merge tests from www-2.x

author: Vitaly Takmazov 2018-08-27 10:20:47 +0300
committer: Vitaly Takmazov 2018-08-27 10:45:58 +0300
commit: 926bdf95c75ac8f4abbc403b0a2c24327e405903 (patch)
tree: 23f5ac38873c912bcd4d793916fea8e921915123
parent: b8f55bc41ddbeb9e274436534fd4eb58706f73a9 (diff)
3 files changed, 55 insertions, 0 deletions
diff --git a/juick-server/src/main/java/com/juick/server/api/Messages.java b/juick-server/src/main/java/com/juick/server/api/Messages.java
index d7c07391..db6463dd 100644
--- a/juick-server/src/main/java/com/juick/server/api/Messages.java
+++ b/juick-server/src/main/java/com/juick/server/api/Messages.java
@@ -24,10 +24,12 @@ import com.juick.server.Utils;
 import com.juick.server.component.MessageReadEvent;
 import com.juick.server.helpers.CommandResult;
 import com.juick.server.util.HttpBadRequestException;
+import com.juick.server.util.HttpNotFoundException;
 import com.juick.server.util.UserUtils;
 import com.juick.service.MessagesService;
 import com.juick.service.TagService;
 import com.juick.service.UserService;
+import com.juick.service.security.entities.JuickUser;
 import org.apache.commons.io.IOUtils;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.http.HttpStatus;
@@ -167,6 +169,10 @@ public class Messages {
             if (!messagesService.canViewThread(mid, visitor.getUid())) {
                 return FORBIDDEN;
             } else {
+                JuickUser juickUser = new JuickUser(userService.getUserByName(msg.getUser().getName()));
+                if (!juickUser.isEnabled()) {
+                    throw new HttpNotFoundException();
+                }
                 msg.setRecommendations(new HashSet<>(messagesService.getMessageRecommendations(msg.getMid())));
                 List<com.juick.Message> replies = messagesService.getReplies(visitor, mid);
                 if (!visitor.isAnonymous()) {
diff --git a/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java b/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java
index 807f4a9d..125e4f63 100644
--- a/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java
+++ b/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java
@@ -20,6 +20,8 @@ package com.juick.service;
 import com.juick.*;
 import com.juick.server.helpers.PrivacyOpts;
 import com.juick.server.helpers.ResponseReply;
+import com.juick.server.util.HttpNotFoundException;
+import com.juick.service.security.entities.JuickUser;
 import com.juick.util.MessageUtils;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -649,6 +651,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
                 .addValue("privacy", privacy)
                 .addValue("before", before);
 
+        JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+        if (!juickUser.isEnabled()) {
+            throw new HttpNotFoundException();
+        }
+
         return getNamedParameterJdbcTemplate().queryForList(
                 "SELECT message_id FROM messages WHERE user_id = :uid" +
                         (before > 0 ?
@@ -667,6 +674,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
                 .addValue("privacy", privacy)
                 .addValue("before", before);
 
+        JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+        if (!juickUser.isEnabled()) {
+            throw new HttpNotFoundException();
+        }
+
         return getNamedParameterJdbcTemplate().queryForList(
                 "SELECT messages.message_id FROM messages_tags INNER JOIN messages " +
                         " USING (message_id) WHERE messages.user_id = :uid AND messages_tags.tag_id = :tid " +
@@ -685,6 +697,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
                 .addValue("privacy", privacy)
                 .addValue("daysback", daysback);
 
+        JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+        if (!juickUser.isEnabled()) {
+            throw new HttpNotFoundException();
+        }
+
         return getNamedParameterJdbcTemplate().queryForList(
                 "SELECT message_id FROM messages WHERE user_id = :uid" +
                         (daysback > 0 ?
@@ -703,6 +720,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
                 .addValue("privacy", privacy)
                 .addValue("before", before);
 
+        JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+        if (!juickUser.isEnabled()) {
+            throw new HttpNotFoundException();
+        }
+
         return getNamedParameterJdbcTemplate().queryForList(
                 "SELECT message_id FROM " +
                     "(SELECT message_id FROM favorites " +
diff --git a/juick-server/src/test/java/com/juick/server/tests/ServerTests.java b/juick-server/src/test/java/com/juick/server/tests/ServerTests.java
index 9f573e82..88cdd24c 100644
--- a/juick-server/src/test/java/com/juick/server/tests/ServerTests.java
+++ b/juick-server/src/test/java/com/juick/server/tests/ServerTests.java
@@ -1225,6 +1225,7 @@ public class ServerTests {
         assertThat(getStatus.get().getInbound().size(), is(0));
         ConnectionIn test = new ConnectionIn(server, new Socket("localhost", server.getServerPort()));
         test.from.add(Jid.of("test"));
+        server.getInConnections().clear();
         server.addConnectionIn(test);
         assertThat(getStatus.get().getInbound().size(), is(1));
     }
@@ -1255,4 +1256,30 @@ public class ServerTests {
         // uid, name, xmlns, xmlns:user
         assertThat(attrs.getLength(), is(4));
     }
+    @Test
+    public void bannedUserBlogandPostShouldReturn404() throws Exception {
+        String userName = "isilmine";
+        String userPassword = "secret";
+        String msgText = "автор этого поста был забанен";
+
+        User isilmine = userService.getUserByUID(userService.createUser(userName, userPassword)).orElseThrow(IllegalStateException::new);
+        int mid = messagesService.createMessage(isilmine.getUid(), msgText, null, null);
+        mockMvc.perform(get(String.format("/thread?mid=%d", mid)).with(httpBasic(ugnichName, ugnichPassword)))
+                .andExpect(status().isOk());
+        jdbcTemplate.update("UPDATE users SET banned=1 WHERE id=?", isilmine.getUid());
+        mockMvc.perform(get(String.format("/thread?mid=%d", mid)).with(httpBasic(ugnichName, ugnichPassword)))
+                .andExpect(status().isNotFound());
+        mockMvc.perform(get("/messages?uname=isilmine").with(httpBasic(ugnichName, ugnichPassword)))
+                .andExpect(status().isNotFound());
+    }
+
+    @Test
+    public void emptyPasswordMeansUserIsDisabled() throws Exception {
+        String userName = "oldschooluser";
+        String userPassword = "";
+
+        userService.createUser(userName, userPassword);
+
+        mockMvc.perform(get("/auth").with(httpBasic(userName, userPassword))).andExpect(status().isUnauthorized());
+    }
 }
author	Vitaly Takmazov	2018-08-27 10:20:47 +0300
committer	Vitaly Takmazov	2018-08-27 10:45:58 +0300
commit	926bdf95c75ac8f4abbc403b0a2c24327e405903 (patch)
tree	23f5ac38873c912bcd4d793916fea8e921915123
parent	b8f55bc41ddbeb9e274436534fd4eb58706f73a9 (diff)