Fix NPE when deleting invalid replies

diff --git a/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java b/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java
index 240271c..0cd6b4f 100644 (file)
--- a/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java
@@ -58,7 +58,7 @@ public class DeleteReplyPage extends SoneTemplatePage {
                Optional<PostReply> reply = webInterface.getCore().getPostReply(replyId);
                String returnPage = request.getHttpRequest().getPartAsStringFailsafe("returnPage", 256);
                if (request.getMethod() == Method.POST) {
-                       if (!reply.get().getSone().isLocal()) {
+                       if (!reply.isPresent() || !reply.get().getSone().isLocal()) {
                                throw new RedirectException("noPermission.html");
                        }
                        if (request.getHttpRequest().isPartSet("confirmDelete")) {

diff --git a/src/test/java/net/pterodactylus/sone/web/DeleteReplyPageTest.java b/src/test/java/net/pterodactylus/sone/web/DeleteReplyPageTest.java
new file mode 100644 (file)
index 0000000..80c8a2f
--- /dev/null
+++ b/src/test/java/net/pterodactylus/sone/web/DeleteReplyPageTest.java
@@ -0,0 +1,65 @@
+package net.pterodactylus.sone.web;
+
+import static net.pterodactylus.sone.web.WebTestUtils.redirectsTo;
+import static org.mockito.Matchers.anyInt;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.RETURNS_DEEP_STUBS;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.util.Collections;
+
+import net.pterodactylus.sone.data.PostReply;
+import net.pterodactylus.sone.data.Sone;
+import net.pterodactylus.sone.web.page.FreenetRequest;
+import net.pterodactylus.util.notify.Notification;
+import net.pterodactylus.util.template.Template;
+import net.pterodactylus.util.template.TemplateContext;
+import net.pterodactylus.util.web.Method;
+
+import freenet.support.api.HTTPRequest;
+
+import com.google.common.base.Optional;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.mockito.Matchers;
+
+/**
+ * Unit test for {@link DeleteReplyPage}.
+ *
+ * @author <a href="mailto:bombe@pterodactylus.net">David ‘Bombe’ Roden</a>
+ */
+public class DeleteReplyPageTest {
+
+       @Rule
+       public final ExpectedException expectedException = ExpectedException.none();
+
+       private final Template template = new Template();
+       private final WebInterface webInterface = mock(WebInterface.class, RETURNS_DEEP_STUBS);
+       private final DeleteReplyPage page = new DeleteReplyPage(template, webInterface);
+       private final TemplateContext templateContext = new TemplateContext();
+       private final FreenetRequest freenetRequest = mock(FreenetRequest.class);
+       private final HTTPRequest httpRequest = mock(HTTPRequest.class);
+
+       @Before
+       public void setupWebInterface() {
+               when(webInterface.getNotifications(Matchers.any(Sone.class))).thenReturn(Collections.<Notification>emptyList());
+       }
+
+       @Before
+       public void setupHttpRequest() {
+               when(freenetRequest.getHttpRequest()).thenReturn(httpRequest);
+       }
+
+       @Test
+       public void tryingToDeleteAReplyWithAnInvalidIdResultsInNoPermissionPage() throws Exception {
+               when(freenetRequest.getMethod()).thenReturn(Method.POST);
+               when(httpRequest.getPartAsStringFailsafe(eq("reply"), anyInt())).thenReturn("id");
+               when(webInterface.getCore().getPostReply("id")).thenReturn(Optional.<PostReply>absent());
+               expectedException.expect(redirectsTo("noPermission.html"));
+               page.processTemplate(freenetRequest, templateContext);
+       }
+
+}