inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-21 18:09:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

REPO-1773: Validate ticket API call returns incorrect body with 404 status code

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@134044 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Matt Ward
2017-01-04 15:39:39 +00:00
parent d7177c4d34
commit dee0895e4a
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
source/java/org/alfresco/rest/api/impl/AuthenticationsImpl.java
View File

@@ -35,6 +35,7 @@ import org.alfresco.rest.api.People;
import org.alfresco.rest.api.model.LoginTicket;
import org.alfresco.rest.api.model.LoginTicketResponse;
import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
import org.alfresco.rest.framework.core.exceptions.NotFoundException;
import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
import org.alfresco.rest.framework.resource.parameters.Parameters;
import org.alfresco.rest.framework.webscripts.WithResponse;
@@ -114,12 +115,12 @@ public class AuthenticationsImpl implements Authentications
// or the user is not fully authenticated
if (currentUser == null || !currentUser.equals(ticketUser))
{
withResponse.setStatus(Status.STATUS_NOT_FOUND);
throw new NotFoundException(NotFoundException.DEFAULT_MESSAGE_ID, new String[] { ticket });
}
}
catch (AuthenticationException e)
{
withResponse.setStatus(Status.STATUS_NOT_FOUND);
throw new NotFoundException(NotFoundException.DEFAULT_MESSAGE_ID, new String[] { ticket });
}
LoginTicketResponse response = new LoginTicketResponse();
response.setId(ticket);
@@ -144,7 +145,7 @@ public class AuthenticationsImpl implements Authentications
// or the user is not fully authenticated
if (currentUser == null || !currentUser.equals(ticketUser))
{
withResponse.setStatus(Status.STATUS_NOT_FOUND);
throw new NotFoundException(NotFoundException.DEFAULT_MESSAGE_ID, new String[] { ticket });
}
else
{
@@ -154,7 +155,7 @@ public class AuthenticationsImpl implements Authentications
}
catch (AuthenticationException e)
{
withResponse.setStatus(Status.STATUS_NOT_FOUND);
throw new NotFoundException(NotFoundException.DEFAULT_MESSAGE_ID, new String[] { ticket });
}
}

6
source/test-java/org/alfresco/rest/api/tests/AuthenticationsTest.java
View File

@@ -35,6 +35,7 @@ import org.alfresco.rest.api.model.LoginTicket;
import org.alfresco.rest.api.model.LoginTicketResponse;
import org.alfresco.rest.api.sites.SiteEntityResource;
import org.alfresco.rest.api.tests.client.HttpResponse;
import org.alfresco.rest.api.tests.client.PublicApiClient;
import org.alfresco.rest.api.tests.client.PublicApiClient.Paging;
import org.alfresco.rest.api.tests.client.data.Document;
import org.alfresco.rest.api.tests.client.data.Folder;
@@ -134,7 +135,10 @@ public class AuthenticationsTest extends AbstractSingleNetworkSiteTest
setRequestContext(user1);
// Check the ticket has been invalidated - the difference with the above is that the API call is authorized
getSingle(TICKETS_URL, People.DEFAULT_USER, ticket, null, TICKETS_API_NAME, 404);
response = getSingle(TICKETS_URL, People.DEFAULT_USER, ticket, null, TICKETS_API_NAME, 404);
PublicApiClient.ExpectedErrorResponse error = RestApiUtil.parseErrorResponse(response.getJsonResponse());
// Double check that we've retrieved a standard error response (REPO-1773)
assertEquals(404, error.getStatusCode());
// Ticket has already been invalidated
delete(TICKETS_URL, People.DEFAULT_USER, ticket, null, TICKETS_API_NAME, 404);