use of org.structr.web.entity.User in project structr by structr.
the class PerformanceTest method setup.
// ----- private methods -----
private SecurityContext setup() {
final App app = StructrApp.getInstance();
User user = null;
try (final Tx tx = app.tx()) {
user = app.create(User.class, new NodeAttribute<>(StructrApp.key(AbstractNode.class, "name"), "admin"), new NodeAttribute<>(StructrApp.key(User.class, "password"), "admin"), new NodeAttribute<>(StructrApp.key(User.class, "isAdmin"), true));
tx.success();
} catch (FrameworkException ex) {
logger.error(ex.toString());
fail("Unexpected exception");
}
return SecurityContext.getInstance(user, AccessMode.Backend);
}
use of org.structr.web.entity.User in project structr by structr.
the class SimpleTest method check.
// ----- private methods -----
private void check() {
try (final Tx tx = app.tx()) {
final List<User> users = app.nodeQuery(User.class).getAsList();
assertEquals("Expected no users to be created because of constraints", 0, users.size());
tx.success();
} catch (FrameworkException fex) {
fail("Unexpected exception");
logger.warn("", fex);
}
}
use of org.structr.web.entity.User in project structr by structr.
the class UiScriptingTest method testDoPrivileged.
@Test
public void testDoPrivileged() {
User tester = null;
try (final Tx tx = app.tx()) {
// create admin user
createTestNode(User.class, new NodeAttribute<>(StructrApp.key(User.class, "name"), "admin"), new NodeAttribute<>(StructrApp.key(User.class, "password"), "admin"), new NodeAttribute<>(StructrApp.key(User.class, "isAdmin"), true));
// create test user
tester = createTestNode(User.class, new NodeAttribute<>(StructrApp.key(User.class, "name"), "tester"), new NodeAttribute<>(StructrApp.key(User.class, "password"), "test"));
tx.success();
} catch (FrameworkException fex) {
fex.printStackTrace();
fail("Unexpected exception.");
}
final String script1 = "${{ return Structr.find('User', 'name', 'admin'); }}\n";
final String script2 = "${{ return Structr.doPrivileged(function() { return Structr.find('User', 'name', 'admin'); }); }}\n";
final SecurityContext userContext = SecurityContext.getInstance(tester, AccessMode.Backend);
final App app = StructrApp.getInstance(userContext);
final RenderContext renderContext = new RenderContext(userContext, new RequestMockUp(), new ResponseMockUp(), RenderContext.EditMode.NONE);
try (final Tx tx = app.tx()) {
// unprivileged call
final Object result = Scripting.evaluate(renderContext, null, script1, "test");
assertEquals("Result is of invalid type", ArrayList.class, result.getClass());
assertEquals("Script in user context should not see admin", 0, ((List) result).size());
tx.success();
} catch (FrameworkException fex) {
fex.printStackTrace();
fail("Unexpected exception.");
}
try (final Tx tx = app.tx()) {
// doPrivileged call
final Object result = Scripting.evaluate(renderContext, null, script2, "test");
assertEquals("Result is of invalid type", ArrayList.class, result.getClass());
assertEquals("Privileged script should not see admin", 1, ((List) result).size());
tx.success();
} catch (FrameworkException fex) {
fex.printStackTrace();
fail("Unexpected exception.");
}
}
use of org.structr.web.entity.User in project structr by structr.
the class UiTest method testImageAndThumbnailDelete.
@Test
public void testImageAndThumbnailDelete() {
User tester = null;
try (final Tx tx = app.tx()) {
final Image image = ImageHelper.createFileBase64(securityContext, base64Image, Image.class);
tester = app.create(User.class, "tester");
image.setProperty(Image.name, "test.png");
// allow non-admin user to delete the image
image.grant(Permission.delete, tester);
image.grant(Permission.read, tester);
image.getProperty(StructrApp.key(Image.class, "tnSmall"));
image.getProperty(StructrApp.key(Image.class, "tnMid"));
assertEquals("Image should have two thumbnails", 2, image.getThumbnails().size());
tx.success();
} catch (IOException | FrameworkException fex) {
fex.printStackTrace();
fail("Unexpected exception");
}
final SecurityContext ctx = SecurityContext.getInstance(tester, AccessMode.Backend);
final App testerApp = StructrApp.getInstance(ctx);
try (final Tx tx = testerApp.tx()) {
final Image deleteMe = testerApp.nodeQuery(Image.class).getFirst();
assertNotNull("Image should be visible to test user", deleteMe);
testerApp.delete(deleteMe);
tx.success();
} catch (FrameworkException fex) {
fex.printStackTrace();
}
try (final Tx tx = testerApp.tx()) {
assertEquals("No images should be visible to test user", 0, testerApp.nodeQuery(Image.class).getAsList().size());
tx.success();
} catch (FrameworkException fex) {
fex.printStackTrace();
}
}
use of org.structr.web.entity.User in project structr by structr.
the class UserSelfRegistrationTest method testResetPassword.
@Test
public void testResetPassword() {
final String eMail = "test@structr.com";
String id = null;
// since we cannot test the mail confirmation workflow, we just disable sending an e-mail
Settings.SmtpTesting.setValue(true);
Settings.ForceArrays.setValue(false);
// switch to REST servlet
RestAssured.basePath = restUrl;
grant("_resetPassword", UiAuthenticator.NON_AUTH_USER_POST, true);
grant("_login", UiAuthenticator.NON_AUTH_USER_POST, false);
try (final Tx tx = app.tx()) {
final User user = app.create(User.class, new NodeAttribute<>(StructrApp.key(User.class, "name"), "tester"), new NodeAttribute<>(StructrApp.key(User.class, "eMail"), eMail), new NodeAttribute<>(StructrApp.key(User.class, "password"), "correct"));
// store ID for later user
id = user.getProperty(User.id);
tx.success();
} catch (Throwable t) {
fail("Unexpected exception.");
}
// verify failing login
RestAssured.given().body("{ eMail: '" + eMail + "', password: 'incorrect' }").expect().statusCode(401).body("code", equalTo(401)).body("message", equalTo("Wrong username or password, or user is blocked. Check caps lock. Note: Username is case sensitive!")).when().post("/login");
// verify successful login
RestAssured.given().body("{ eMail: '" + eMail + "', password: 'correct' }").filter(ResponseLoggingFilter.logResponseTo(System.out)).expect().statusCode(200).body("result.type", equalTo("User")).body("result.name", equalTo("tester")).body("result.isUser", equalTo(true)).body("result.id", equalTo(id)).when().post("/login");
// verify reset password doesn't disclose information about existing users
RestAssured.given().body("{ eMail: 'unknown@structr.com' }").expect().statusCode(200).when().post("/reset-password");
RestAssured.given().body("{ eMail: '" + eMail + "' }").expect().statusCode(200).when().post("/reset-password");
}
Aggregations