String authn2Token = login(testUser2Username, testUser2Username);
// Make sure a user can can get their own information
String req = makeRequest(getUrl() + "/" + testUser.getId(), "GET", null,
authToken);
UserResponseDTO responseDTO = jsonToObject(req, TypeFactory.defaultInstance().constructType(UserResponseDTO.class));
assertEquals(testUser.getAlias(), responseDTO.getAlias());
assertEquals(testUser.getUsername(), responseDTO.getUsername());
// Make sure a user in the same account can get another user in the same account
responseDTO = jsonToObject(makeRequest(getUrl() + "/" + testUser3.getId(), "GET", null, authToken),
TypeFactory.defaultInstance().constructType(UserResponseDTO.class));
assertEquals(testUser3.getAlias(), responseDTO.getAlias());
assertEquals(testUser3.getUsername(), responseDTO.getUsername());
// Make sure a user in one account cannot get a user in another account
jsonToObject(makeRequest(getUrl() + "/" + testUser3.getId(), "GET", null, authn2Token),
TypeFactory.defaultInstance().constructType(ErrorMessage.class));
}