diff --git a/webgoat-lessons/missing-function-ac/src/test/org/owasp/webgoat/plugin/DisplayUserTest.java b/webgoat-lessons/missing-function-ac/src/test/org/owasp/webgoat/plugin/DisplayUserTest.java new file mode 100644 index 000000000..7930283dd --- /dev/null +++ b/webgoat-lessons/missing-function-ac/src/test/org/owasp/webgoat/plugin/DisplayUserTest.java @@ -0,0 +1,22 @@ +package org.owasp.webgoat.plugin; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.runners.MockitoJUnitRunner; +import org.owasp.webgoat.users.WebGoatUser; + +@RunWith(MockitoJUnitRunner.class) +public class DisplayUserTest { + + @Test + public void TestDisplayUserCreation() { + DisplayUser displayUser = new DisplayUser(new WebGoatUser("user1","password1")); + assert(!displayUser.isAdmin()); + } + + @Test + public void TesDisplayUserHash() { + DisplayUser displayUser = new DisplayUser(new WebGoatUser("user1","password1")); + assert(displayUser.getUserHash().equals("cplTjehjI/e5ajqTxWaXhU5NW9UotJfXj+gcbPvfWWc=")); + } +} diff --git a/webgoat-lessons/missing-function-ac/src/test/org/owasp/webgoat/plugin/MissingFunctionACUsersTest.java b/webgoat-lessons/missing-function-ac/src/test/org/owasp/webgoat/plugin/MissingFunctionACUsersTest.java new file mode 100644 index 000000000..de8d13e31 --- /dev/null +++ b/webgoat-lessons/missing-function-ac/src/test/org/owasp/webgoat/plugin/MissingFunctionACUsersTest.java @@ -0,0 +1,67 @@ +package org.owasp.webgoat.plugin; + +import org.hamcrest.CoreMatchers; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.runners.MockitoJUnitRunner; +import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.service.HintService; +import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.users.UserService; +import org.owasp.webgoat.users.WebGoatUser; +import org.springframework.test.util.ReflectionTestUtils; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import org.springframework.test.web.servlet.result.MockMvcResultHandlers; + +import java.util.ArrayList; +import java.util.List; + +import static org.mockito.Mockito.when; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; + +@RunWith(MockitoJUnitRunner.class) +public class MissingFunctionACUsersTest { + private MockMvc mockMvc; + @Mock + private WebSession websession; + @Mock + private AbstractLesson lesson; + @Mock + private UserService userService; + + @Before + public void setup() { + MissingFunctionACUsers usersController = new MissingFunctionACUsers(); + this.mockMvc = standaloneSetup(usersController).build(); + ReflectionTestUtils.setField(usersController,"userService",userService); + when(userService.getAllUsers()).thenReturn(getUsersList()); + } + + @Test + public void TestContentTypeApplicationJSON () throws Exception { + mockMvc.perform(MockMvcRequestBuilders.get("/users") + .header("Content-type","application/json")) + .andDo(MockMvcResultHandlers.print()) + .andExpect(status().isOk()) + .andExpect(jsonPath("$[0].username", CoreMatchers.is("user1"))) + .andExpect(jsonPath("$[0].userHash",CoreMatchers.is("cplTjehjI/e5ajqTxWaXhU5NW9UotJfXj+gcbPvfWWc="))) + .andExpect(jsonPath("$[1].admin",CoreMatchers.is(true))); + + } + + private List getUsersList() { + List tempUsers = new ArrayList<>(); + tempUsers.add(new WebGoatUser("user1","password1")); + tempUsers.add(new WebGoatUser("user2","password2","WEBGOAT_ADMIN")); + tempUsers.add(new WebGoatUser("user3","password3", "WEBGOAT_USER")); + return tempUsers; + } + + + +}