Skip to content

Commit

Permalink
Highlight authz issue on epersons endpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
@abollini
abollini committed Jun 1, 2018
1 parent 6af5349 commit 07b4926
Showing 1 changed file with 38 additions and 6 deletions.
44 changes: 38 additions & 6 deletions dspace-spring-rest/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ public void findAllTest() throws Exception {
.withEmail("Johndoe@gmail.com")
.build();

getClient().perform(get("/api/eperson/eperson"))
String authToken = getAuthToken(admin.getEmail(), password);
getClient(authToken).perform(get("/api/eperson/eperson"))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("$._embedded.epersons", Matchers.containsInAnyOrder(
Expand All @@ -46,6 +47,33 @@ public void findAllTest() throws Exception {
;
}

@Test
public void findAllUnauthorizedTest() throws Exception {
context.turnOffAuthorisationSystem();

EPerson newUser = EPersonBuilder.createEPerson(context)
.withNameInMetadata("John", "Doe")
.withEmail("Johndoe@gmail.com")
.build();

getClient().perform(get("/api/eperson/eperson"))
.andExpect(status().isUnauthorized());
}

@Test
public void findAllForbiddenTest() throws Exception {
context.turnOffAuthorisationSystem();

EPerson newUser = EPersonBuilder.createEPerson(context)
.withNameInMetadata("John", "Doe")
.withEmail("Johndoe@gmail.com")
.build();

String authToken = getAuthToken(eperson.getEmail(), password);
getClient(authToken).perform(get("/api/eperson/eperson"))
.andExpect(status().isForbidden());
}

@Test
public void findAllPaginationTest() throws Exception {
context.turnOffAuthorisationSystem();
Expand All @@ -55,8 +83,9 @@ public void findAllPaginationTest() throws Exception {
.withEmail("Johndoe@gmail.com")
.build();

String authToken = getAuthToken(admin.getEmail(), password);
// using size = 2 the first page will contains our test user and admin
getClient().perform(get("/api/eperson/eperson")
getClient(authToken).perform(get("/api/eperson/eperson")
.param("size", "2"))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
Expand All @@ -74,7 +103,7 @@ public void findAllPaginationTest() throws Exception {
;

// using size = 2 the first page will contains our test user and admin
getClient().perform(get("/api/eperson/eperson")
getClient(authToken).perform(get("/api/eperson/eperson")
.param("size", "2")
.param("page", "1"))
.andExpect(status().isOk())
Expand Down Expand Up @@ -102,7 +131,8 @@ public void findOneTest() throws Exception {
.withEmail("janesmith@gmail.com")
.build();

getClient().perform(get("/api/eperson/epersons/" + ePerson2.getID()))
String authToken = getAuthToken(admin.getEmail(), password);
getClient(authToken).perform(get("/api/eperson/epersons/" + ePerson2.getID()))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("$", is(
Expand Down Expand Up @@ -130,7 +160,8 @@ public void findOneRelsTest() throws Exception {
.withEmail("janesmith@gmail.com")
.build();

getClient().perform(get("/api/eperson/epersons/" + ePerson2.getID()))
String authToken = getAuthToken(admin.getEmail(), password);
getClient(authToken).perform(get("/api/eperson/epersons/" + ePerson2.getID()))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("$", is(
Expand Down Expand Up @@ -160,7 +191,8 @@ public void findOneTestWrongUUID() throws Exception {
.withEmail("janesmith@gmail.com")
.build();

getClient().perform(get("/api/eperson/epersons/" + UUID.randomUUID()))
String authToken = getAuthToken(admin.getEmail(), password);
getClient(authToken).perform(get("/api/eperson/epersons/" + UUID.randomUUID()))
.andExpect(status().isNotFound());

}
Expand Down

0 comments on commit 07b4926

Please sign in to comment.