Commit eac4eef3 authored by Christoph Thelen's avatar Christoph Thelen

WIP: Add csrf tokens and access user id from mock user

parent d3c405ee
Pipeline #35201 failed with stages
in 0 seconds
......@@ -19,6 +19,7 @@
package de.thm.arsnova.controller;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.thm.arsnova.config.*;
import de.thm.arsnova.model.ContentGroup;
import de.thm.arsnova.model.Room;
import de.thm.arsnova.model.RoomStatistics;
......@@ -27,13 +28,19 @@ import de.thm.arsnova.persistence.RoomRepository;
import de.thm.arsnova.security.User;
import de.thm.arsnova.service.ContentGroupService;
import de.thm.arsnova.service.StubUserService;
import de.thm.arsnova.test.context.support.WithMockUser;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentMatcher;
import org.mockito.Mockito;
import org.mockito.stubbing.Answer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;
......@@ -47,11 +54,22 @@ import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.argThat;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
public class RoomControllerTest extends AbstractControllerTest {
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(classes = {
AppConfig.class,
TestAppConfig.class,
TestPersistanceConfig.class,
TestSecurityConfig.class,
WebSocketConfig.class})
@ActiveProfiles("test")
public class RoomControllerTest {
@Autowired
private WebApplicationContext webApplicationContext;
......@@ -73,13 +91,14 @@ public class RoomControllerTest extends AbstractControllerTest {
@Before
public void setup() {
mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).build();
mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).apply(springSecurity()).build();
Mockito.reset(roomRepository);
stubUserService.setUserAuthenticated(true, "TestUser");
user = stubUserService.getCurrentUser();
}
@Test
@WithMockUser("TestUser")
public void shouldCreateRoom() throws Exception {
Room room = getRoomForUserWithoutDatabaseDetails(user);
......@@ -91,25 +110,30 @@ public class RoomControllerTest extends AbstractControllerTest {
mockMvc.perform(post("/room/")
.content(new ObjectMapper().writeValueAsString(room))
.contentType(MediaType.APPLICATION_JSON)
.accept(MediaType.APPLICATION_JSON))
.accept(MediaType.APPLICATION_JSON)
.with(csrf()))
.andExpect(status().isCreated())
.andExpect(content().string(containsString(expectedRoomId)))
.andExpect(content().string(containsString(expectedRoomRev)));
}
@Test
@WithMockUser("TestUser")
public void shouldDeleteRoom() throws Exception {
Room room = getRoomForUserWithDatabaseDetails(user);
when(roomRepository.findOne(room.getId())).thenReturn(room);
mockMvc.perform(delete("/room/" + room.getId()))
TODO: user needs to the same as the mock user from the annotation
mockMvc.perform(delete("/room/" + room.getId())
.with(csrf()))
.andExpect(status().isOk())
.andExpect(content().string(emptyString()));
verify(roomRepository).delete(room);
}
@Test
/*@Test
public void shouldReturnEmptyModeratorList() throws Exception {
Room room = getRoomForUserWithDatabaseDetails(user);
......@@ -122,6 +146,7 @@ public class RoomControllerTest extends AbstractControllerTest {
}
@Test
@WithMockUser("TestUser")
public void ShouldAddModeratorForRoom() throws Exception {
Room room = getRoomForUserWithDatabaseDetails(user);
Room.Moderator moderator = createModerator();
......@@ -160,6 +185,7 @@ public class RoomControllerTest extends AbstractControllerTest {
}
@Test
@WithMockUser("TestUser")
public void shouldDeleteAllModerators() throws Exception {
Room room = this.getRoomForUserWithDatabaseDetails(user);
Set<Room.Moderator> moderatorList = createModerators(7);
......@@ -283,7 +309,7 @@ public class RoomControllerTest extends AbstractControllerTest {
assertEquals(groupSize, stats.getGroupStats().size());
assertEquals(contentSize, stats.getGroupStats().get(0).getContentCount());
assertEquals(listOfContentGroup.get(0).getName(), stats.getGroupStats().get(0).getGroupName());
}
}*/
private ContentGroup createContentGroupWithRoomIdAndContentIds(String roomId, String... contentIds) {
ContentGroup contentGroup = new ContentGroup();
......@@ -340,6 +366,7 @@ public class RoomControllerTest extends AbstractControllerTest {
private Room getRoomForUserWithoutDatabaseDetails(User user) {
Room room = new Room();
room.setOwnerId(user.getId());
//room.setOwnerId("XXX");
room.setName("TestRoom");
room.setAbbreviation("TR");
room.setShortId("12345678");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment