View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.workgroup;
35  
36  import java.math.BigInteger;
37  import java.security.SecureRandom;
38  import java.util.Random;
39  
40  import org.springframework.mock.web.MockHttpServletRequest;
41  
42  import fr.paris.lutece.portal.business.user.AdminUser;
43  import fr.paris.lutece.portal.business.user.AdminUserHome;
44  import fr.paris.lutece.portal.business.workgroup.AdminWorkgroup;
45  import fr.paris.lutece.portal.business.workgroup.AdminWorkgroupHome;
46  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
47  import fr.paris.lutece.portal.service.message.AdminMessage;
48  import fr.paris.lutece.portal.service.message.AdminMessageService;
49  import fr.paris.lutece.portal.service.security.SecurityTokenService;
50  import fr.paris.lutece.test.LuteceTestCase;
51  import fr.paris.lutece.test.Utils;
52  
53  public class AdminWorkgroupJspBeanTest extends LuteceTestCase
54  {
55      private AdminWorkgroup adminWorkgroup;
56      private AdminWorkgroupJspBean bean;
57  
58      @Override
59      protected void setUp( ) throws Exception
60      {
61          super.setUp( );
62          adminWorkgroup = new AdminWorkgroup( );
63          adminWorkgroup.setKey( getRandomName( ) );
64          adminWorkgroup.setDescription( adminWorkgroup.getKey( ) );
65          AdminWorkgroupHome.create( adminWorkgroup );
66          bean = new AdminWorkgroupJspBean( );
67      }
68  
69      @Override
70      protected void tearDown( ) throws Exception
71      {
72          AdminWorkgroupHome.removeAllUsersForWorkgroup( adminWorkgroup.getKey( ) );
73          AdminWorkgroupHome.remove( adminWorkgroup.getKey( ) );
74          super.tearDown( );
75      }
76  
77      public void testDoAssignUsers( ) throws AccessDeniedException
78      {
79          MockHttpServletRequest request = new MockHttpServletRequest( );
80          request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
81          AdminUser user = AdminUserHome.findUserByLogin( "admin" );
82          request.setParameter( "list_users", Integer.toString( user.getUserId( ) ) );
83          request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
84                  SecurityTokenService.getInstance( ).getToken( request, "admin/workgroup/assign_users_workgroup.html" ) );
85  
86          assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, adminWorkgroup.getKey( ) ) );
87          bean.doAssignUsers( request );
88          assertTrue( AdminWorkgroupHome.isUserInWorkgroup( user, adminWorkgroup.getKey( ) ) );
89      }
90  
91      public void testDoAssignUsersInvalidToken( ) throws AccessDeniedException
92      {
93          MockHttpServletRequest request = new MockHttpServletRequest( );
94          request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
95          AdminUser user = AdminUserHome.findUserByLogin( "admin" );
96          request.setParameter( "list_users", Integer.toString( user.getUserId( ) ) );
97          request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
98                  SecurityTokenService.getInstance( ).getToken( request, "admin/workgroup/assign_users_workgroup.html" ) + "b" );
99  
100         assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, adminWorkgroup.getKey( ) ) );
101         try
102         {
103             bean.doAssignUsers( request );
104             fail( "Should have thrown" );
105         }
106         catch( AccessDeniedException e )
107         {
108             assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, adminWorkgroup.getKey( ) ) );
109         }
110     }
111 
112     public void testDoAssignUsersNoToken( ) throws AccessDeniedException
113     {
114         MockHttpServletRequest request = new MockHttpServletRequest( );
115         request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
116         AdminUser user = AdminUserHome.findUserByLogin( "admin" );
117         request.setParameter( "list_users", Integer.toString( user.getUserId( ) ) );
118 
119         assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, adminWorkgroup.getKey( ) ) );
120         try
121         {
122             bean.doAssignUsers( request );
123             fail( "Should have thrown" );
124         }
125         catch( AccessDeniedException e )
126         {
127             assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, adminWorkgroup.getKey( ) ) );
128         }
129     }
130 
131     public void testGetAssignUsers( ) throws AccessDeniedException
132     {
133         MockHttpServletRequest request = new MockHttpServletRequest( );
134         request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
135         AdminUser user = new AdminUser( );
136         Utils.registerAdminUserWithRigth( request, user, "CORE_WORKGROUPS_MANAGEMENT" );
137         bean.init( request, "CORE_WORKGROUPS_MANAGEMENT" );
138 
139         String html = bean.getAssignUsers( request );
140 
141         assertNotNull( html );
142     }
143 
144     public void testDoCreateWorkgroup( ) throws AccessDeniedException
145     {
146         final String key = getRandomName( );
147         MockHttpServletRequest request = new MockHttpServletRequest( );
148         AdminUser user = new AdminUser( );
149         Utils.registerAdminUserWithRigth( request, user, "CORE_WORKGROUPS_MANAGEMENT" );
150         request.setParameter( "workgroup_key", key );
151         request.setParameter( "workgroup_description", key );
152         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
153                 SecurityTokenService.getInstance( ).getToken( request, "admin/workgroup/create_workgroup.html" ) );
154 
155         assertFalse( AdminWorkgroupHome.checkExistWorkgroup( key ) );
156         bean.init( request, "CORE_WORKGROUPS_MANAGEMENT" );
157         bean.doCreateWorkgroup( request );
158         assertTrue( AdminWorkgroupHome.checkExistWorkgroup( key ) );
159 
160         AdminWorkgroupHome.remove( key );
161     }
162 
163     public void testDoCreateWorkgroupInvalidToken( ) throws AccessDeniedException
164     {
165         final String key = getRandomName( );
166         MockHttpServletRequest request = new MockHttpServletRequest( );
167         AdminUser user = new AdminUser( );
168         Utils.registerAdminUserWithRigth( request, user, "CORE_WORKGROUPS_MANAGEMENT" );
169         request.setParameter( "workgroup_key", key );
170         request.setParameter( "workgroup_description", key );
171         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
172                 SecurityTokenService.getInstance( ).getToken( request, "admin/workgroup/create_workgroup.html" ) + "b" );
173 
174         assertFalse( AdminWorkgroupHome.checkExistWorkgroup( key ) );
175         bean.init( request, "CORE_WORKGROUPS_MANAGEMENT" );
176         try
177         {
178             bean.doCreateWorkgroup( request );
179             fail( "Should have thrown" );
180         }
181         catch( AccessDeniedException e )
182         {
183             assertFalse( AdminWorkgroupHome.checkExistWorkgroup( key ) );
184         }
185 
186         AdminWorkgroupHome.remove( key );
187     }
188 
189     public void testDoCreateWorkgroupNoToken( ) throws AccessDeniedException
190     {
191         final String key = getRandomName( );
192         MockHttpServletRequest request = new MockHttpServletRequest( );
193         AdminUser user = new AdminUser( );
194         Utils.registerAdminUserWithRigth( request, user, "CORE_WORKGROUPS_MANAGEMENT" );
195         request.setParameter( "workgroup_key", key );
196         request.setParameter( "workgroup_description", key );
197 
198         assertFalse( AdminWorkgroupHome.checkExistWorkgroup( key ) );
199         bean.init( request, "CORE_WORKGROUPS_MANAGEMENT" );
200         try
201         {
202             bean.doCreateWorkgroup( request );
203             fail( "Should have thrown" );
204         }
205         catch( AccessDeniedException e )
206         {
207             assertFalse( AdminWorkgroupHome.checkExistWorkgroup( key ) );
208         }
209 
210         AdminWorkgroupHome.remove( key );
211     }
212 
213     public void testDoModifyWorkgroup( ) throws AccessDeniedException
214     {
215         MockHttpServletRequest request = new MockHttpServletRequest( );
216         request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
217         request.setParameter( "workgroup_description", adminWorkgroup.getDescription( ) + "_mod" );
218         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
219                 SecurityTokenService.getInstance( ).getToken( request, "admin/workgroup/modify_workgroup.html" ) );
220 
221         assertEquals( adminWorkgroup.getKey( ), adminWorkgroup.getDescription( ) );
222         bean.doModifyWorkgroup( request );
223         assertEquals( adminWorkgroup.getDescription( ) + "_mod", AdminWorkgroupHome.findByPrimaryKey( adminWorkgroup.getKey( ) ).getDescription( ) );
224     }
225 
226     public void testDoModifyWorkgroupInvalidToken( ) throws AccessDeniedException
227     {
228         MockHttpServletRequest request = new MockHttpServletRequest( );
229         request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
230         request.setParameter( "workgroup_description", adminWorkgroup.getDescription( ) + "_mod" );
231         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
232                 SecurityTokenService.getInstance( ).getToken( request, "admin/workgroup/modify_workgroup.html" ) + "b" );
233 
234         assertEquals( adminWorkgroup.getKey( ), adminWorkgroup.getDescription( ) );
235         try
236         {
237             bean.doModifyWorkgroup( request );
238             fail( "Should have thrown" );
239         }
240         catch( AccessDeniedException e )
241         {
242             assertEquals( adminWorkgroup.getDescription( ), AdminWorkgroupHome.findByPrimaryKey( adminWorkgroup.getKey( ) ).getDescription( ) );
243         }
244     }
245 
246     public void testDoModifyWorkgroupNoToken( ) throws AccessDeniedException
247     {
248         MockHttpServletRequest request = new MockHttpServletRequest( );
249         request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
250         request.setParameter( "workgroup_description", adminWorkgroup.getDescription( ) + "_mod" );
251 
252         assertEquals( adminWorkgroup.getKey( ), adminWorkgroup.getDescription( ) );
253         try
254         {
255             bean.doModifyWorkgroup( request );
256             fail( "Should have thrown" );
257         }
258         catch( AccessDeniedException e )
259         {
260             assertEquals( adminWorkgroup.getDescription( ), AdminWorkgroupHome.findByPrimaryKey( adminWorkgroup.getKey( ) ).getDescription( ) );
261         }
262     }
263 
264     public void testGetConfirmRemoveWorkgroup( )
265     {
266         MockHttpServletRequest request = new MockHttpServletRequest( );
267         request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
268 
269         bean.getConfirmRemoveWorkgroup( request );
270 
271         AdminMessage message = AdminMessageService.getMessage( request );
272         assertNotNull( message );
273         assertTrue( message.getRequestParameters( ).containsKey( SecurityTokenService.PARAMETER_TOKEN ) );
274         assertTrue( message.getRequestParameters( ).containsKey( "workgroup_key" ) );
275         assertEquals( adminWorkgroup.getKey( ), message.getRequestParameters( ).get( "workgroup_key" ) );
276     }
277 
278     public void testDoRemoveWorkgroup( ) throws AccessDeniedException
279     {
280         MockHttpServletRequest request = new MockHttpServletRequest( );
281         request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
282         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
283                 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/workgroup/DoRemoveWorkgroup.jsp" ) );
284 
285         assertTrue( AdminWorkgroupHome.checkExistWorkgroup( adminWorkgroup.getKey( ) ) );
286         bean.doRemoveWorkgroup( request );
287         assertFalse( AdminWorkgroupHome.checkExistWorkgroup( adminWorkgroup.getKey( ) ) );
288     }
289 
290     public void testDoRemoveWorkgroupInvalidToken( ) throws AccessDeniedException
291     {
292         MockHttpServletRequest request = new MockHttpServletRequest( );
293         request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
294         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
295                 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/workgroup/DoRemoveWorkgroup.jsp" ) + "b" );
296 
297         assertTrue( AdminWorkgroupHome.checkExistWorkgroup( adminWorkgroup.getKey( ) ) );
298         try
299         {
300             bean.doRemoveWorkgroup( request );
301             fail( "Should have thrown" );
302         }
303         catch( AccessDeniedException e )
304         {
305             assertTrue( AdminWorkgroupHome.checkExistWorkgroup( adminWorkgroup.getKey( ) ) );
306         }
307     }
308 
309     public void testDoRemoveWorkgroupNoToken( ) throws AccessDeniedException
310     {
311         MockHttpServletRequest request = new MockHttpServletRequest( );
312         request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
313 
314         assertTrue( AdminWorkgroupHome.checkExistWorkgroup( adminWorkgroup.getKey( ) ) );
315         try
316         {
317             bean.doRemoveWorkgroup( request );
318             fail( "Should have thrown" );
319         }
320         catch( AccessDeniedException e )
321         {
322             assertTrue( AdminWorkgroupHome.checkExistWorkgroup( adminWorkgroup.getKey( ) ) );
323         }
324     }
325 
326     public void testDoUnAssignUser( ) throws AccessDeniedException
327     {
328         AdminUser user = AdminUserHome.findUserByLogin( "admin" );
329         AdminWorkgroupHome.addUserForWorkgroup( user, adminWorkgroup.getKey( ) );
330 
331         MockHttpServletRequest request = new MockHttpServletRequest( );
332         request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
333         request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
334         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
335                 SecurityTokenService.getInstance( ).getToken( request, "admin/workgroup/assign_users_workgroup.html" ) );
336 
337         assertTrue( AdminWorkgroupHome.isUserInWorkgroup( user, adminWorkgroup.getKey( ) ) );
338         bean.doUnAssignUser( request );
339         assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, adminWorkgroup.getKey( ) ) );
340     }
341 
342     public void testDoUnAssignUserInvalidToken( ) throws AccessDeniedException
343     {
344         AdminUser user = AdminUserHome.findUserByLogin( "admin" );
345         AdminWorkgroupHome.addUserForWorkgroup( user, adminWorkgroup.getKey( ) );
346 
347         MockHttpServletRequest request = new MockHttpServletRequest( );
348         request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
349         request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
350         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
351                 SecurityTokenService.getInstance( ).getToken( request, "admin/workgroup/assign_users_workgroup.html" ) + "b" );
352 
353         assertTrue( AdminWorkgroupHome.isUserInWorkgroup( user, adminWorkgroup.getKey( ) ) );
354         try
355         {
356             bean.doUnAssignUser( request );
357             fail( "Should have Thrown" );
358         }
359         catch( AccessDeniedException e )
360         {
361             assertTrue( AdminWorkgroupHome.isUserInWorkgroup( user, adminWorkgroup.getKey( ) ) );
362         }
363     }
364 
365     public void testDoUnAssignUserNoToken( ) throws AccessDeniedException
366     {
367         AdminUser user = AdminUserHome.findUserByLogin( "admin" );
368         AdminWorkgroupHome.addUserForWorkgroup( user, adminWorkgroup.getKey( ) );
369 
370         MockHttpServletRequest request = new MockHttpServletRequest( );
371         request.setParameter( "workgroup_key", adminWorkgroup.getKey( ) );
372         request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
373 
374         assertTrue( AdminWorkgroupHome.isUserInWorkgroup( user, adminWorkgroup.getKey( ) ) );
375         try
376         {
377             bean.doUnAssignUser( request );
378             fail( "Should have Thrown" );
379         }
380         catch( AccessDeniedException e )
381         {
382             assertTrue( AdminWorkgroupHome.isUserInWorkgroup( user, adminWorkgroup.getKey( ) ) );
383         }
384     }
385 
386     private String getRandomName( )
387     {
388         Random rand = new SecureRandom( );
389         BigInteger bigInt = new BigInteger( 128, rand );
390         return "junit" + bigInt.toString( 36 );
391     }
392 }