jessebrault/meals-made-easy-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added security tests to ImageControllerTests.

Browse Source
This commit is contained in:
Jesse Brault 2024-07-27 15:23:52 -05:00
parent eeb58aa5a1
commit 2565e63a7d
1 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/integrationTest/java/app/mealsmadeeasy/api/image/ImageControllerTests.java
View File

@ -159,6 +159,56 @@ public class ImageControllerTests {
this.doGetImageTestWithViewer(accessToken); this.doGetImageTestWithViewer(accessToken);
} }
@Test
@DirtiesContext
public void getNonPublicImageNoPrincipalForbidden() throws Exception {
final User owner = this.createTestUser("imageOwner");
this.createHal9000(owner);
this.mockMvc.perform(
get("/images/imageOwner/HAL9000.svg")
).andExpect(status().isForbidden());
}
@Test
@DirtiesContext
public void getNonPublicImageWithPrincipalForbidden() throws Exception {
final User owner = this.createTestUser("imageOwner");
final User viewer = this.createTestUser("viewer");
this.createHal9000(owner);
final String accessToken = this.getAccessToken(viewer.getUsername());
this.mockMvc.perform(
get("/images/imageOwner/HAL9000.svg")
.header("Authorization", "Bearer " + accessToken)
).andExpect(status().isForbidden());
}
@Test
@DirtiesContext
public void getImageWithViewersNoPrincipalForbidden() throws Exception {
final User owner = this.createTestUser("imageOwner");
final User viewer = this.createTestUser("viewer");
final Image image = this.createHal9000(owner);
this.addViewer(image, owner, viewer);
this.mockMvc.perform(
get("/images/imageOwner/HAL9000.svg")
).andExpect(status().isForbidden());
}
@Test
@DirtiesContext
public void getImageWithViewersWrongViewerForbidden() throws Exception {
final User owner = this.createTestUser("imageOwner");
final User viewer = this.createTestUser("viewer");
final User wrongViewer = this.createTestUser("wrongViewer");
final Image image = this.createHal9000(owner);
this.addViewer(image, owner, viewer);
final String accessToken = this.getAccessToken(wrongViewer.getUsername());
this.mockMvc.perform(
get("/images/imageOwner/HAL9000.svg")
.header("Authorization", "Bearer " + accessToken)
).andExpect(status().isForbidden());
}
@Test @Test
@DirtiesContext @DirtiesContext
public void putImage() throws Exception { public void putImage() throws Exception {