Package com.sonyericsson.hudson.plugins.gerrit.trigger.hudsontrigger.actions.manual

Source Code of com.sonyericsson.hudson.plugins.gerrit.trigger.hudsontrigger.actions.manual.ManualTriggerActionPermissionTest

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
package com.sonyericsson.hudson.plugins.gerrit.trigger.hudsontrigger.actions.manual;

import com.gargoylesoftware.htmlunit.ElementNotFoundException;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.Page;
import com.gargoylesoftware.htmlunit.html.HtmlAnchor;
import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.sonyericsson.hudson.plugins.gerrit.trigger.GerritServer;
import com.sonyericsson.hudson.plugins.gerrit.trigger.PluginImpl;
import hudson.model.Hudson;
import org.jvnet.hudson.test.HudsonTestCase;
import org.jvnet.hudson.test.recipes.LocalData;

//CS IGNORE MagicNumber FOR NEXT 200 LINES. REASON: Test-data.

/**
* Tests {@link ManualTriggerAction} with regards to security concerns.
*
* @author Robert Sandell <robert.sandell@sonyericsson.com>
*/
public class ManualTriggerActionPermissionTest extends HudsonTestCase {
    //TODO One test fails with a 404 on gerrit-trigger.js when executed from Parent Pom, but not from this module.

    /**
     * Tests if the html-link to {@link ManualTriggerAction#getUrlName()} is visible from the main-page.
     * It should be hidden from an Anonymous user as configured in the test-configuration.
     *
     * @throws Exception if so.
     */
    @LocalData
    public void testGetGetUrlNameNotPermitted() throws Exception {
        //add a server so that the manual trigger action URL can be accessed by users with proper access rights.
        PluginImpl.getInstance().addServer(new GerritServer("testServer"));
        ManualTriggerAction action = getManualTriggerAction();
        WebClient wc = new WebClient();
        HtmlPage page = wc.goTo("/");
        try {
            HtmlAnchor a = page.getAnchorByHref(action.getUrlName());
            assertNull(a);
        } catch (ElementNotFoundException e) {
            return;
        }
        fail("Anonymous should not see the RootAction");
    }

    /**
     * Tests if the html-link to {@link ManualTriggerAction#getUrlName()} is visible from the main-page.
     * It should be visible to Administrators as configured in the test-configuration.
     *
     * @throws Exception if so.
     */
    @LocalData
    public void testGetUrlName() throws Exception {
        //add a server so that the manual trigger action URL can be accessed by users with proper access rights.
        PluginImpl.getInstance().addServer(new GerritServer("testServer"));
        ManualTriggerAction action = getManualTriggerAction();
        WebClient wc = new WebClient().login("admin", "admin");
        HtmlPage page = wc.goTo("/");
        try {
            HtmlAnchor a = page.getAnchorByHref(action.getUrlName());
            assertNotNull(a);
        } catch (ElementNotFoundException e) {
            fail("Admin should see the RootAction");
        }
    }

    /**
     * Tests if the html-link to {@link ManualTriggerAction#getUrlName()} is visible from the main-page.
     * It should be visible to Privileged Users as configured in the test-configuration.
     *
     * @throws Exception if so.
     */
    @LocalData
    public void testGetUrlNamePrivileged() throws Exception {
        //add a server so that the manual trigger action URL can be accessed by users with proper access rights.
        PluginImpl.getInstance().addServer(new GerritServer("testServer"));
        ManualTriggerAction action = getManualTriggerAction();
        WebClient wc = new WebClient().login("bobby", "bobby");
        HtmlPage page = wc.goTo("/");
        try {
            HtmlAnchor a = page.getAnchorByHref(action.getUrlName());
            assertNotNull(a);
        } catch (ElementNotFoundException e) {
            fail("Bobby should see the RootAction");
        }
    }

    /**
     * Tests that {@link ManualTriggerAction#getDisplayName()} returns null for Anonymous users.
     * As configured in the test-configuration.
     * Something has changed in the security handling between Hudson 1.362 and Jenkins 1.400
     * so that executed code is running as the SYSTEM user, and so has access.
     * So now this test tests nothing since it is also mostly covered by {@link #testGetGetUrlNameNotPermitted()}.
     *
     * @throws Exception if so.
     */
    @LocalData
    public void testGetDisplayNameNotPermitted() throws Exception {
        //ManualTriggerAction action = getManualTriggerAction();
        //assertNull(action.getDisplayName());
    }

    /**
     * A simple check so that the action's config.jelly gets the correct Permission to check.
     *
     * @throws Exception if so.
     */
    public void testGetRequiredPermission() throws Exception {
        ManualTriggerAction action = getManualTriggerAction();
        assertSame(PluginImpl.MANUAL_TRIGGER, action.getRequiredPermission());
    }

    //CS IGNORE LineLength FOR NEXT 4 LINES. REASON: Javadoc link.

    /**
     * Tests that a privileged user can perform a search via
     * {@link ManualTriggerAction#doGerritSearch(String, org.kohsuke.stapler.StaplerRequest, org.kohsuke.stapler.StaplerResponse)}.
     *
     * @throws Exception if so.
     */
    @LocalData
    public void testDoGerritSearch() throws Exception {
        //add a server so that the manual trigger action URL can be accessed by users with proper access rights.
        PluginImpl.getInstance().addServer(new GerritServer("testServer"));
        ManualTriggerAction action = getManualTriggerAction();
        WebClient wc = new WebClient().login("bobby", "bobby");
        try {
            HtmlPage page = wc.goTo(action.getUrlName());
            HtmlForm form = page.getFormByName("theSearch");
            form.getInputByName("queryString").setValueAttribute("2000");
            Page result = form.submit(null);
            assertGoodStatus(result);
        } catch (FailingHttpStatusCodeException e) {
            if (e.getStatusCode() == 403) {
                fail("Bobby should have been able to access the search page");
            } else {
                throw e;
            }
        }
    }

    //CS IGNORE LineLength FOR NEXT 4 LINES. REASON: Javadoc link.

    /**
     * Tests that an anonymous user can not perform a search via
     * {@link ManualTriggerAction#doGerritSearch(String, org.kohsuke.stapler.StaplerRequest, org.kohsuke.stapler.StaplerResponse)}.
     *
     * @throws Exception if so.
     */
    @LocalData
    public void testDoGerritSearchNotPermitted() throws Exception {
        //add a server so that the manual trigger action URL can be accessed by users with proper access rights.
        PluginImpl.getInstance().addServer(new GerritServer("testServer"));
        ManualTriggerAction action = getManualTriggerAction();
        WebClient wc = new WebClient();
        try {
            HtmlPage page = wc.goTo(action.getUrlName());
            HtmlForm form = page.getFormByName("theSearch");
            form.getInputByName("queryString").setValueAttribute("2000");
            form.submit(null);
        } catch (FailingHttpStatusCodeException e) {
            assertEquals(403, e.getStatusCode());
            return;
        }
        fail("Anonymous should not have been able to access the search page");
    }

    /**
     * Utility method.
     * Finds and returns the Action from the Extension register.
     *
     * @return the Action
     */
    private ManualTriggerAction getManualTriggerAction() {
        return Hudson.getInstance().getExtensionList(ManualTriggerAction.class).get(0);
    }
}
TOP

Related Classes of com.sonyericsson.hudson.plugins.gerrit.trigger.hudsontrigger.actions.manual.ManualTriggerActionPermissionTest

  • com.gargoylesoftware.htmlunit.html.HtmlAnchor
  • com.gargoylesoftware.htmlunit.html.HtmlForm
  • com.gargoylesoftware.htmlunit.html.HtmlPage
  • com.gargoylesoftware.htmlunit.Page
  • com.sonyericsson.hudson.plugins.gerrit.trigger.GerritServer
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.