/* * This file is part of ARSnova Backend. * Copyright (C) 2012-2017 The ARSnova Team * * ARSnova Backend is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * ARSnova Backend is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ package de.thm.arsnova.services; import de.thm.arsnova.config.AppConfig; import de.thm.arsnova.config.TestAppConfig; import de.thm.arsnova.config.TestSecurityConfig; import de.thm.arsnova.dao.StubDatabaseDao; import de.thm.arsnova.entities.InterposedQuestion; import de.thm.arsnova.entities.Question; import de.thm.arsnova.exceptions.NotFoundException; import org.junit.After; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; import java.util.ArrayList; import java.util.List; import static org.junit.Assert.*; @RunWith(SpringJUnit4ClassRunner.class) @WebAppConfiguration @ContextConfiguration(classes = {AppConfig.class, TestAppConfig.class, TestSecurityConfig.class}) @ActiveProfiles("test") public class QuestionServiceTest { @Autowired private IQuestionService questionService; @Autowired private StubUserService userService; @Autowired private StubDatabaseDao databaseDao; private void setAuthenticated(final boolean isAuthenticated, final String username) { if (isAuthenticated) { final List<GrantedAuthority> ga = new ArrayList<>(); final UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, "secret", ga); SecurityContextHolder.getContext().setAuthentication(token); userService.setUserAuthenticated(isAuthenticated, username); } else { userService.setUserAuthenticated(isAuthenticated); } } @Before public void startup() { SecurityContextHolder.clearContext(); } @After public void cleanup() { SecurityContextHolder.clearContext(); } @Test(expected = AuthenticationCredentialsNotFoundException.class) public void testShouldNotReturnQuestionsIfNotAuthenticated() { setAuthenticated(false, "nobody"); questionService.getSkillQuestions("12345678"); } @Test(expected = NotFoundException.class) public void testShouldFindQuestionsForNonExistantSession() { setAuthenticated(true, "ptsr00"); questionService.getSkillQuestions("00000000"); } @Test public void testShouldFindQuestions() { setAuthenticated(true, "ptsr00"); assertEquals(1, questionService.getSkillQuestionCount("12345678")); } @Test public void testShouldMarkInterposedQuestionAsReadIfSessionCreator() throws Exception { setAuthenticated(true, "ptsr00"); final InterposedQuestion theQ = new InterposedQuestion(); theQ.setRead(false); theQ.set_id("the internal id"); theQ.setSessionId("12345678"); databaseDao.interposedQuestion = theQ; questionService.readInterposedQuestion(theQ.get_id()); assertTrue(theQ.isRead()); } @Test public void testShouldNotMarkInterposedQuestionAsReadIfRegularUser() throws Exception { setAuthenticated(true, "regular user"); final InterposedQuestion theQ = new InterposedQuestion(); theQ.setRead(false); theQ.set_id("the internal id"); theQ.setSessionId("12345678"); theQ.setCreator("regular user"); databaseDao.interposedQuestion = theQ; questionService.readInterposedQuestion(theQ.get_id()); assertFalse(theQ.isRead()); } @Test(expected = AccessDeniedException.class) public void testShouldSaveQuestion() throws Exception{ setAuthenticated(true, "regular user"); final Question question = new Question(); question.setSessionKeyword("12345678"); question.setQuestionVariant("freetext"); questionService.saveQuestion(question); } @Test(expected = AccessDeniedException.class) public void testShouldNotDeleteQuestion() throws Exception{ setAuthenticated(true, "otheruser"); questionService.deleteQuestion("a1a2a3a4a5a6a7a8a9a"); } @Test(expected = AccessDeniedException.class) public void testShouldNotDeleteInterposedQuestion() throws Exception{ setAuthenticated(true, "otheruser"); questionService.deleteInterposedQuestion("a1a2a3a4a5a6a7a8a9a"); } }