@Test public void testCreateDoStuffAndRollbackTransaction() throws IOException { /* create a tx */ final HttpPost createTx = new HttpPost(serverAddress + "fcr:tx"); final String txLocation; try (final CloseableHttpResponse response = execute(createTx)) { assertEquals(CREATED.getStatusCode(), getStatus(response)); txLocation = getLocation(response); } /* create a new object inside the tx */ final HttpPost postNew = new HttpPost(txLocation); final String id = getRandomUniqueId(); postNew.addHeader("Slug", id); try (CloseableHttpResponse resp = execute(postNew)) { assertEquals(CREATED.getStatusCode(), getStatus(resp)); } /* fetch the created tx from the endpoint */ try (final CloseableDataset dataset = getDataset(new HttpGet(txLocation + "/" + id))) { assertTrue( dataset.asDatasetGraph().contains(ANY, createURI(txLocation + "/" + id), ANY, ANY)); } /* fetch the created tx from the endpoint */ assertEquals( "Expected to not find our object within the scope of the transaction", NOT_FOUND.getStatusCode(), getStatus(new HttpGet(serverAddress + "/" + id))); /* and rollback */ assertEquals( NO_CONTENT.getStatusCode(), getStatus(new HttpPost(txLocation + "/fcr:tx/fcr:rollback"))); }
/** * Tests that transactions cannot be hijacked, even if created by an anonymous user * * @throws IOException exception thrown during this function */ @Test public void testTransactionHijackingNotPossibleAnoymous() throws IOException { /* anonymous user creates a transaction */ final String txLocation = createTransaction(); /* fedoraAdmin attempts to puts to anonymous transaction and fails */ try (final CloseableHttpResponse responseFedoraAdmin = executeWithBasicAuth(new HttpPut(txLocation), "fedoraAdmin", "fedoraAdmin")) { assertEquals( "Status should be GONE because putting on a transaction of a different user is not permitted", GONE.getStatusCode(), getStatus(responseFedoraAdmin)); } /* fedoraUser attempts to put to anonymous transaction and fails */ try (final CloseableHttpResponse responseFedoraUser = executeWithBasicAuth(new HttpPut(txLocation), "fedoraUser", "fedoraUser")) { assertEquals( "Status should be GONE because putting on a transaction of a different user isn't permitted", GONE.getStatusCode(), getStatus(responseFedoraUser)); } /* transaction is still intact and any anonymous user can successfully put to it */ assertEquals( "Status should be CREATED after putting", CREATED.getStatusCode(), getStatus(new HttpPut(txLocation + "/" + getRandomUniqueId()))); }
@Test public void testCreateDoStuffAndCommitTransaction() throws IOException { /* create a tx */ final String txLocation = createTransaction(); /* create a new object inside the tx */ final String objectInTxCommit = getRandomUniqueId(); final HttpPost postNew = new HttpPost(txLocation); postNew.addHeader("Slug", objectInTxCommit); assertEquals(CREATED.getStatusCode(), getStatus(postNew)); /* fetch the created tx from the endpoint */ try (CloseableDataset dataset = getDataset(new HttpGet(txLocation + "/" + objectInTxCommit))) { assertTrue( dataset .asDatasetGraph() .contains(ANY, createURI(txLocation + "/" + objectInTxCommit), ANY, ANY)); } /* fetch the object-in-tx outside of the tx */ assertEquals( "Expected to not find our object within the scope of the transaction", NOT_FOUND.getStatusCode(), getStatus(new HttpGet(serverAddress + objectInTxCommit))); /* and commit */ assertEquals( NO_CONTENT.getStatusCode(), getStatus(new HttpPost(txLocation + "/fcr:tx/fcr:commit"))); /* fetch the object-in-tx outside of the tx after it has been committed */ try (CloseableDataset dataset = getDataset(new HttpGet(serverAddress + objectInTxCommit))) { assertTrue( "Expected to find our object after the transaction was committed", dataset .asDatasetGraph() .contains(ANY, createURI(serverAddress + objectInTxCommit), ANY, ANY)); } }
@Test public void whenSignUpTwiceWithSameEmail_shouldFailOnSecondSignUp() throws Exception { HttpRequest signUpRequest = signUpRequest("*****@*****.**", "pass"); assertThat(signUpRequest.code()).isEqualTo(CREATED.getStatusCode()); HttpRequest signUpRequest2 = signUpRequest("*****@*****.**", "pass"); assertThat(signUpRequest2.code()).isEqualTo(CONFLICT.getStatusCode()); }
private void addDatastreamACLs(final RolesFadTestObjectBean obj, final String dsid) throws Exception { if (obj.getDatastreamACLs(dsid) != null) { final String jsonACLs = createJsonACLs(obj.getDatastreamACLs(dsid)); logger.debug("addDatastreamACLs: Datastream path: {}/{}", obj.getPath(), dsid); logger.debug("addDatastreamACLs: JSON acls: {}{}", jsonACLs); assertEquals(CREATED.getStatusCode(), postRoles(obj.getPath() + "/" + dsid, jsonACLs)); } }
@Test public void testTransactionKeepAlive() throws IOException { /* create a tx */ try (final CloseableHttpResponse response = execute(new HttpPost(serverAddress + "fcr:tx"))) { assertEquals(CREATED.getStatusCode(), getStatus(response)); assertEquals( NO_CONTENT.getStatusCode(), getStatus(new HttpPost(getLocation(response) + "/fcr:tx"))); } }
@Test public void signOut_shouldReturnTrue_ifSignsOutBeingSignedIn() throws Exception { HttpRequest signUpRequest = signUpRequest("*****@*****.**", "pass"); assertThat(signUpRequest.code()).isEqualTo(CREATED.getStatusCode()); String token = signUpRequest.body().toString(); assertThat(token).isNotEmpty(); HttpRequest signOutRequest = signOutRequest(token); assertThat(signOutRequest.code()).isEqualTo(OK.getStatusCode()); assertThat(signOutRequest.body()).isEqualTo("true"); }
protected void ingestObject(final RolesFadTestObjectBean obj) throws Exception { final HttpPut method = putObjMethod(obj.getPath()); setAuth(method, "fedoraAdmin"); final HttpResponse response = client.execute(method); final String content = EntityUtils.toString(response.getEntity()); final int status = response.getStatusLine().getStatusCode(); assertEquals( "Didn't get a CREATED response! Got content:\n" + content, CREATED.getStatusCode(), status); addObjectACLs(obj); addDatastreams(obj); }
/** * Tests that transactions cannot be hijacked * * @throws IOException exception thrown during this function */ @Test public void testTransactionHijackingNotPossible() throws IOException { /* "fedoraAdmin" creates a transaction */ final String txLocation; try (final CloseableHttpResponse response = executeWithBasicAuth( new HttpPost(serverAddress + "fcr:tx"), "fedoraAdmin", "fedoraAdmin")) { assertEquals( "Status should be CREATED after creating a transaction with user fedoraAdmin", CREATED.getStatusCode(), getStatus(response)); txLocation = getLocation(response); } /* "fedoraUser" puts to "fedoraAdmin"'s transaction and fails */ try (final CloseableHttpResponse responseFedoraUser = executeWithBasicAuth(new HttpPut(txLocation), "fedoraUser", "fedoraUser")) { assertEquals( "Status should be GONE because putting on a transaction of a different user is not allowed", GONE.getStatusCode(), getStatus(responseFedoraUser)); } /* anonymous user puts to "fedoraAdmin"'s transaction and fails */ assertEquals( "Status should be GONE because putting on a transaction of a different user is not allowed", GONE.getStatusCode(), getStatus(new HttpPut(txLocation))); /* transaction is still intact and "fedoraAdmin" - the owner - can successfully put to it */ try (final CloseableHttpResponse responseFromPutToTx = executeWithBasicAuth( new HttpPut(txLocation + "/" + getRandomUniqueId()), "fedoraAdmin", "fedoraAdmin")) { assertEquals( "Status should be CREATED after putting", CREATED.getStatusCode(), getStatus(responseFromPutToTx)); } }
private void addDatastreams(final RolesFadTestObjectBean obj) throws Exception { for (final Map<String, String> entries : obj.getDatastreams()) { for (final Map.Entry<String, String> entry : entries.entrySet()) { final String dsid = entry.getKey(); final HttpPost method = postDSMethod(obj.getPath(), dsid, entry.getValue()); setAuth(method, "fedoraAdmin"); final HttpResponse response = client.execute(method); final String content = EntityUtils.toString(response.getEntity()); final int status = response.getStatusLine().getStatusCode(); assertEquals( "Didn't get a CREATED response! Got content:\n" + content, CREATED.getStatusCode(), status); addDatastreamACLs(obj, dsid); } } }
/** * Tests whether a Sparql update is visible within a transaction and if the update is made * persistent along with the commit. * * @throws IOException exception thrown during this function */ @Test public void testIngestNewWithSparqlPatchWithinTransaction() throws IOException { final String objectInTxCommit = getRandomUniqueId(); /* create new tx */ final String txLocation = createTransaction(); final HttpPost postNew = new HttpPost(txLocation); postNew.addHeader("Slug", objectInTxCommit); final String newObjectLocation; try (CloseableHttpResponse resp = execute(postNew)) { assertEquals(CREATED.getStatusCode(), getStatus(resp)); newObjectLocation = getLocation(resp); } /* update sparql */ final HttpPatch method = new HttpPatch(newObjectLocation); method.addHeader(CONTENT_TYPE, "application/sparql-update"); final String newTitle = "this is a new title"; method.setEntity( new StringEntity( "INSERT { <> <http://purl.org/dc/elements/1.1/title> \"" + newTitle + "\" } WHERE {}")); assertEquals("Didn't get a NO CONTENT status!", NO_CONTENT.getStatusCode(), getStatus(method)); /* make sure the change was made within the tx */ try (final CloseableDataset dataset = getDataset(new HttpGet(newObjectLocation))) { assertTrue( "The sparql update did not succeed within a transaction", dataset .asDatasetGraph() .contains( ANY, createURI(newObjectLocation), title.asNode(), createLiteral(newTitle))); } /* commit */ assertEquals( NO_CONTENT.getStatusCode(), getStatus(new HttpPost(txLocation + "/fcr:tx/fcr:commit"))); /* it must exist after commit */ try (final CloseableDataset dataset = getDataset(new HttpGet(serverAddress + objectInTxCommit))) { assertTrue( "The inserted triple does not exist after the transaction has committed", dataset.asDatasetGraph().contains(ANY, ANY, title.asNode(), createLiteral(newTitle))); } }
@Test public void signUp_shouldCreateAnUser() throws Exception { HttpRequest signUpRequest = signUpRequest("*****@*****.**", "pass"); assertThat(signUpRequest.code()).isEqualTo(CREATED.getStatusCode()); }
private void addObjectACLs(final RolesFadTestObjectBean obj) throws Exception { if (obj.getACLs().size() > 0) { final String jsonACLs = createJsonACLs(obj.getACLs()); assertEquals(CREATED.getStatusCode(), postRoles(obj.getPath(), jsonACLs)); } }