// Test fix to http://issues.appfuse.org/browse/APF-96
@Test
public void testAddUserRoleWhenHasAdminRole() throws Exception {
SecurityContext securityContext = new SecurityContextImpl();
User user1 = new User("user");
user1.setId(1L);
user1.setPassword("password");
user1.addRole(new Role(Constants.ADMIN_ROLE));
UsernamePasswordAuthenticationToken token =
new UsernamePasswordAuthenticationToken(
user1.getUsername(), user1.getPassword(), user1.getAuthorities());
token.setDetails(user1);
securityContext.setAuthentication(token);
SecurityContextHolder.setContext(securityContext);
UserManager userManager = makeInterceptedTarget();
final User user = new User("user");
user.setId(1L);
user.getRoles().add(new Role(Constants.ADMIN_ROLE));
user.getRoles().add(new Role(Constants.USER_ROLE));
context.checking(
new Expectations() {
{
one(userDao).saveUser(with(same(user)));
}
});
userManager.saveUser(user);
}
// Test fix to http://issues.appfuse.org/browse/APF-96
@Test
public void testChangeToAdminRoleFromUserRole() throws Exception {
UserManager userManager = makeInterceptedTarget();
User user = new User("user");
user.setId(1L);
user.getRoles().add(new Role(Constants.ADMIN_ROLE));
try {
userManager.saveUser(user);
fail("AccessDeniedException not thrown");
} catch (AccessDeniedException expected) {
assertNotNull(expected);
assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED);
}
}
@Test
public void testAddUserWithoutAdminRole() throws Exception {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
assertTrue(auth.isAuthenticated());
UserManager userManager = makeInterceptedTarget();
User user = new User("admin");
user.setId(2L);
try {
userManager.saveUser(user);
fail("AccessDeniedException not thrown");
} catch (AccessDeniedException expected) {
assertNotNull(expected);
Assert.assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED);
}
}
// Test fix to http://issues.appfuse.org/browse/APF-96
@Test
public void testUpdateUserWithUserRole() throws Exception {
UserManager userManager = makeInterceptedTarget();
final User user = new User("user");
user.setId(1L);
user.getRoles().add(new Role(Constants.USER_ROLE));
context.checking(
new Expectations() {
{
one(userDao).saveUser(with(same(user)));
}
});
userManager.saveUser(user);
}
@Test
public void testSignupUser() throws Exception {
MockHttpServletRequest request = newPost("/signup.html");
Address address = new Address();
address.setCity("Denver");
address.setProvince("Colorado");
address.setCountry("USA");
address.setPostalCode("80210");
User user = new User();
user.setAddress(address);
user.setUsername("self-registered");
user.setPassword("Password1");
user.setConfirmPassword("Password1");
user.setFirstName("First");
user.setLastName("Last");
user.setEmail("*****@*****.**");
user.setWebsite("http://raibledesigns.com");
user.setPasswordHint("Password is one with you.");
HttpServletResponse response = new MockHttpServletResponse();
// start SMTP Server
Wiser wiser = new Wiser();
wiser.setPort(getSmtpPort());
wiser.start();
BindingResult errors = new DataBinder(user).getBindingResult();
c.onSubmit(user, errors, request, response);
assertFalse("errors returned in model", errors.hasErrors());
// verify an account information e-mail was sent
wiser.stop();
assertTrue(wiser.getMessages().size() == 1);
// verify that success messages are in the request
assertNotNull(request.getSession().getAttribute("successMessages"));
assertNotNull(request.getSession().getAttribute(Constants.REGISTERED));
SecurityContextHolder.getContext().setAuthentication(null);
}
@Before
public void setUp() throws Exception {
// store initial security context for later restoration
initialSecurityContext = SecurityContextHolder.getContext();
SecurityContext context = new SecurityContextImpl();
User user = new User("user");
user.setId(1L);
user.setPassword("password");
user.addRole(new Role(Constants.USER_ROLE));
UsernamePasswordAuthenticationToken token =
new UsernamePasswordAuthenticationToken(
user.getUsername(), user.getPassword(), user.getAuthorities());
token.setDetails(user);
context.setAuthentication(token);
SecurityContextHolder.setContext(context);
}