inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

MNT-17427 : api/invite/cancel deletes records in the database with a GET: CSRF/XSS attack

Browse Source 
- delete the script/org/alfresco/repository/invite/invite.get
   - use the alternatives: script/org/alfresco/repository/site/invitation/invitation.post and script/org/alfresco/repository/site/invitation/invitation.delete
   - updating the tests
   - updating the controller for the invitation.delete to a java controller
   - fix test fallout (SiteServiceTest testInviteDisabledUser - expected error status code)
   - improve security by allowing only invitationIDs that belong the the site passed as parameter to be canceled
   - be consistent and return 404 when an invitationID can not be found

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@135255 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrei Rebegea
2017-02-20 09:04:45 +00:00
parent cff630061f
commit 02928e266a
12 changed files with 665 additions and 780 deletions
Download Patch File Download Diff File Expand all files Collapse all files

167
source/test-java/org/alfresco/repo/web/scripts/invitation/InvitationWebScriptTest.java
View File

@@ -25,37 +25,39 @@
*/
package org.alfresco.repo.web.scripts.invitation;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.invitation.InvitationServiceImpl;
import org.alfresco.repo.invitation.WorkflowModelNominatedInvitation;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.site.SiteModel;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.repo.web.scripts.BaseWebScriptTest;
import org.alfresco.repo.web.scripts.invite.InviteServiceTest;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.site.SiteVisibility;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.GUID;
import org.alfresco.util.PropertyMap;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.springframework.extensions.webscripts.TestWebScriptServer.DeleteRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.GetRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.PostRequest;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.invitation.InvitationServiceImpl;
import org.alfresco.repo.invitation.WorkflowModelNominatedInvitation;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.site.SiteModel;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.repo.web.scripts.BaseWebScriptTest;
import org.alfresco.repo.web.scripts.invite.InviteServiceTest;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.site.SiteVisibility;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.GUID;
import org.alfresco.util.PropertyMap;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.springframework.extensions.webscripts.TestWebScriptServer.DeleteRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.GetRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.PostRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.Response;
/**
@@ -498,25 +500,25 @@ public class InvitationWebScriptTest extends BaseWebScriptTest
// Reset back to default
this.invitationServiceImpl.setNominatedInvitationWorkflowId(
WorkflowModelNominatedInvitation.WORKFLOW_DEFINITION_NAME_ACTIVITI_ADD_DIRECT);
}
private void checkJSONInvitations(JSONArray data) throws JSONException
{
for (int i = 0; i < data.length(); i++)
{
JSONObject invitation = data.getJSONObject(i);
String userId = invitation.getString("inviteeUserName");
// Check invitee info for Nominated invitation.
Map<String, String> expectedProps = userProperties.get(userId);
JSONObject invitee = invitation.getJSONObject("invitee");
assertNotNull(invitee);
assertEquals("User name is wrong for user: " + i, userId, invitee.getString("userName"));
assertEquals("Avatar URI is wrong for user: " + i, expectedProps.get("avatar"), invitee.getString("avatar"));
assertEquals("First name is wrong!", expectedProps.get("firstName"), invitee.getString("firstName"));
assertEquals("Last name is wrong!", expectedProps.get("lastName"), invitee.getString("lastName"));
}
}
}
private void checkJSONInvitations(JSONArray data) throws JSONException
{
for (int i = 0; i < data.length(); i++)
{
JSONObject invitation = data.getJSONObject(i);
String userId = invitation.getString("inviteeUserName");
// Check invitee info for Nominated invitation.
Map<String, String> expectedProps = userProperties.get(userId);
JSONObject invitee = invitation.getJSONObject("invitee");
assertNotNull(invitee);
assertEquals("User name is wrong for user: " + i, userId, invitee.getString("userName"));
assertEquals("Avatar URI is wrong for user: " + i, expectedProps.get("avatar"), invitee.getString("avatar"));
assertEquals("First name is wrong!", expectedProps.get("firstName"), invitee.getString("firstName"));
assertEquals("Last name is wrong!", expectedProps.get("lastName"), invitee.getString("lastName"));
}
}
public static String makeAvatar(final NodeService nodeService, final NodeRef person)
{
@@ -563,7 +565,70 @@ public class InvitationWebScriptTest extends BaseWebScriptTest
createdInvitations.add(new Tracker(inviteId, siteName));
return inviteId;
}
}
public void testDeleteInvitation() throws Exception
{
String nominatedId = null;
String shortNameSiteA = GUID.generate();
// Create a site where the action will take place
createSite("myPreset", shortNameSiteA, "myTitle", "myDescription", SiteVisibility.PUBLIC, 200);
// create an invitation for an external user
{
String inviteeFirstName = "Buffy" + GUID.generate();
String inviteeLastName = "Summers";
String inviteeEmail = "inviteeVA3Rtu@alfrescotesting.com";
// set null in order to create an InvitationWorkflowType.NOMINATED_EXTERNAL invitation
String inviteeUserName = null;
String serverPath = "http://localhost:8081/share/";
String acceptURL = "page/accept-invite";
String rejectURL = "page/reject-invite";
// Create an external nominated invitation on SiteA
nominatedId = createNominatedInvitation(shortNameSiteA, inviteeFirstName, inviteeLastName, inviteeEmail, inviteeUserName,
SiteModel.SITE_COLLABORATOR, serverPath, acceptURL, rejectURL);
}
// search for all invitations to site A: one nominated should be found for user Buffy... Summers
{
JSONArray data = queryCurrentInvitationList(shortNameSiteA);
assertEquals("Wrong number of invitations!", 1, data.length());
JSONObject nominatedInv = getInvitation(nominatedId, data);
assertNotNull("Nominated invitation to Site A not present!", nominatedInv);
}
// now delete it
deleteInvitation(nominatedId, shortNameSiteA, 200);
// list the pending invitations and check that it is empty
{
JSONArray data = queryCurrentInvitationList(shortNameSiteA);
assertEquals("Wrong number of invitations!", 0, data.length());
JSONObject nominatedInv = getInvitation(nominatedId, data);
assertNull("Nominated invitation to Site A present!", nominatedInv);
}
// deleting the invitation was successful
}
private JSONArray queryCurrentInvitationList(String shortNameSiteA) throws IOException, JSONException, UnsupportedEncodingException
{
String allSiteAUrl = URL_SITES + "/" + shortNameSiteA + "/invitations";
Response response = sendRequest(new GetRequest(allSiteAUrl), 200);
JSONObject top = new JSONObject(response.getContentAsString());
return top.getJSONArray("data");
}
void deleteInvitation(String invitationID, String siteShortName, int expectedStatus) throws Exception
{
assertNotNull(invitationID);
assertNotNull(siteShortName);
assertFalse(invitationID.isEmpty());
assertFalse(siteShortName.isEmpty());
Response response = sendRequest(new DeleteRequest(URL_SITES + "/" + siteShortName + "/invitations/" + invitationID), expectedStatus);
assertNotNull(new JSONObject(response.getContentAsString()));
}
private String createModeratedInvitation(String siteName, String inviteeComments, String inviteeUserName,
String inviteeRoleName) throws Exception

407
source/test-java/org/alfresco/repo/web/scripts/invite/InviteServiceTest.java
View File

@@ -25,57 +25,51 @@
*/
package org.alfresco.repo.web.scripts.invite;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.action.executer.MailActionExecuter;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.invitation.InvitationServiceImpl;
import org.alfresco.repo.invitation.WorkflowModelNominatedInvitation;
import org.alfresco.repo.invitation.script.ScriptInvitationService;
import org.alfresco.repo.invitation.site.InviteInfo;
import org.alfresco.repo.management.subsystems.ChildApplicationContextFactory;
import org.alfresco.repo.node.archive.NodeArchiveService;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
import org.alfresco.repo.site.SiteModel;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.repo.web.scripts.BaseWebScriptTest;
import org.alfresco.repo.workflow.activiti.ActivitiConstants;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.service.cmr.site.SiteVisibility;
import org.alfresco.service.cmr.workflow.WorkflowDefinition;
import org.alfresco.service.cmr.workflow.WorkflowInstance;
import org.alfresco.service.cmr.workflow.WorkflowService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.GUID;
import org.alfresco.util.PropertyMap;
import org.apache.commons.lang.RandomStringUtils;
import org.json.JSONArray;
import org.json.JSONObject;
import org.junit.Test;
import org.springframework.context.ApplicationContext;
import org.springframework.core.io.ClassPathResource;
import org.springframework.extensions.surf.util.URLEncoder;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.TestWebScriptServer;
import org.springframework.extensions.webscripts.TestWebScriptServer.GetRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.PostRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.PutRequest;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.action.executer.MailActionExecuter;
import org.alfresco.repo.invitation.InvitationServiceImpl;
import org.alfresco.repo.invitation.WorkflowModelNominatedInvitation;
import org.alfresco.repo.invitation.script.ScriptInvitationService;
import org.alfresco.repo.invitation.site.InviteInfo;
import org.alfresco.repo.management.subsystems.ChildApplicationContextFactory;
import org.alfresco.repo.node.archive.NodeArchiveService;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
import org.alfresco.repo.site.SiteModel;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.repo.web.scripts.BaseWebScriptTest;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.service.cmr.site.SiteVisibility;
import org.alfresco.service.cmr.workflow.WorkflowDefinition;
import org.alfresco.service.cmr.workflow.WorkflowInstance;
import org.alfresco.service.cmr.workflow.WorkflowService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.GUID;
import org.alfresco.util.PropertyMap;
import org.apache.commons.lang.RandomStringUtils;
import org.json.JSONArray;
import org.json.JSONObject;
import org.junit.Test;
import org.springframework.context.ApplicationContext;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.TestWebScriptServer;
import org.springframework.extensions.webscripts.TestWebScriptServer.DeleteRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.GetRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.PostRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.PutRequest;
import org.springframework.extensions.webscripts.TestWebScriptServer.Response;
/**
@@ -86,7 +80,6 @@ import org.springframework.extensions.webscripts.TestWebScriptServer.Response;
public class InviteServiceTest extends BaseWebScriptTest
{
// member variables for service instances
private AuthorityService authorityService;
private MutableAuthenticationService authenticationService;
private AuthenticationComponent authenticationComponent;
private PersonService personService;
@@ -94,7 +87,6 @@ public class InviteServiceTest extends BaseWebScriptTest
private NodeService nodeService;
private WorkflowService workflowService;
private MutableAuthenticationDao mutableAuthenticationDao;
private NamespaceService namespaceService;
private TransactionService transactionService;
private NodeArchiveService nodeArchiveService;
private InvitationServiceImpl invitationServiceImpl;
@@ -120,10 +112,9 @@ public class InviteServiceTest extends BaseWebScriptTest
private static final String SITE_SHORT_NAME_INVITE_3 = "SiteThreeInviteTest";
private static final String URL_INVITE = "/api/invite";
private static final String URL_INVITES = "/api/invites";
private static final String URL_INVITES = "/api/invites";
private static final String INVITE_ACTION_START = "start";
private static final String INVITE_ACTION_CANCEL = "cancel";
private static final String URL_SITES = "/api/sites";
@Override
protected void setUp() throws Exception
@@ -137,7 +128,6 @@ public class InviteServiceTest extends BaseWebScriptTest
AuthenticationUtil.clearCurrentSecurityContext();
// get references to services
this.authorityService = (AuthorityService) getServer().getApplicationContext().getBean("AuthorityService");
this.authenticationService = (MutableAuthenticationService) getServer().getApplicationContext()
.getBean("AuthenticationService");
this.authenticationComponent = (AuthenticationComponent) getServer().getApplicationContext()
@@ -148,15 +138,12 @@ public class InviteServiceTest extends BaseWebScriptTest
this.workflowService = (WorkflowService) getServer().getApplicationContext().getBean("WorkflowService");
this.mutableAuthenticationDao = (MutableAuthenticationDao) getServer().getApplicationContext()
.getBean("authenticationDao");
this.namespaceService = (NamespaceService) getServer().getApplicationContext().getBean("NamespaceService");
this.transactionService = (TransactionService) getServer().getApplicationContext()
.getBean("TransactionService");
this.nodeArchiveService = (NodeArchiveService)getServer().getApplicationContext().getBean("nodeArchiveService");
this.invitationServiceImpl = (InvitationServiceImpl) getServer().getApplicationContext().getBean("invitationService");
ScriptInvitationService scriptInvitationService = (ScriptInvitationService) getServer().getApplicationContext().getBean("invitationServiceScript");
scriptInvitationService.setSiteService(this.siteService);
Invite invite = (Invite) getServer().getApplicationContext().getBean("webscript.org.alfresco.repository.invite.invite.get");
invite.setSiteService(this.siteService);
configureMailExecutorForTestMode(this.getServer());
@@ -333,9 +320,17 @@ public class InviteServiceTest extends BaseWebScriptTest
for (NodeRef person : people)
{
String userName = DefaultTypeConverter.INSTANCE.convert(String.class,
InviteServiceTest.this.nodeService.getProperty(person, ContentModel.PROP_USERNAME));
// delete person
deletePersonByUserName(userName);
InviteServiceTest.this.nodeService.getProperty(person, ContentModel.PROP_USERNAME));
try
{
// delete person
deletePersonByUserName(userName);
}
catch (Exception exp)
{
//sometimes, when running single tests, not all users are initialized properly
exp.printStackTrace();
}
}
}
@@ -424,23 +419,17 @@ public class InviteServiceTest extends BaseWebScriptTest
throws Exception
{
this.inviteeEmailAddrs.add(inviteeEmail);
// Inviter sends invitation to Invitee to join a Site
String startInviteUrl = URL_INVITE + "/" + INVITE_ACTION_START
+ "?inviteeFirstName=" + inviteeFirstName + "&inviteeLastName="
+ inviteeLastName + "&inviteeEmail="
+ URLEncoder.encode(inviteeEmail) + "&siteShortName="
+ siteShortName + "&inviteeSiteRole=" + inviteeSiteRole
+ "&serverPath=" + "http://localhost:8081/share/"
+ "&acceptUrl=" + "page/accept-invite"
+ "&rejectUrl=" + "page/reject-invite";
Response response = sendRequest(new GetRequest(startInviteUrl), expectedStatus);
JSONObject result = new JSONObject(response.getContentAsString());
String serverPath = "http://localhost:8081/share/";
String acceptURL = "page/accept-invite";
String rejectURL = "page/reject-invite";
// set null in order to create an InvitationWorkflowType.NOMINATED_EXTERNAL invitation
String inviteeUserName = null;
JSONObject result = createNominatedInvitation(siteShortName, inviteeFirstName, inviteeLastName, inviteeEmail, inviteeUserName,
inviteeSiteRole, serverPath, acceptURL, rejectURL, expectedStatus);
return result;
}
}
private JSONObject startInvite(String inviteeFirstName,
String inviteeLastName, String inviteeSiteRole, String siteShortName, int expectedStatus)
@@ -452,20 +441,64 @@ public class InviteServiceTest extends BaseWebScriptTest
return startInvite(inviteeFirstName, inviteeLastName, inviteeEmail, inviteeSiteRole, siteShortName,
expectedStatus);
}
private JSONObject cancelInvite(String inviteId, String siteShortName, int expectedStatus) throws Exception
{
String cancelInviteUrl = URL_INVITE + "/" + INVITE_ACTION_CANCEL + "?inviteId=" + inviteId;
if (siteShortName != null && !siteShortName.isEmpty())
{
cancelInviteUrl = cancelInviteUrl + "&siteShortName=" + siteShortName;
}
Response response = sendRequest(new GetRequest(cancelInviteUrl), expectedStatus);
;
JSONObject result = new JSONObject(response.getContentAsString());
return result;
}
private JSONObject cancelInvite(String inviteId, String siteShortName, int expectedStatus) throws Exception
{
return deleteInvitation(inviteId, siteShortName, expectedStatus);
}
/**
* Adapted from similar method in org.alfresco.repo.web.scripts.invitation.InvitationWebScriptTest
*/
JSONObject deleteInvitation(String invitationID, String siteShortName, int expectedStatus) throws Exception
{
assertNotNull(invitationID);
assertNotNull(siteShortName);
assertFalse(invitationID.isEmpty());
assertFalse(siteShortName.isEmpty());
Response response = sendRequest(new DeleteRequest(URL_SITES + "/" + siteShortName + "/invitations/" + invitationID), expectedStatus);
JSONObject jsonResponse = new JSONObject(response.getContentAsString());
assertNotNull(jsonResponse);
return jsonResponse;
}
/**
* Adapted from similar method in org.alfresco.repo.web.scripts.invitation.InvitationWebScriptTest
*/
private JSONObject createNominatedInvitation(String siteName, String inviteeFirstName, String inviteeLastName, String inviteeEmail,
String inviteeUserName, String inviteeRoleName, String serverPath, String acceptURL, String rejectURL, int expectedStatus)
throws Exception
{
/*
* Create a new nominated invitation
*/
JSONObject newInvitation = new JSONObject();
newInvitation.put("invitationType", "NOMINATED");
newInvitation.put("inviteeRoleName", inviteeRoleName);
if (inviteeUserName != null)
{
// nominate an existing user
newInvitation.put("inviteeUserName", inviteeUserName);
}
else
{
// nominate someone else
newInvitation.put("inviteeFirstName", inviteeFirstName);
newInvitation.put("inviteeLastName", inviteeLastName);
newInvitation.put("inviteeEmail", inviteeEmail);
}
newInvitation.put("serverPath", serverPath);
newInvitation.put("acceptURL", acceptURL);
newInvitation.put("rejectURL", rejectURL);
Response response = sendRequest(new PostRequest(URL_SITES + "/" + siteName + "/invitations", newInvitation.toString(), "application/json"),
expectedStatus);
JSONObject result = new JSONObject(response.getContentAsString());
return result;
}
private JSONObject rejectInvite(String inviteId, String inviteTicket, int expectedStatus) throws Exception
{
@@ -569,15 +602,15 @@ public class InviteServiceTest extends BaseWebScriptTest
public void testStartInvite() throws Exception
{
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
assertEquals(INVITE_ACTION_START, result.get("action"));
assertEquals(INVITEE_FIRSTNAME, result.get("inviteeFirstName"));
assertEquals(INVITEE_LASTNAME, result.get("inviteeLastName"));
assertEquals(this.inviteeEmailAddrs
.get(this.inviteeEmailAddrs.size() - 1), result
.get("inviteeEmail"));
assertEquals(SITE_SHORT_NAME_INVITE_1, result.get("siteShortName"));
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
JSONObject data = result.getJSONObject("data");
JSONObject inviteeData = data.getJSONObject("invitee");
assertEquals(INVITEE_FIRSTNAME, inviteeData.get("firstName"));
assertEquals(INVITEE_LASTNAME, inviteeData.get("lastName"));
assertEquals(this.inviteeEmailAddrs.get(this.inviteeEmailAddrs.size() - 1),
inviteeData.get("email"));
assertEquals(SITE_SHORT_NAME_INVITE_1, data.get("resourceName"));
}
public void testStartInviteWhenInviteeIsAlreadyMemberOfSite()
@@ -625,25 +658,13 @@ public class InviteServiceTest extends BaseWebScriptTest
// Should go through
startInvite(INVITEE_FIRSTNAME, "Belzebub", inviteeEmailAddr, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// Should go through
startInvite("Lucifer", INVITEE_LASTNAME, inviteeEmailAddr, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
}
// public void testStartInviteWhenAlreadyInProgress()
// throws Exception
// {
// JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
// SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
//
// String inviteeEmail = (String) result.get("inviteeEmail");
//
// startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE,
// SITE_SHORT_NAME_INVITE_1, Status.STATUS_CONFLICT);
// }
//
public void testStartInviteForSameInviteeButTwoDifferentSites()
throws Exception
{
@@ -660,34 +681,57 @@ public class InviteServiceTest extends BaseWebScriptTest
}
}, AuthenticationUtil.getSystemUserName());
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_OK);
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1,
Status.STATUS_CREATED);
startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_CREATED);
}
public void testCancelInvite() throws Exception
{
// inviter starts invite workflow
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of invite ID of started invite
String inviteId = result.getString("inviteId");
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
// Inviter cancels pending invitation
cancelInvite(inviteId, null, Status.STATUS_OK);
}
cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
}
public void testCancelInviteWithDifferentSiteIDInRequest() throws Exception
{
// inviter starts invite workflow
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of invite ID of started invite
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
// Inviter cancels pending invitation but uses the wrong siteID in the request
cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_2, Status.STATUS_FORBIDDEN);
}
public void testCancelInviteWithInvalidInviteID() throws Exception
{
// Inviter cancels pending invitation but user a wrong/invalid invidationID
cancelInvite("activiti$1019999", SITE_SHORT_NAME_INVITE_1, Status.STATUS_NOT_FOUND);
}
public void testAcceptInvite() throws Exception
{
// inviter starts invite (sends out invitation)
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of invite ID and invite ticket of started invite
String inviteId = result.getString("inviteId");
String inviteTicket = result.getString("inviteTicket");
// get hold of invite ID and invite ticket of started invite
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
String inviteTicket = data.getString("inviteTicket");
// Invitee accepts invitation to a Site from Inviter
String acceptInviteUrl = URL_INVITE + "/" + inviteId + "/" + inviteTicket + "/accept";
@@ -718,11 +762,12 @@ public class InviteServiceTest extends BaseWebScriptTest
{
// inviter starts invite (sends out invitation)
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of invite ID of started invite
String inviteId = result.getString("inviteId");
String inviteTicket = result.getString("inviteTicket");
// get hold of invite ID of started invite
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
String inviteTicket = data.getString("inviteTicket");
rejectInvite(inviteId, inviteTicket, Status.STATUS_OK);
@@ -753,11 +798,12 @@ public class InviteServiceTest extends BaseWebScriptTest
{
// inviter starts invite (sends out invitation)
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, INVITEE_SITE_ROLE,
SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
String inviteId = result.getString("inviteId");
String inviteTicket = result.getString("inviteTicket");
String inviteeUserName = result.getString("inviteeUserName");
SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
String inviteTicket = data.getString("inviteTicket");
String inviteeUserName = data.getString("inviteeUserName");
// get inviteInfo about invitation
result = getInviteInfo(inviteId, inviteTicket, inviteeUserName);
// get status of current invitation
@@ -791,12 +837,12 @@ public class InviteServiceTest extends BaseWebScriptTest
public void testGetInvitesByInviteId() throws Exception
{
// inviter starts invite workflow
JSONObject startInviteResult = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
JSONObject result = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of workflow ID of started invite workflow instance
String inviteId = startInviteResult.getString("inviteId");
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
assertEquals(true, ((inviteId != null) && (inviteId.length() != 0)));
@@ -815,7 +861,7 @@ public class InviteServiceTest extends BaseWebScriptTest
{
// inviter starts invite workflow
startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get pending invites matching inviter user name used in invite started
// above
@@ -831,18 +877,17 @@ public class InviteServiceTest extends BaseWebScriptTest
public void testGetInvitesByInviteeUserName() throws Exception
{
// inviter starts invite workflow
JSONObject startInviteResult = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
JSONObject result = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of invitee user name property of started invite workflow
// instance
String inviteeUserName = startInviteResult.getString("inviteeUserName");
// get hold of invitee user name property of started invite workflow instance
JSONObject data = result.getJSONObject("data");
String inviteeUserName = data.getString("inviteeUserName");
assertEquals(true, ((inviteeUserName != null) && (inviteeUserName
.length() != 0)));
// get pending invites matching invitee user name from invite started
// above
// get pending invites matching invitee user name from invite started above
JSONObject getInvitesResult = getInvitesByInviteeUserName(
inviteeUserName, Status.STATUS_OK);
@@ -856,18 +901,16 @@ public class InviteServiceTest extends BaseWebScriptTest
public void testGetInvitesBySiteShortName() throws Exception
{
// inviter starts invite workflow
JSONObject startInviteResult = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
JSONObject result = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of site short name property of started invite workflow
// instance
String siteShortName = startInviteResult.getString("siteShortName");
// get hold of site short name property of started invite workflow instance
JSONObject data = result.getJSONObject("data");
String siteShortName = data.getString("resourceName");
assertEquals(true,
((siteShortName != null) && (siteShortName.length() != 0)));
assertEquals(true, ((siteShortName != null) && (siteShortName.length() != 0)));
// get pending invites matching site short name from invite started
// above
// get pending invites matching site short name from invite started above
JSONObject getInvitesResult = getInvitesBySiteShortName(siteShortName,
Status.STATUS_OK);
@@ -890,27 +933,30 @@ public class InviteServiceTest extends BaseWebScriptTest
{
// inviter (who is Site Manager of the given site) starts invite workflow
JSONObject result = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_3, Status.STATUS_OK);
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_3, Status.STATUS_CREATED);
// get hold of invite ID of started invite
String inviteId = result.getString("inviteId");
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
// when inviter 2 (who is not Site Manager of the given site) tries to cancel invite
// http status FORBIDDEN must be returned
AuthenticationUtil.setFullyAuthenticatedUser(USER_INVITER_2);
cancelInvite(inviteId, null, Status.STATUS_FORBIDDEN);
//TODO cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_3, Status.STATUS_FORBIDDEN);
cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_3, Status.STATUS_FORBIDDEN);
}
public void testInviteeResourcesDeletedUponRejectWhenNoInvitePending() throws Exception
{
// inviter starts invite workflow
JSONObject result = startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
// get hold of properties of started invite
String inviteId = result.getString("inviteId");
String inviteTicket = result.getString("inviteTicket");
final String inviteeUserName = result.getString("inviteeUserName");
// get hold of properties of started invite
JSONObject data = result.getJSONObject("data");
String inviteId = data.getString("inviteId");
String inviteTicket = data.getString("inviteTicket");
final String inviteeUserName = data.getString("inviteeUserName");
rejectInvite(inviteId, inviteTicket, Status.STATUS_OK);
@@ -950,17 +996,19 @@ public class InviteServiceTest extends BaseWebScriptTest
return null;
}
}, AuthenticationUtil.getSystemUserName());
// inviter invites invitee to site 1
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1,
Status.STATUS_CREATED);
// inviter invites invitee to site 1
JSONObject result = startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
// get hold of properties of started invite
String invite1Id = result.getString("inviteId");
String invite1Ticket = result.getString("inviteTicket");
final String inviteeUserName = result.getString("inviteeUserName");
// get hold of properties of started invite
JSONObject data = result.getJSONObject("data");
String invite1Id = data.getString("inviteId");
String invite1Ticket = data.getString("inviteTicket");
final String inviteeUserName = data.getString("inviteeUserName");
// inviter invites invitee to site 2
startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_OK);
startInvite(INVITEE_FIRSTNAME, INVITEE_LASTNAME, inviteeEmail, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_2, Status.STATUS_CREATED);
rejectInvite(invite1Id, invite1Ticket, Status.STATUS_OK);
@@ -1024,7 +1072,7 @@ public class InviteServiceTest extends BaseWebScriptTest
// Try and add an existing person to the site with no email address
// Should return bad request since the email address has not been provided
startInvite(PERSON_FIRSTNAME, PERSON_LASTNAME, emailAddress, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, 400);
startInvite(PERSON_FIRSTNAME, PERSON_LASTNAME, emailAddress, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_1, Status.STATUS_BAD_REQUEST);
}
public void testMNT9905() throws Exception
@@ -1057,12 +1105,12 @@ public class InviteServiceTest extends BaseWebScriptTest
{
String manag = manager;
startInvite(manag, manag, SiteModel.SITE_MANAGER, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
startInvite(manag, manag, SiteModel.SITE_MANAGER, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
siteService.setMembership(SITE_SHORT_NAME_INVITE_1, manag, SiteModel.SITE_MANAGER);
}
InviteServiceTest.this.authenticationComponent.setCurrentUser(managerUsersArr[0]);
JSONObject collInv = startInvite(collaborator, collaborator, SiteModel.SITE_COLLABORATOR, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
JSONObject collInv = startInvite(collaborator, collaborator, SiteModel.SITE_COLLABORATOR, SITE_SHORT_NAME_INVITE_1, Status.STATUS_CREATED);
siteService.setMembership(SITE_SHORT_NAME_INVITE_1, collaborator, SiteModel.SITE_COLLABORATOR);
// get pending invites matching inviter user name used in invite started
@@ -1098,8 +1146,9 @@ public class InviteServiceTest extends BaseWebScriptTest
// 'InviterUser')
assertEquals(4, siteUsers.size());
// cancel invite different manager
String inviteId = (String) collInv.get("inviteId");
// cancel invite different manager
JSONObject data = collInv.getJSONObject("data");
String inviteId = (String) data.get("inviteId");
cancelInvite(inviteId, SITE_SHORT_NAME_INVITE_1, Status.STATUS_OK);
}
finally

52
source/test-java/org/alfresco/repo/web/scripts/site/SiteServiceTest.java
View File

@@ -1,28 +1,28 @@
/*
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
/*
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.web.scripts.site;
import java.io.Serializable;
@@ -960,7 +960,7 @@ public class SiteServiceTest extends AbstractSiteServiceTest
String rejectURL = "page/reject-invite";
authenticationService.setAuthenticationEnabled(username, false);
createNominatedInvitation(siteShortName, firstName, lastName, email, username, SiteModel.SITE_CONSUMER, serverPath, acceptURL, rejectURL, 500);
createNominatedInvitation(siteShortName, firstName, lastName, email, username, SiteModel.SITE_CONSUMER, serverPath, acceptURL, rejectURL, 409);
fail("The user " + username + " is disabled and cannot be invited");
}
catch (JSONException e)