From 43a157518754736271e8d11bf3038619ef74fc9e Mon Sep 17 00:00:00 2001 From: jendib Date: Thu, 17 Mar 2016 01:43:10 +0100 Subject: [PATCH] #18: PUT /group --- .../sismics/docs/core/dao/jpa/GroupDao.java | 12 ++-- .../sismics/docs/core/model/jpa/Group.java | 12 ++-- .../docs/rest/resource/GroupResource.java | 70 +++++++++++++++++++ .../sismics/docs/rest/TestAppResource.java | 16 ++--- .../sismics/docs/rest/TestFileResource.java | 66 ++++++++--------- .../sismics/docs/rest/TestGroupResource.java | 34 +++++++++ .../com/sismics/docs/rest/TestSecurity.java | 18 ++--- .../sismics/docs/rest/TestShareResource.java | 16 ++--- .../sismics/docs/rest/TestUserResource.java | 44 ++++++------ .../docs/rest/TestVocabularyResource.java | 10 +-- 10 files changed, 204 insertions(+), 94 deletions(-) create mode 100644 docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java create mode 100644 docs-web/src/test/java/com/sismics/docs/rest/TestGroupResource.java diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/GroupDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/GroupDao.java index 955ac26c..337a1321 100644 --- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/GroupDao.java +++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/GroupDao.java @@ -20,15 +20,17 @@ import com.sismics.util.context.ThreadLocalContext; */ public class GroupDao { /** - * Gets a group by its ID. + * Returns a group by name. * - * @param id Group ID - * @return Group + * @param name Name + * @return Tag */ - public Group getById(String id) { + public Group getByName(String name) { EntityManager em = ThreadLocalContext.get().getEntityManager(); + Query q = em.createQuery("select g from Group g where g.name = :name and g.deleteDate is null"); + q.setParameter("name", name); try { - return em.find(Group.class, id); + return (Group) q.getSingleResult(); } catch (NoResultException e) { return null; } diff --git a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Group.java b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Group.java index b8981323..800b599d 100644 --- a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Group.java +++ b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Group.java @@ -46,24 +46,27 @@ public class Group implements Loggable { return id; } - public void setId(String id) { + public Group setId(String id) { this.id = id; + return this; } public String getParentId() { return parentId; } - public void setParentId(String parentId) { + public Group setParentId(String parentId) { this.parentId = parentId; + return this; } public String getName() { return name; } - public void setName(String name) { + public Group setName(String name) { this.name = name; + return this; } @Override @@ -71,8 +74,9 @@ public class Group implements Loggable { return deleteDate; } - public void setDeleteDate(Date deleteDate) { + public Group setDeleteDate(Date deleteDate) { this.deleteDate = deleteDate; + return this; } @Override diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java new file mode 100644 index 00000000..dda9f424 --- /dev/null +++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java @@ -0,0 +1,70 @@ +package com.sismics.docs.rest.resource; + +import java.text.MessageFormat; + +import javax.json.Json; +import javax.json.JsonObjectBuilder; +import javax.ws.rs.FormParam; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.core.Response; + +import com.google.common.base.Strings; +import com.sismics.docs.core.dao.jpa.GroupDao; +import com.sismics.docs.core.model.jpa.Group; +import com.sismics.docs.rest.constant.BaseFunction; +import com.sismics.rest.exception.ClientException; +import com.sismics.rest.exception.ForbiddenClientException; +import com.sismics.rest.util.ValidationUtil; + +/** + * Group REST resources. + * + * @author bgamard + */ +@Path("/group") +public class GroupResource extends BaseResource { + /** + * Add a group. + * + * @return Response + */ + @PUT + public Response add(@FormParam("parent") String parentName, + @FormParam("name") String name) { + if (!authenticate()) { + throw new ForbiddenClientException(); + } + checkBaseFunction(BaseFunction.ADMIN); + + // Validate input + name = ValidationUtil.validateLength(name, "name", 1, 50, false); + + // Avoid duplicates + GroupDao groupDao = new GroupDao(); + Group existingGroup = groupDao.getByName(name); + if (existingGroup != null) { + throw new ClientException("GroupAlreadyExists", MessageFormat.format("This group already exists: {0}", name)); + } + + // Validate parent + String parentId = null; + if (!Strings.isNullOrEmpty(parentName)) { + Group parentGroup = groupDao.getByName(parentName); + if (parentGroup == null) { + throw new ClientException("ParentGroupNotFound", MessageFormat.format("This group doest not exists: {0}", parentName)); + } + parentId = parentGroup.getId(); + } + + // Create the group + groupDao.create(new Group() + .setName(name) + .setParentId(parentId), principal.getId()); + + // Always return OK + JsonObjectBuilder response = Json.createObjectBuilder() + .add("status", "ok"); + return Response.ok().entity(response.build()).build(); + } +} diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java index 9c1b426f..e6cf2e40 100644 --- a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java +++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java @@ -27,11 +27,11 @@ public class TestAppResource extends BaseJerseyTest { @Test public void testAppResource() { // Login admin - String adminAuthenticationToken = clientUtil.login("admin", "admin", false); + String adminToken = clientUtil.login("admin", "admin", false); // Check the application info JsonObject json = target().path("/app").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .get(JsonObject.class); String currentVersion = json.getString("current_version"); Assert.assertNotNull(currentVersion); @@ -44,19 +44,19 @@ public class TestAppResource extends BaseJerseyTest { // Rebuild Lucene index Response response = target().path("/app/batch/reindex").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .post(Entity.form(new Form())); Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus())); // Clean storage response = target().path("/app/batch/clean_storage").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .post(Entity.form(new Form())); Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus())); // Recompute quota response = target().path("/app/batch/recompute_quota").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .post(Entity.form(new Form())); Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus())); } @@ -69,13 +69,13 @@ public class TestAppResource extends BaseJerseyTest { @Test public void testLogResource() { // Login admin - String adminAuthenticationToken = clientUtil.login("admin", "admin", false); + String adminToken = clientUtil.login("admin", "admin", false); // Check the logs (page 1) JsonObject json = target().path("/app/log") .queryParam("level", "DEBUG") .request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .get(JsonObject.class); JsonArray logs = json.getJsonArray("logs"); Assert.assertTrue(logs.size() > 0); @@ -88,7 +88,7 @@ public class TestAppResource extends BaseJerseyTest { .queryParam("offset", "10") .queryParam("level", "DEBUG") .request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .get(JsonObject.class); logs = json.getJsonArray("logs"); Assert.assertTrue(logs.size() > 0); diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java index f4e851b3..93cd5a5c 100644 --- a/docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java +++ b/docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java @@ -42,12 +42,12 @@ public class TestFileResource extends BaseJerseyTest { public void testFileResource() throws Exception { // Login file1 clientUtil.createUser("file1"); - String file1AuthenticationToken = clientUtil.login("file1"); + String file1Token = clientUtil.login("file1"); // Create a document long create1Date = new Date().getTime(); JsonObject json = target().path("/document").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .put(Entity.form(new Form() .param("title", "File test document 1") .param("language", "eng") @@ -63,7 +63,7 @@ public class TestFileResource extends BaseJerseyTest { json = target() .register(MultiPartFeature.class) .path("/file").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .put(Entity.entity(multiPart.field("id", document1Id).bodyPart(streamDataBodyPart), MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class); file1Id = json.getString("id"); @@ -80,7 +80,7 @@ public class TestFileResource extends BaseJerseyTest { json = target() .register(MultiPartFeature.class) .path("/file").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .put(Entity.entity(multiPart.field("id", document1Id).bodyPart(streamDataBodyPart), MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class); file2Id = json.getString("id"); @@ -90,7 +90,7 @@ public class TestFileResource extends BaseJerseyTest { // Get the file data Response response = target().path("/file/" + file1Id + "/data").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .get(); InputStream is = (InputStream) response.getEntity(); byte[] fileBytes = ByteStreams.toByteArray(is); @@ -101,7 +101,7 @@ public class TestFileResource extends BaseJerseyTest { response = target().path("/file/" + file1Id + "/data") .queryParam("size", "thumb") .request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .get(); Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus())); is = (InputStream) response.getEntity(); @@ -113,7 +113,7 @@ public class TestFileResource extends BaseJerseyTest { response = target().path("/file/" + file1Id + "/data") .queryParam("size", "web") .request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .get(); Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus())); is = (InputStream) response.getEntity(); @@ -131,7 +131,7 @@ public class TestFileResource extends BaseJerseyTest { json = target().path("/file/list") .queryParam("id", document1Id) .request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .get(JsonObject.class); JsonArray files = json.getJsonArray("files"); Assert.assertEquals(2, files.size()); @@ -141,7 +141,7 @@ public class TestFileResource extends BaseJerseyTest { // Reorder files json = target().path("/file/reorder").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .post(Entity.form(new Form() .param("id", document1Id) .param("order", file2Id) @@ -151,7 +151,7 @@ public class TestFileResource extends BaseJerseyTest { json = target().path("/file/list") .queryParam("id", document1Id) .request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .get(JsonObject.class); files = json.getJsonArray("files"); Assert.assertEquals(2, files.size()); @@ -162,7 +162,7 @@ public class TestFileResource extends BaseJerseyTest { response = target().path("/file/zip") .queryParam("id", document1Id) .request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .get(); is = (InputStream) response.getEntity(); fileBytes = ByteStreams.toByteArray(is); @@ -170,13 +170,13 @@ public class TestFileResource extends BaseJerseyTest { // Deletes a file json = target().path("/file/" + file1Id).request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .delete(JsonObject.class); Assert.assertEquals("ok", json.getString("status")); // Get the file data (not found) response = target().path("/file/" + file1Id + "/data").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .get(); Assert.assertEquals(Status.NOT_FOUND, Status.fromStatusCode(response.getStatus())); @@ -192,7 +192,7 @@ public class TestFileResource extends BaseJerseyTest { json = target().path("/file/list") .queryParam("id", document1Id) .request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token) .get(JsonObject.class); files = json.getJsonArray("files"); Assert.assertEquals(1, files.size()); @@ -202,7 +202,7 @@ public class TestFileResource extends BaseJerseyTest { public void testOrphanFile() throws Exception { // Login file2 clientUtil.createUser("file2"); - String file2AuthenticationToken = clientUtil.login("file2"); + String file2Token = clientUtil.login("file2"); // Add a file String file1Id = null; @@ -212,7 +212,7 @@ public class TestFileResource extends BaseJerseyTest { JsonObject json = target() .register(MultiPartFeature.class) .path("/file").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token) .put(Entity.entity(multiPart.bodyPart(streamDataBodyPart), MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class); file1Id = json.getString("id"); @@ -222,14 +222,14 @@ public class TestFileResource extends BaseJerseyTest { // Get all orphan files JsonObject json = target().path("/file/list").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token) .get(JsonObject.class); JsonArray files = json.getJsonArray("files"); Assert.assertEquals(1, files.size()); // Get the file data Response response = target().path("/file/" + file1Id + "/data").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token) .get(); InputStream is = (InputStream) response.getEntity(); byte[] fileBytes = ByteStreams.toByteArray(is); @@ -238,7 +238,7 @@ public class TestFileResource extends BaseJerseyTest { // Create a document json = target().path("/document").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token) .put(Entity.form(new Form() .param("title", "File test document 1") .param("language", "eng")), JsonObject.class); @@ -247,7 +247,7 @@ public class TestFileResource extends BaseJerseyTest { // Attach a file to a document json = target().path("/file/" + file1Id).request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token) .post(Entity.form(new Form() .param("id", document1Id)), JsonObject.class); @@ -255,7 +255,7 @@ public class TestFileResource extends BaseJerseyTest { json = target().path("/file/list") .queryParam("id", document1Id) .request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token) .get(JsonObject.class); files = json.getJsonArray("files"); Assert.assertEquals(1, files.size()); @@ -268,7 +268,7 @@ public class TestFileResource extends BaseJerseyTest { json = target() .register(MultiPartFeature.class) .path("/file").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token) .put(Entity.entity(multiPart.bodyPart(streamDataBodyPart), MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class); file2Id = json.getString("id"); @@ -278,7 +278,7 @@ public class TestFileResource extends BaseJerseyTest { // Deletes a file json = target().path("/file/" + file2Id).request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token) .delete(JsonObject.class); Assert.assertEquals("ok", json.getString("status")); } @@ -287,7 +287,7 @@ public class TestFileResource extends BaseJerseyTest { public void testQuota() throws Exception { // Login file_quota clientUtil.createUser("file_quota"); - String fileQuotaAuthenticationToken = clientUtil.login("file_quota"); + String fileQuotaToken = clientUtil.login("file_quota"); // Add a file (292641 bytes large) String file1Id = null; @@ -297,7 +297,7 @@ public class TestFileResource extends BaseJerseyTest { JsonObject json = target() .register(MultiPartFeature.class) .path("/file").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken) .put(Entity.entity(multiPart.bodyPart(streamDataBodyPart), MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class); file1Id = json.getString("id"); @@ -307,7 +307,7 @@ public class TestFileResource extends BaseJerseyTest { // Check current quota JsonObject json = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken) .get(JsonObject.class); Assert.assertEquals(292641l, json.getJsonNumber("storage_current").longValue()); @@ -318,7 +318,7 @@ public class TestFileResource extends BaseJerseyTest { target() .register(MultiPartFeature.class) .path("/file").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken) .put(Entity.entity(multiPart.bodyPart(streamDataBodyPart), MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class); } @@ -326,7 +326,7 @@ public class TestFileResource extends BaseJerseyTest { // Check current quota json = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken) .get(JsonObject.class); Assert.assertEquals(585282l, json.getJsonNumber("storage_current").longValue()); @@ -337,7 +337,7 @@ public class TestFileResource extends BaseJerseyTest { target() .register(MultiPartFeature.class) .path("/file").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken) .put(Entity.entity(multiPart.bodyPart(streamDataBodyPart), MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class); } @@ -345,7 +345,7 @@ public class TestFileResource extends BaseJerseyTest { // Check current quota json = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken) .get(JsonObject.class); Assert.assertEquals(877923l, json.getJsonNumber("storage_current").longValue()); @@ -356,7 +356,7 @@ public class TestFileResource extends BaseJerseyTest { Response response = target() .register(MultiPartFeature.class) .path("/file").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken) .put(Entity.entity(multiPart.bodyPart(streamDataBodyPart), MediaType.MULTIPART_FORM_DATA_TYPE)); Assert.assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus()); @@ -365,13 +365,13 @@ public class TestFileResource extends BaseJerseyTest { // Deletes a file json = target().path("/file/" + file1Id).request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken) .delete(JsonObject.class); Assert.assertEquals("ok", json.getString("status")); // Check current quota json = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken) .get(JsonObject.class); Assert.assertEquals(585282l, json.getJsonNumber("storage_current").longValue()); } diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestGroupResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestGroupResource.java new file mode 100644 index 00000000..46f24a3a --- /dev/null +++ b/docs-web/src/test/java/com/sismics/docs/rest/TestGroupResource.java @@ -0,0 +1,34 @@ +package com.sismics.docs.rest; + +import javax.json.JsonObject; +import javax.ws.rs.client.Entity; +import javax.ws.rs.core.Form; + +import org.junit.Test; + +import com.sismics.util.filter.TokenBasedSecurityFilter; + + +/** + * Test the group resource. + * + * @author bgamard + */ +public class TestGroupResource extends BaseJerseyTest { + /** + * Test the group resource. + * + * @throws JSONException + */ + @Test + public void testGroupResource() { + // Login admin + String adminToken = clientUtil.login("admin", "admin", false); + + // Create a group + target().path("/group").request() + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) + .put(Entity.form(new Form() + .param("name", "Group 1")), JsonObject.class); + } +} \ No newline at end of file diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java b/docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java index a05571fd..0b938a64 100644 --- a/docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java +++ b/docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java @@ -38,11 +38,11 @@ public class TestSecurity extends BaseJerseyTest { Assert.assertEquals("You don't have access to this resource", json.getString("message")); // User testsecurity logs in - String testSecurityAuthenticationToken = clientUtil.login("testsecurity"); + String testSecurityToken = clientUtil.login("testsecurity"); // User testsecurity creates a new user KO : no permission response = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityToken) .put(Entity.form(new Form())); Assert.assertEquals(Status.FORBIDDEN, Status.fromStatusCode(response.getStatus())); Assert.assertEquals("ForbiddenError", json.getString("type")); @@ -50,29 +50,29 @@ public class TestSecurity extends BaseJerseyTest { // User testsecurity changes his email OK json = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityToken) .post(Entity.form(new Form() .param("email", "testsecurity2@docs.com")), JsonObject.class); Assert.assertEquals("ok", json.getString("status")); // User testsecurity logs out response = target().path("/user/logout").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityToken) .post(Entity.form(new Form())); Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus())); - testSecurityAuthenticationToken = clientUtil.getAuthenticationCookie(response); - Assert.assertTrue(StringUtils.isEmpty(testSecurityAuthenticationToken)); + testSecurityToken = clientUtil.getAuthenticationCookie(response); + Assert.assertTrue(StringUtils.isEmpty(testSecurityToken)); // User testsecurity logs out KO : he is not connected anymore response = target().path("/user/logout").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityToken) .post(Entity.form(new Form())); Assert.assertEquals(Status.FORBIDDEN, Status.fromStatusCode(response.getStatus())); // User testsecurity logs in with a long lived session - testSecurityAuthenticationToken = clientUtil.login("testsecurity", "12345678", true); + testSecurityToken = clientUtil.login("testsecurity", "12345678", true); // User testsecurity logs out - clientUtil.logout(testSecurityAuthenticationToken); + clientUtil.logout(testSecurityToken); } } \ No newline at end of file diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java index eea8ab85..4bccaf43 100644 --- a/docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java +++ b/docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java @@ -36,11 +36,11 @@ public class TestShareResource extends BaseJerseyTest { public void testShareResource() throws Exception { // Login share1 clientUtil.createUser("share1"); - String share1AuthenticationToken = clientUtil.login("share1"); + String share1Token = clientUtil.login("share1"); // Create a document JsonObject json = target().path("/document").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1Token) .put(Entity.form(new Form() .param("title", "File test document 1") .param("language", "eng")), JsonObject.class); @@ -55,7 +55,7 @@ public class TestShareResource extends BaseJerseyTest { json = target() .register(MultiPartFeature.class) .path("/file").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1Token) .put(Entity.entity(multiPart.field("id", document1Id).bodyPart(streamDataBodyPart), MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class); file1Id = json.getString("id"); @@ -64,7 +64,7 @@ public class TestShareResource extends BaseJerseyTest { // Share this document json = target().path("/share").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1Token) .put(Entity.form(new Form() .param("id", document1Id) .param("name", "4 All")), JsonObject.class); @@ -107,9 +107,9 @@ public class TestShareResource extends BaseJerseyTest { // Deletes the share (not allowed) clientUtil.createUser("share2"); - String share2AuthenticationToken = clientUtil.login("share2"); + String share2Token = clientUtil.login("share2"); response = target().path("/share/" + share1Id).request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share2AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share2Token) .delete(); Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus())); json = response.readEntity(JsonObject.class); @@ -117,13 +117,13 @@ public class TestShareResource extends BaseJerseyTest { // Deletes the share json = target().path("/share/" + share1Id).request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1Token) .delete(JsonObject.class); Assert.assertEquals("ok", json.getString("status")); // Deletes the share again response = target().path("/share/" + share1Id).request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1AuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1Token) .delete(); Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus())); json = response.readEntity(JsonObject.class); diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java index a67ce500..aca82154 100644 --- a/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java +++ b/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java @@ -37,14 +37,14 @@ public class TestUserResource extends BaseJerseyTest { clientUtil.createUser("alice"); // Login admin - String adminAuthenticationToken = clientUtil.login("admin", "admin", false); + String adminToken = clientUtil.login("admin", "admin", false); // List all users json = target().path("/user/list") .queryParam("sort_column", 2) .queryParam("asc", false) .request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .get(JsonObject.class); JsonArray users = json.getJsonArray("users"); Assert.assertTrue(users.size() > 0); @@ -58,7 +58,7 @@ public class TestUserResource extends BaseJerseyTest { // Create a user KO (login length validation) Response response = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .put(Entity.form(new Form() .param("username", " bb ") .param("email", "bob@docs.com") @@ -71,7 +71,7 @@ public class TestUserResource extends BaseJerseyTest { // Create a user KO (login format validation) response = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .put(Entity.form(new Form() .param("username", "bob-") .param("email", "bob@docs.com") @@ -84,7 +84,7 @@ public class TestUserResource extends BaseJerseyTest { // Create a user KO (invalid quota) response = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .put(Entity.form(new Form() .param("username", "bob") .param("email", "bob@docs.com") @@ -97,7 +97,7 @@ public class TestUserResource extends BaseJerseyTest { // Create a user KO (email format validation) response = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .put(Entity.form(new Form() .param("username", "bob") .param("email", "bobdocs.com") @@ -115,12 +115,12 @@ public class TestUserResource extends BaseJerseyTest { .param("password", " 12345678 ") .param("storage_quota", "10"); json = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .put(Entity.form(form), JsonObject.class); // Create a user bob KO : duplicate username response = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .put(Entity.form(form)); Assert.assertNotSame(Status.OK, Status.fromStatusCode(response.getStatus())); json = response.readEntity(JsonObject.class); @@ -144,12 +144,12 @@ public class TestUserResource extends BaseJerseyTest { String aliceAuthToken = clientUtil.getAuthenticationCookie(response); // Login user bob twice - String bobAuthToken = clientUtil.login("bob"); - String bobAuthToken2 = clientUtil.login("bob"); + String bobToken = clientUtil.login("bob"); + String bobToken2 = clientUtil.login("bob"); // List sessions response = target().path("/user/session").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobAuthToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobToken) .get(); Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus())); json = response.readEntity(JsonObject.class); @@ -160,13 +160,13 @@ public class TestUserResource extends BaseJerseyTest { // Delete all sessions response = target().path("/user/session").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobAuthToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobToken) .delete(); Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus())); // Check bob user information with token 2 (just deleted) response = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobAuthToken2) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobToken2) .get(); Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus())); json = response.readEntity(JsonObject.class); @@ -183,7 +183,7 @@ public class TestUserResource extends BaseJerseyTest { // Check bob user information json = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobAuthToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobToken) .get(JsonObject.class); Assert.assertEquals("bob@docs.com", json.getString("email")); @@ -238,11 +238,11 @@ public class TestUserResource extends BaseJerseyTest { clientUtil.createUser("admin_user1"); // Login admin - String adminAuthenticationToken = clientUtil.login("admin", "admin", false); + String adminToken = clientUtil.login("admin", "admin", false); // Check admin information JsonObject json = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .get(JsonObject.class); Assert.assertTrue(json.getBoolean("is_default_password")); Assert.assertEquals(0l, json.getJsonNumber("storage_current").longValue()); @@ -250,27 +250,27 @@ public class TestUserResource extends BaseJerseyTest { // User admin updates his information json = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .post(Entity.form(new Form() .param("email", "newadminemail@docs.com")), JsonObject.class); Assert.assertEquals("ok", json.getString("status")); // Check admin information update json = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .get(JsonObject.class); Assert.assertEquals("newadminemail@docs.com", json.getString("email")); // User admin update admin_user1 information json = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .post(Entity.form(new Form() .param("email", " alice2@docs.com ")), JsonObject.class); Assert.assertEquals("ok", json.getString("status")); // User admin deletes himself: forbidden Response response = target().path("/user").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .delete(); Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus())); json = response.readEntity(JsonObject.class); @@ -278,13 +278,13 @@ public class TestUserResource extends BaseJerseyTest { // User admin deletes user admin_user1 json = target().path("/user/admin_user1").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .delete(JsonObject.class); Assert.assertEquals("ok", json.getString("status")); // User admin deletes user admin_user1 : KO (user doesn't exist) response = target().path("/user/admin_user1").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .delete(); Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus())); json = response.readEntity(JsonObject.class); diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java index 491bab7a..9d2005e3 100644 --- a/docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java +++ b/docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java @@ -29,7 +29,7 @@ public class TestVocabularyResource extends BaseJerseyTest { String vocabulary1Token = clientUtil.login("vocabulary1"); // Login admin - String adminAuthenticationToken = clientUtil.login("admin", "admin", false); + String adminToken = clientUtil.login("admin", "admin", false); // Get coverage vocabularies entries JsonObject json = target().path("/vocabulary/coverage").request() @@ -49,7 +49,7 @@ public class TestVocabularyResource extends BaseJerseyTest { // Create a vocabulary entry with admin json = target().path("/vocabulary").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .put(Entity.form(new Form() .param("name", "test-voc-1") .param("value", "First value") @@ -62,7 +62,7 @@ public class TestVocabularyResource extends BaseJerseyTest { // Create a vocabulary entry with admin Response response = target().path("/vocabulary").request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .put(Entity.form(new Form() .param("name", "NOT_VALID") .param("value", "First value") @@ -81,7 +81,7 @@ public class TestVocabularyResource extends BaseJerseyTest { // Update a vocabulary entry with admin json = target().path("/vocabulary/" + vocabulary1Id).request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .post(Entity.form(new Form() .param("name", "test-voc-1-updated") .param("value", "First value updated") @@ -103,7 +103,7 @@ public class TestVocabularyResource extends BaseJerseyTest { // Delete a vocabulary entry with admin json = target().path("/vocabulary/" + vocabulary1Id).request() - .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken) + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .delete(JsonObject.class); // Get test-voc-1-updated vocabularies entries