDeniedException
199     {
200         MockHttpServletRequest request = new MockHttpServletRequest( );
201         request.setParameter( "role", role.getRole( ) );
202         request.setParameter( "role_description", role.getRoleDescription( ) + "_mod" );
203         request.setParameter( "workgroup_key", AdminWorkgroupService.ALL_GROUPS );
204         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
205                 SecurityTokenService.getInstance( ).getToken( request, "admin/role/modify_page_role.html" ) );
206 
207         assertEquals( role.getRoleDescription( ), RoleHome.findByPrimaryKey( role.getRole( ) ).getRoleDescription( ) );
208         bean.doModifyPageRole( request );
209         assertEquals( role.getRoleDescription( ) + "_mod", RoleHome.findByPrimaryKey( role.getRole( ) ).getRoleDescription( ) );
210     }
211 
212     public void testDoModifyPageRoleInvalidtoken( ) throws AccessDeniedException
213     {
214         MockHttpServletRequest request = new MockHttpServletRequest( );
215         request.setParameter( "role", role.getRole( ) );
216         request.setParameter( "role_description", role.getRoleDescription( ) + "_mod" );
217         request.setParameter( "workgroup_key", AdminWorkgroupService.ALL_GROUPS );
218         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
219                 SecurityTokenService.getInstance( ).getToken( request, "admin/role/modify_page_role.html" ) + "b" );
220 
221         assertEquals( role.getRoleDescription( ), RoleHome.findByPrimaryKey( role.getRole( ) ).getRoleDescription( ) );
222         try
223         {
224             bean.doModifyPageRole( request );
225             fail( "Should have thrown" );
226         }
227         catch( AccessDeniedException e )
228         {
229             assertEquals( role.getRoleDescription( ), RoleHome.findByPrimaryKey( role.getRole( ) ).getRoleDescription( ) );
230         }
231     }
232 
233     public void testDoModifyPageRoleNotoken( ) throws AccessDeniedException
234     {
235         MockHttpServletRequest request = new MockHttpServletRequest( );
236         request.setParameter( "role", role.getRole( ) );
237         request.setParameter( "role_description", role.getRoleDescription( ) + "_mod" );
238         request.setParameter( "workgroup_key", AdminWorkgroupService.ALL_GROUPS );
239 
240         assertEquals( role.getRoleDescription( ), RoleHome.findByPrimaryKey( role.getRole( ) ).getRoleDescription( ) );
241         try
242         {
243             bean.doModifyPageRole( request );
244             fail( "Should have thrown" );
245         }
246         catch( AccessDeniedException e )
247         {
248             assertEquals( role.getRoleDescription( ), RoleHome.findByPrimaryKey( role.getRole( ) ).getRoleDescription( ) );
249         }
250     }
251 
252     public void testDoRemovePageRole( ) throws AccessDeniedException
253     {
254         MockHttpServletRequest request = new MockHttpServletRequest( );
255         request.setParameter( "role", role.getRole( ) );
256         request.setParameter( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, "DoRemovePageRole.jsp" ) );
257 
258         assertNotNull( RoleHome.findByPrimaryKey( role.getRole( ) ) );
259         bean.doRemovePageRole( request );
260         assertNull( RoleHome.findByPrimaryKey( role.getRole( ) ) );
261     }
262 
263     public void testDoRemovePageRoleInvalidToken( ) throws AccessDeniedException
264     {
265         MockHttpServletRequest request = new MockHttpServletRequest( );
266         request.setParameter( "role", role.getRole( ) );
267         request.setParameter( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, "DoRemovePageRole.jsp" ) + "b" );
268 
269         assertNotNull( RoleHome.findByPrimaryKey( role.getRole( ) ) );
270         try
271         {
272             bean.doRemovePageRole( request );
273             fail( "Should have thrown" );
274         }
275         catch( AccessDeniedException e )
276         {
277             assertNotNull( RoleHome.findByPrimaryKey( role.getRole( ) ) );
278         }
279     }
280 
281     public void testDoRemovePageRoleNoToken( ) throws AccessDeniedException
282     {
283         MockHttpServletRequest request = new MockHttpServletRequest( );
284         request.setParameter( "role", role.getRole( ) );
285 
286         assertNotNull( RoleHome.findByPrimaryKey( role.getRole( ) ) );
287         try
288         {
289             bean.doRemovePageRole( request );
290             fail( "Should have thrown" );
291         }
292         catch( AccessDeniedException e )
293         {
294             assertNotNull( RoleHome.findByPrimaryKey( role.getRole( ) ) );
295         }
296     }
297 }