@Test
public void testCreateDoStuffAndRollbackTransaction() throws IOException {
/* create a tx */
final HttpPost createTx = new HttpPost(serverAddress + "fcr:tx");
final String txLocation;
try (final CloseableHttpResponse response = execute(createTx)) {
assertEquals(CREATED.getStatusCode(), getStatus(response));
txLocation = getLocation(response);
}
/* create a new object inside the tx */
final HttpPost postNew = new HttpPost(txLocation);
final String id = getRandomUniqueId();
postNew.addHeader("Slug", id);
try (CloseableHttpResponse resp = execute(postNew)) {
assertEquals(CREATED.getStatusCode(), getStatus(resp));
}
/* fetch the created tx from the endpoint */
try (final CloseableDataset dataset = getDataset(new HttpGet(txLocation + "/" + id))) {
assertTrue(
dataset.asDatasetGraph().contains(ANY, createURI(txLocation + "/" + id), ANY, ANY));
}
/* fetch the created tx from the endpoint */
assertEquals(
"Expected to not find our object within the scope of the transaction",
NOT_FOUND.getStatusCode(),
getStatus(new HttpGet(serverAddress + "/" + id)));
/* and rollback */
assertEquals(
NO_CONTENT.getStatusCode(), getStatus(new HttpPost(txLocation + "/fcr:tx/fcr:rollback")));
}
JsonValue performDynamicClientRegistration(
final Context context,
final JsonValue clientRegistrationConfiguration,
final URI registrationEndpoint)
throws RegistrationException {
final Request request = new Request();
request.setMethod("POST");
request.setUri(registrationEndpoint);
request.setEntity(clientRegistrationConfiguration.asMap());
final Response response;
try {
response = blockingCall(registrationHandler, context, request);
} catch (InterruptedException e) {
throw new RegistrationException(
format("Interrupted while waiting for '%s' response", request.getUri()), e);
}
if (!CREATED.equals(response.getStatus())) {
throw new RegistrationException(
"Cannot perform dynamic registration: this can be caused "
+ "by the distant server(busy, offline...) "
+ "or a malformed registration response.");
}
try {
return getJsonContent(response);
} catch (OAuth2ErrorException e) {
throw new RegistrationException(
"Cannot perform dynamic registration: invalid response JSON content.");
}
}
/**
* Tests that transactions cannot be hijacked, even if created by an anonymous user
*
* @throws IOException exception thrown during this function
*/
@Test
public void testTransactionHijackingNotPossibleAnoymous() throws IOException {
/* anonymous user creates a transaction */
final String txLocation = createTransaction();
/* fedoraAdmin attempts to puts to anonymous transaction and fails */
try (final CloseableHttpResponse responseFedoraAdmin =
executeWithBasicAuth(new HttpPut(txLocation), "fedoraAdmin", "fedoraAdmin")) {
assertEquals(
"Status should be GONE because putting on a transaction of a different user is not permitted",
GONE.getStatusCode(),
getStatus(responseFedoraAdmin));
}
/* fedoraUser attempts to put to anonymous transaction and fails */
try (final CloseableHttpResponse responseFedoraUser =
executeWithBasicAuth(new HttpPut(txLocation), "fedoraUser", "fedoraUser")) {
assertEquals(
"Status should be GONE because putting on a transaction of a different user isn't permitted",
GONE.getStatusCode(),
getStatus(responseFedoraUser));
}
/* transaction is still intact and any anonymous user can successfully put to it */
assertEquals(
"Status should be CREATED after putting",
CREATED.getStatusCode(),
getStatus(new HttpPut(txLocation + "/" + getRandomUniqueId())));
}
@Test
public void testCreateDoStuffAndCommitTransaction() throws IOException {
/* create a tx */
final String txLocation = createTransaction();
/* create a new object inside the tx */
final String objectInTxCommit = getRandomUniqueId();
final HttpPost postNew = new HttpPost(txLocation);
postNew.addHeader("Slug", objectInTxCommit);
assertEquals(CREATED.getStatusCode(), getStatus(postNew));
/* fetch the created tx from the endpoint */
try (CloseableDataset dataset = getDataset(new HttpGet(txLocation + "/" + objectInTxCommit))) {
assertTrue(
dataset
.asDatasetGraph()
.contains(ANY, createURI(txLocation + "/" + objectInTxCommit), ANY, ANY));
}
/* fetch the object-in-tx outside of the tx */
assertEquals(
"Expected to not find our object within the scope of the transaction",
NOT_FOUND.getStatusCode(),
getStatus(new HttpGet(serverAddress + objectInTxCommit)));
/* and commit */
assertEquals(
NO_CONTENT.getStatusCode(), getStatus(new HttpPost(txLocation + "/fcr:tx/fcr:commit")));
/* fetch the object-in-tx outside of the tx after it has been committed */
try (CloseableDataset dataset = getDataset(new HttpGet(serverAddress + objectInTxCommit))) {
assertTrue(
"Expected to find our object after the transaction was committed",
dataset
.asDatasetGraph()
.contains(ANY, createURI(serverAddress + objectInTxCommit), ANY, ANY));
}
}
@Test
public void whenSignUpTwiceWithSameEmail_shouldFailOnSecondSignUp() throws Exception {
HttpRequest signUpRequest = signUpRequest("*****@*****.**", "pass");
assertThat(signUpRequest.code()).isEqualTo(CREATED.getStatusCode());
HttpRequest signUpRequest2 = signUpRequest("*****@*****.**", "pass");
assertThat(signUpRequest2.code()).isEqualTo(CONFLICT.getStatusCode());
}
private void addDatastreamACLs(final RolesFadTestObjectBean obj, final String dsid)
throws Exception {
if (obj.getDatastreamACLs(dsid) != null) {
final String jsonACLs = createJsonACLs(obj.getDatastreamACLs(dsid));
logger.debug("addDatastreamACLs: Datastream path: {}/{}", obj.getPath(), dsid);
logger.debug("addDatastreamACLs: JSON acls: {}{}", jsonACLs);
assertEquals(CREATED.getStatusCode(), postRoles(obj.getPath() + "/" + dsid, jsonACLs));
}
}
@Test
public void testTransactionKeepAlive() throws IOException {
/* create a tx */
try (final CloseableHttpResponse response = execute(new HttpPost(serverAddress + "fcr:tx"))) {
assertEquals(CREATED.getStatusCode(), getStatus(response));
assertEquals(
NO_CONTENT.getStatusCode(), getStatus(new HttpPost(getLocation(response) + "/fcr:tx")));
}
}
@Test
public void signOut_shouldReturnTrue_ifSignsOutBeingSignedIn() throws Exception {
HttpRequest signUpRequest = signUpRequest("*****@*****.**", "pass");
assertThat(signUpRequest.code()).isEqualTo(CREATED.getStatusCode());
String token = signUpRequest.body().toString();
assertThat(token).isNotEmpty();
HttpRequest signOutRequest = signOutRequest(token);
assertThat(signOutRequest.code()).isEqualTo(OK.getStatusCode());
assertThat(signOutRequest.body()).isEqualTo("true");
}
protected void ingestObject(final RolesFadTestObjectBean obj) throws Exception {
final HttpPut method = putObjMethod(obj.getPath());
setAuth(method, "fedoraAdmin");
final HttpResponse response = client.execute(method);
final String content = EntityUtils.toString(response.getEntity());
final int status = response.getStatusLine().getStatusCode();
assertEquals(
"Didn't get a CREATED response! Got content:\n" + content, CREATED.getStatusCode(), status);
addObjectACLs(obj);
addDatastreams(obj);
}
/**
* Tests that transactions cannot be hijacked
*
* @throws IOException exception thrown during this function
*/
@Test
public void testTransactionHijackingNotPossible() throws IOException {
/* "fedoraAdmin" creates a transaction */
final String txLocation;
try (final CloseableHttpResponse response =
executeWithBasicAuth(
new HttpPost(serverAddress + "fcr:tx"), "fedoraAdmin", "fedoraAdmin")) {
assertEquals(
"Status should be CREATED after creating a transaction with user fedoraAdmin",
CREATED.getStatusCode(),
getStatus(response));
txLocation = getLocation(response);
}
/* "fedoraUser" puts to "fedoraAdmin"'s transaction and fails */
try (final CloseableHttpResponse responseFedoraUser =
executeWithBasicAuth(new HttpPut(txLocation), "fedoraUser", "fedoraUser")) {
assertEquals(
"Status should be GONE because putting on a transaction of a different user is not allowed",
GONE.getStatusCode(),
getStatus(responseFedoraUser));
}
/* anonymous user puts to "fedoraAdmin"'s transaction and fails */
assertEquals(
"Status should be GONE because putting on a transaction of a different user is not allowed",
GONE.getStatusCode(),
getStatus(new HttpPut(txLocation)));
/* transaction is still intact and "fedoraAdmin" - the owner - can successfully put to it */
try (final CloseableHttpResponse responseFromPutToTx =
executeWithBasicAuth(
new HttpPut(txLocation + "/" + getRandomUniqueId()), "fedoraAdmin", "fedoraAdmin")) {
assertEquals(
"Status should be CREATED after putting",
CREATED.getStatusCode(),
getStatus(responseFromPutToTx));
}
}
private void addDatastreams(final RolesFadTestObjectBean obj) throws Exception {
for (final Map<String, String> entries : obj.getDatastreams()) {
for (final Map.Entry<String, String> entry : entries.entrySet()) {
final String dsid = entry.getKey();
final HttpPost method = postDSMethod(obj.getPath(), dsid, entry.getValue());
setAuth(method, "fedoraAdmin");
final HttpResponse response = client.execute(method);
final String content = EntityUtils.toString(response.getEntity());
final int status = response.getStatusLine().getStatusCode();
assertEquals(
"Didn't get a CREATED response! Got content:\n" + content,
CREATED.getStatusCode(),
status);
addDatastreamACLs(obj, dsid);
}
}
}
/**
* Tests whether a Sparql update is visible within a transaction and if the update is made
* persistent along with the commit.
*
* @throws IOException exception thrown during this function
*/
@Test
public void testIngestNewWithSparqlPatchWithinTransaction() throws IOException {
final String objectInTxCommit = getRandomUniqueId();
/* create new tx */
final String txLocation = createTransaction();
final HttpPost postNew = new HttpPost(txLocation);
postNew.addHeader("Slug", objectInTxCommit);
final String newObjectLocation;
try (CloseableHttpResponse resp = execute(postNew)) {
assertEquals(CREATED.getStatusCode(), getStatus(resp));
newObjectLocation = getLocation(resp);
}
/* update sparql */
final HttpPatch method = new HttpPatch(newObjectLocation);
method.addHeader(CONTENT_TYPE, "application/sparql-update");
final String newTitle = "this is a new title";
method.setEntity(
new StringEntity(
"INSERT { <> <http://purl.org/dc/elements/1.1/title> \"" + newTitle + "\" } WHERE {}"));
assertEquals("Didn't get a NO CONTENT status!", NO_CONTENT.getStatusCode(), getStatus(method));
/* make sure the change was made within the tx */
try (final CloseableDataset dataset = getDataset(new HttpGet(newObjectLocation))) {
assertTrue(
"The sparql update did not succeed within a transaction",
dataset
.asDatasetGraph()
.contains(
ANY, createURI(newObjectLocation), title.asNode(), createLiteral(newTitle)));
}
/* commit */
assertEquals(
NO_CONTENT.getStatusCode(), getStatus(new HttpPost(txLocation + "/fcr:tx/fcr:commit")));
/* it must exist after commit */
try (final CloseableDataset dataset =
getDataset(new HttpGet(serverAddress + objectInTxCommit))) {
assertTrue(
"The inserted triple does not exist after the transaction has committed",
dataset.asDatasetGraph().contains(ANY, ANY, title.asNode(), createLiteral(newTitle)));
}
}
@Test
public void signUp_shouldCreateAnUser() throws Exception {
HttpRequest signUpRequest = signUpRequest("*****@*****.**", "pass");
assertThat(signUpRequest.code()).isEqualTo(CREATED.getStatusCode());
}
private void addObjectACLs(final RolesFadTestObjectBean obj) throws Exception {
if (obj.getACLs().size() > 0) {
final String jsonACLs = createJsonACLs(obj.getACLs());
assertEquals(CREATED.getStatusCode(), postRoles(obj.getPath(), jsonACLs));
}
}
