From 84292ecc832358ce0a27362652b108b280767fca Mon Sep 17 00:00:00 2001 From: =?utf8?q?David=20=E2=80=98Bombe=E2=80=99=20Roden?= Date: Tue, 28 Jun 2016 21:35:38 +0200 Subject: [PATCH] Fix NPE when deleting invalid replies --- .../pterodactylus/sone/web/DeleteReplyPage.java | 2 +- .../sone/web/DeleteReplyPageTest.java | 65 ++++++++++++++++++++++ 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 src/test/java/net/pterodactylus/sone/web/DeleteReplyPageTest.java diff --git a/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java b/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java index 240271c..0cd6b4f 100644 --- a/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java +++ b/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java @@ -58,7 +58,7 @@ public class DeleteReplyPage extends SoneTemplatePage { Optional reply = webInterface.getCore().getPostReply(replyId); String returnPage = request.getHttpRequest().getPartAsStringFailsafe("returnPage", 256); if (request.getMethod() == Method.POST) { - if (!reply.get().getSone().isLocal()) { + if (!reply.isPresent() || !reply.get().getSone().isLocal()) { throw new RedirectException("noPermission.html"); } if (request.getHttpRequest().isPartSet("confirmDelete")) { diff --git a/src/test/java/net/pterodactylus/sone/web/DeleteReplyPageTest.java b/src/test/java/net/pterodactylus/sone/web/DeleteReplyPageTest.java new file mode 100644 index 0000000..80c8a2f --- /dev/null +++ b/src/test/java/net/pterodactylus/sone/web/DeleteReplyPageTest.java @@ -0,0 +1,65 @@ +package net.pterodactylus.sone.web; + +import static net.pterodactylus.sone.web.WebTestUtils.redirectsTo; +import static org.mockito.Matchers.anyInt; +import static org.mockito.Matchers.eq; +import static org.mockito.Mockito.RETURNS_DEEP_STUBS; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import java.util.Collections; + +import net.pterodactylus.sone.data.PostReply; +import net.pterodactylus.sone.data.Sone; +import net.pterodactylus.sone.web.page.FreenetRequest; +import net.pterodactylus.util.notify.Notification; +import net.pterodactylus.util.template.Template; +import net.pterodactylus.util.template.TemplateContext; +import net.pterodactylus.util.web.Method; + +import freenet.support.api.HTTPRequest; + +import com.google.common.base.Optional; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; +import org.mockito.Matchers; + +/** + * Unit test for {@link DeleteReplyPage}. + * + * @author David ‘Bombe’ Roden + */ +public class DeleteReplyPageTest { + + @Rule + public final ExpectedException expectedException = ExpectedException.none(); + + private final Template template = new Template(); + private final WebInterface webInterface = mock(WebInterface.class, RETURNS_DEEP_STUBS); + private final DeleteReplyPage page = new DeleteReplyPage(template, webInterface); + private final TemplateContext templateContext = new TemplateContext(); + private final FreenetRequest freenetRequest = mock(FreenetRequest.class); + private final HTTPRequest httpRequest = mock(HTTPRequest.class); + + @Before + public void setupWebInterface() { + when(webInterface.getNotifications(Matchers.any(Sone.class))).thenReturn(Collections.emptyList()); + } + + @Before + public void setupHttpRequest() { + when(freenetRequest.getHttpRequest()).thenReturn(httpRequest); + } + + @Test + public void tryingToDeleteAReplyWithAnInvalidIdResultsInNoPermissionPage() throws Exception { + when(freenetRequest.getMethod()).thenReturn(Method.POST); + when(httpRequest.getPartAsStringFailsafe(eq("reply"), anyInt())).thenReturn("id"); + when(webInterface.getCore().getPostReply("id")).thenReturn(Optional.absent()); + expectedException.expect(redirectsTo("noPermission.html")); + page.processTemplate(freenetRequest, templateContext); + } + +} -- 2.7.4