fr.msch.wissl.server.TestUsers.java Source code

Java tutorial

Introduction

Here is the source code for fr.msch.wissl.server.TestUsers.java

Source

/* This file is part of Wissl - Copyright (C) 2013 Mathieu Schnoor
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
package fr.msch.wissl.server;

import java.io.IOException;

import junit.framework.Assert;

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
import org.junit.Test;

/**
 * Functional test for the following rest server endpoints:
 * <ul>
 * <li>/users
 * <li>/user/{user_id}
 * <li>/user/add
 * <li>/user/password
 * <li>/user/remove
 * </ul>
 * 
 * @author mathieu.schnoor@gmail.com
 *
 */
public class TestUsers extends TServer {

    @Test
    public void test() throws IOException, JSONException {
        HttpClient client = new HttpClient();

        // check the users and sessions created by TServer
        GetMethod get = new GetMethod(TServer.URL + "users");
        get.addRequestHeader("sessionId", this.user_sessionId);
        client.executeMethod(get);
        Assert.assertEquals(200, get.getStatusCode());
        JSONObject obj = new JSONObject(get.getResponseBodyAsString());
        JSONArray users = obj.getJSONArray("users");
        Assert.assertEquals(2, users.length());
        for (int i = 0; i < 2; i++) {
            JSONObject u = users.getJSONObject(i);
            String username = u.getString("username");
            if (username.equals(this.user_username)) {
                Assert.assertEquals(this.user_userId, u.getInt("id"));
                Assert.assertEquals(2, u.getInt("auth"));
                Assert.assertEquals(0, u.getInt("downloaded"));
            } else if (username.equals(this.admin_username)) {
                Assert.assertEquals(this.admin_userId, u.getInt("id"));
                Assert.assertEquals(1, u.getInt("auth"));
                Assert.assertEquals(0, u.getInt("downloaded"));
            } else {
                Assert.fail("Unexpected user:" + username);
            }
        }

        JSONArray sessions = obj.getJSONArray("sessions");
        Assert.assertEquals(2, sessions.length());
        for (int i = 0; i < 2; i++) {
            JSONObject s = sessions.getJSONObject(i);
            String username = s.getString("username");
            if (username.equals(this.user_username)) {
                Assert.assertEquals(this.user_userId, s.getInt("user_id"));
                Assert.assertTrue(s.getInt("last_activity") >= 0); // might be 0
                Assert.assertTrue(s.getInt("created_at") >= 0);
                Assert.assertFalse(s.has("origins")); // admin only
                Assert.assertFalse(s.has("last_played_song"));
            }
        }

        // unknown user: 404
        get = new GetMethod(TServer.URL + "user/100");
        get.addRequestHeader("sessionId", this.user_sessionId);
        client.executeMethod(get);
        Assert.assertEquals(404, get.getStatusCode());

        // check admin user
        get = new GetMethod(TServer.URL + "user/" + this.admin_userId);
        get.addRequestHeader("sessionId", this.admin_sessionId);
        client.executeMethod(get);
        Assert.assertEquals(200, get.getStatusCode());
        obj = new JSONObject(get.getResponseBodyAsString());
        JSONObject u = obj.getJSONObject("user");
        Assert.assertEquals(this.admin_userId, u.getInt("id"));
        Assert.assertEquals(this.admin_username, u.getString("username"));
        Assert.assertEquals(1, u.getInt("auth"));
        Assert.assertEquals(0, u.getInt("downloaded"));
        sessions = obj.getJSONArray("sessions");
        Assert.assertEquals(1, sessions.length());
        JSONObject s = sessions.getJSONObject(0);

        Assert.assertEquals(this.admin_userId, s.getInt("user_id"));
        Assert.assertTrue(s.getInt("last_activity") >= 0); // might be 0
        Assert.assertTrue(s.getInt("created_at") > 0);
        Assert.assertTrue(s.has("origins")); // admin only
        Assert.assertFalse(s.has("last_played_song"));
        Assert.assertTrue(obj.getJSONArray("playlists").length() == 0);

        // create a new user with user account: error 401
        PostMethod post = new PostMethod(TServer.URL + "user/add");
        post.addRequestHeader("sessionId", this.user_sessionId);
        post.addParameter("username", "new-user");
        post.addParameter("password", "new-pw");
        client.executeMethod(post);
        Assert.assertEquals(401, post.getStatusCode());

        // create new user with empty username: err 400
        post = new PostMethod(TServer.URL + "user/add");
        post.addRequestHeader("sessionId", this.admin_sessionId);
        post.addParameter("username", "");
        post.addParameter("password", "new-pw");
        post.addParameter("auth", "1");
        client.executeMethod(post);
        Assert.assertEquals(400, post.getStatusCode());

        // create new user with short password: err 400
        post = new PostMethod(TServer.URL + "user/add");
        post.addRequestHeader("sessionId", this.admin_sessionId);
        post.addParameter("username", "new-user");
        post.addParameter("password", "pw");
        post.addParameter("auth", "1");
        client.executeMethod(post);
        Assert.assertEquals(400, post.getStatusCode());

        // create new user with invalid auth: err 400
        post = new PostMethod(TServer.URL + "user/add");
        post.addRequestHeader("sessionId", this.admin_sessionId);
        post.addParameter("username", "new-user");
        post.addParameter("password", "pw");
        post.addParameter("auth", "3");
        client.executeMethod(post);
        Assert.assertEquals(400, post.getStatusCode());

        int new_userId = -1;
        String new_sessionId = null;
        String new_username = "new-user";
        String new_password = "new-pw";

        // create new user
        post = new PostMethod(TServer.URL + "user/add");
        post.addRequestHeader("sessionId", this.admin_sessionId);
        post.addParameter("username", new_username);
        post.addParameter("password", new_password);
        post.addParameter("auth", "2");
        client.executeMethod(post);
        Assert.assertEquals(200, post.getStatusCode());
        u = new JSONObject(post.getResponseBodyAsString()).getJSONObject("user");
        new_userId = u.getInt("id");
        Assert.assertEquals(new_username, u.getString("username"));
        Assert.assertEquals(2, u.getInt("auth"));

        // check new user 
        get = new GetMethod(TServer.URL + "user/" + new_userId);
        get.addRequestHeader("sessionId", this.user_sessionId);
        client.executeMethod(get);
        Assert.assertEquals(200, get.getStatusCode());
        obj = new JSONObject(get.getResponseBodyAsString());
        Assert.assertTrue(obj.getJSONArray("playlists").length() == 0);
        Assert.assertEquals(0, obj.getJSONArray("sessions").length());

        // login new user
        obj = new JSONObject(this.login(new_username, new_password));
        Assert.assertEquals(new_userId, obj.getInt("userId"));
        new_sessionId = obj.getString("sessionId");

        // check if logged in with /users
        get = new GetMethod(URL + "users");
        get.addRequestHeader("sessionId", new_sessionId);
        client.executeMethod(get);
        Assert.assertEquals(200, get.getStatusCode());
        obj = new JSONObject(get.getResponseBodyAsString());
        users = obj.getJSONArray("users");
        Assert.assertEquals(3, users.length());
        for (int i = 0; i < 3; i++) {
            u = users.getJSONObject(i);
            String username = u.getString("username");
            if (username.equals(new_username)) {
                Assert.assertEquals(new_userId, u.getInt("id"));
            } else {
                Assert.assertTrue(username.equals(user_username) || username.equals(admin_username));
            }
        }
        sessions = obj.getJSONArray("sessions");
        Assert.assertEquals(3, sessions.length());
        for (int i = 0; i < 3; i++) {
            s = sessions.getJSONObject(i);
            String username = s.getString("username");
            if (username.equals(new_username)) {
                Assert.assertEquals(new_userId, s.getInt("user_id"));
                Assert.assertTrue(s.getInt("last_activity") >= 0); // might be 0
                Assert.assertTrue(s.getInt("created_at") > 0);
                Assert.assertFalse(s.has("origins")); // admin only
                Assert.assertFalse(s.has("last_played_song"));
            } else {
                Assert.assertTrue(username.equals(user_username) || username.equals(admin_username));
            }
        }

        // try to change password without the old password: 401
        post = new PostMethod(URL + "user/password");
        post.addRequestHeader("sessionId", new_sessionId);
        post.addParameter("old_password", "password");
        post.addParameter("new_password", "password2");
        client.executeMethod(post);
        Assert.assertEquals(401, post.getStatusCode());

        // change password for new user
        post = new PostMethod(URL + "user/password");
        post.addRequestHeader("sessionId", new_sessionId);
        post.addParameter("old_password", new_password);
        new_password = "something else";
        post.addParameter("new_password", new_password);
        client.executeMethod(post);
        Assert.assertEquals(204, post.getStatusCode());

        // logout and relogin with new password
        post = new PostMethod(URL + "logout");
        post.addRequestHeader("sessionId", new_sessionId);
        client.executeMethod(post);
        Assert.assertEquals(204, post.getStatusCode());

        obj = new JSONObject(this.login(new_username, new_password));
        Assert.assertEquals(new_userId, obj.getInt("userId"));
        new_sessionId = obj.getString("sessionId");

        // try to delete an user as user: 401
        post = new PostMethod(URL + "user/remove");
        post.addRequestHeader("sessionId", user_sessionId);
        post.addParameter("user_ids[]", "" + new_userId);
        client.executeMethod(post);
        Assert.assertEquals(401, post.getStatusCode());

        // try to delete no user: 400
        post = new PostMethod(URL + "user/remove");
        post.addRequestHeader("sessionId", admin_sessionId);
        client.executeMethod(post);
        Assert.assertEquals(400, post.getStatusCode());

        // try to delete admin with admin: 400
        post = new PostMethod(URL + "user/remove");
        post.addRequestHeader("sessionId", admin_sessionId);
        post.addParameter("user_ids[]", "" + admin_userId);
        client.executeMethod(post);
        Assert.assertEquals(400, post.getStatusCode());

        // delete both regular users
        post = new PostMethod(URL + "user/remove");
        post.addRequestHeader("sessionId", admin_sessionId);
        post.addParameter("user_ids[]", "" + user_userId);
        post.addParameter("user_ids[]", "" + new_userId);
        client.executeMethod(post);
        Assert.assertEquals(204, post.getStatusCode());

        // check that old sessions do not work anymore
        get = new GetMethod(URL + "users");
        get.addRequestHeader("sessionId", user_sessionId);
        client.executeMethod(get);
        Assert.assertEquals(401, get.getStatusCode());

        // check that there is only 1 user
        get = new GetMethod(URL + "users");
        get.addRequestHeader("sessionId", admin_sessionId);
        client.executeMethod(get);
        Assert.assertEquals(200, get.getStatusCode());
        obj = new JSONObject(get.getResponseBodyAsString());
        Assert.assertEquals(obj.getJSONArray("users").length(), 1);
        Assert.assertEquals(obj.getJSONArray("sessions").length(), 1);

    }
}