@Test public void testRequestTrusted() throws RepositoryException { CreateSakaiUserServlet csus = new CreateSakaiUserServlet(); JackrabbitSession session = createMock(JackrabbitSession.class); ResourceResolver rr = createMock(ResourceResolver.class); expect(rr.adaptTo(Session.class)).andReturn(session); SlingHttpServletRequest request = createMock(SlingHttpServletRequest.class); UserManager userManager = createMock(UserManager.class); User user = createMock(User.class); expect(request.getResourceResolver()).andReturn(rr).anyTimes(); expect(rr.adaptTo(Session.class)).andReturn(session).anyTimes(); expect(session.getUserManager()).andReturn(userManager); expect(session.getUserID()).andReturn("userID"); expect(userManager.getAuthorizable("userID")).andReturn(user); expect(user.isAdmin()).andReturn(false); expect(request.getParameter(":create-auth")).andReturn("typeA"); RequestTrustValidatorService requestTrustValidatorService = createMock(RequestTrustValidatorService.class); RequestTrustValidator requestTrustValidator = createMock(RequestTrustValidator.class); expect(requestTrustValidatorService.getValidator("typeA")).andReturn(requestTrustValidator); expect(requestTrustValidator.getLevel()).andReturn(RequestTrustValidator.CREATE_USER); expect(requestTrustValidator.isTrusted(request)).andReturn(true); expect(request.getParameter(SlingPostConstants.RP_NODE_NAME)).andReturn("foo"); expect(request.getParameter("pwd")).andReturn("bar"); expect(request.getParameter("pwdConfirm")).andReturn("baz"); HtmlResponse response = new HtmlResponse(); csus.requestTrustValidatorService = requestTrustValidatorService; replay(); try { csus.handleOperation(request, response, null); fail(); } catch (RepositoryException e) { assertEquals("Password value does not match the confirmation password", e.getMessage()); } verify(); }
private boolean siteJoinIsAuthorized(HttpServletRequest request) { boolean trustedRequest = false; String trustMechanism = request.getParameter(":join-auth"); if (trustMechanism != null) { RequestTrustValidator validator = requestTrustValidatorService.getValidator(trustMechanism); if (validator != null && validator.getLevel() >= RequestTrustValidator.CREATE_USER && validator.isTrusted(request)) { trustedRequest = true; } } return trustedRequest; }