PageRenderTime 21ms CodeModel.GetById 1ms RepoModel.GetById 0ms app.codeStats 0ms

/integration-tests/src/test/java/it/com/atlassian/confluence/plugins/macros/html/RssMacroWhitelistTestCase.java

https://bitbucket.org/atlassian/confluence-html-macros
Java | 199 lines | 164 code | 34 blank | 1 comment | 2 complexity | 2b3d3612f1fa1361155e7a417b580114 MD5 | raw file
    

  1. package it.com.atlassian.confluence.plugins.macros.html;
    2. 

  2. 

  3. import com.atlassian.confluence.api.model.content.Content;
    4. 

  4. import com.atlassian.confluence.api.model.content.ContentType;
    5. 

  5. import com.atlassian.confluence.rest.api.model.ExpansionsParser;
    6. 

  6. import com.atlassian.confluence.test.rest.api.ConfluenceRestClient;
    7. 

  7. import com.atlassian.confluence.test.rest.api.plugin.PluginRest;
    8. 

  8. import com.atlassian.confluence.test.stateless.ConfluenceStatelessTestRunner;
    9. 

  9. import com.atlassian.confluence.test.stateless.fixtures.Fixture;
    10. 

  10. import com.atlassian.confluence.test.stateless.fixtures.SpaceFixture;
    11. 

  11. import com.atlassian.confluence.test.stateless.fixtures.UserFixture;
    12. 

  12. import com.atlassian.confluence.webdriver.pageobjects.ConfluenceTestedProduct;
    13. 

  13. import com.atlassian.pageobjects.elements.PageElement;
    14. 

  14. import com.atlassian.plugins.whitelist.testing.WhitelistTestRule;
    15. 

  15. import org.junit.After;
    16. 

  16. import org.junit.AfterClass;
    17. 

  17. import org.junit.Before;
    18. 

  18. import org.junit.BeforeClass;
    19. 

  19. import org.junit.Test;
    20. 

  20. import org.junit.runner.RunWith;
    21. 

  21. import org.openqa.selenium.By;
    22. 

  22. 

  23. import javax.inject.Inject;
    24. 

  24. import java.io.IOException;
    25. 

  25. 

  26. import static com.atlassian.confluence.api.model.content.ContentRepresentation.WIKI;
    27. 

  27. import static com.atlassian.confluence.test.rpc.api.permissions.SpacePermission.ANONYMOUS_PERMISSIONS;
    28. 

  28. import static com.atlassian.confluence.test.rpc.api.permissions.SpacePermission.REGULAR_PERMISSIONS;
    29. 

  29. import static com.atlassian.confluence.test.stateless.fixtures.SpaceFixture.spaceFixture;
    30. 

  30. import static com.atlassian.confluence.test.stateless.fixtures.UserFixture.userFixture;
    31. 

  31. import static com.atlassian.pageobjects.elements.query.Poller.waitUntil;
    32. 

  32. import static com.atlassian.pageobjects.elements.query.Poller.waitUntilFalse;
    33. 

  33. import static com.atlassian.pageobjects.elements.query.Poller.waitUntilTrue;
    34. 

  34. import static org.hamcrest.CoreMatchers.equalTo;
    35. 

  35. import static org.mockserver.model.MediaType.APPLICATION_XML;
    36. 

  36. 

  37. @RunWith(ConfluenceStatelessTestRunner.class)
    38. 

  38. public class RssMacroWhitelistTestCase extends AbstractHtmlMacroTestCase {
    39. 

  39. 

  40.     private static final String MACRO_NAME = "rss";
    41. 

  41.     private static final String REMOTE_RESOURCE = "/download/attachments/950274/rssfeed.xml";
    42. 

  42. 

  43.     @Fixture
    44. 

  44.     private static final UserFixture user = userFixture().build();
    45. 

  45.     @Fixture
    46. 

  46.     private static final SpaceFixture space = spaceFixture()
    47. 

  47.             .permission(user, REGULAR_PERMISSIONS)
    48. 

  48.             .anonymousPermission(ANONYMOUS_PERMISSIONS)
    49. 

  49.             .build();
    50. 

  50. 

  51.     @Inject
    52. 

  52.     private static ConfluenceTestedProduct product;
    53. 

  53.     @Inject
    54. 

  54.     private static ConfluenceRestClient restClient;
    55. 

  55. 

  56.     private static Content page;
    57. 

  57. 

  58.     private WhitelistTestRule whitelistTestRule;
    59. 

  59. 

  60.     @BeforeClass
    61. 

  61.     public static void initialise() {
    62. 

  62.         PluginRest pluginRest = restClient.getAdminSession().getPluginComponent();
    63. 

  63.         if (!pluginRest.isPluginEnabled(HTML_MACRO_PLUGIN)) {
    64. 

  64.             pluginRest.enablePlugin(HTML_MACRO_PLUGIN);
    65. 

  65.         }
    66. 

  66.         pluginRest.enablePluginModule(HTML_MACRO_PLUGIN, MACRO_NAME);
    67. 

  67. 

  68.         // create page fixture here as they require the plugin modules to be enabled
    69. 

  69.         page = restClient.createSession(user.get()).contentService().create(
    70. 

  70.                 Content.builder()
    71. 

  71.                         .space(space.get())
    72. 

  72.                         .title("HtmlIncludeFuncTest")
    73. 

  73.                         .type(ContentType.PAGE)
    74. 

  74.                         .body("{" + MACRO_NAME + ":url=" + remoteBaseUrl + REMOTE_RESOURCE + "}", WIKI)
    75. 

  75.                         .build(),
    76. 

  76.                 ExpansionsParser.parse("body.wiki,space")
    77. 

  77.         );
    78. 

  78. 

  79.         restClient.getAdminSession().permissions().enableAnonymousUseConfluence();
    80. 

  80.     }
    81. 

  81. 

  82.     @AfterClass
    83. 

  83.     public static void afterClass() {
    84. 

  84.         PluginRest pluginRest = restClient.getAdminSession().getPluginComponent();
    85. 

  85.         if (pluginRest.isPluginEnabled(HTML_MACRO_PLUGIN)) {
    86. 

  86.             pluginRest.disablePluginModule(HTML_MACRO_PLUGIN, MACRO_NAME);
    87. 

  87.             pluginRest.disablePlugin(HTML_MACRO_PLUGIN);
    88. 

  88.         }
    89. 

  89. 

  90.         restClient.getAdminSession().permissions().disableAnonymousUseConfluence();
    91. 

  91.     }
    92. 

  92. 

  93.     @Before
    94. 

  94.     public void setup() {
    95. 

  95.         whitelistTestRule = WhitelistTestRule.withDefaultAdminLoginAndBaseUrl(urlSelector.getBaseUrl());
    96. 

  96.     }
    97. 

  97. 

  98.     @Before
    99. 

  99.     public void configureMockServer() throws IOException {
    100. 

  100.         configureMockServer(REMOTE_RESOURCE, "/com/atlassian/confluence/plugins/macros/html/rssfeed.xml", APPLICATION_XML);
    101. 

  101.     }
    102. 

  102. 

  103.     @After
    104. 

  104.     public void tearDown() {
    105. 

  105.         whitelistTestRule.removeCreatedWhitelistRules();
    106. 

  106.         product.logOutFast();
    107. 

  107.     }
    108. 

  108. 

  109.     @Test
    110. 

  110.     public void testWhitelistDenyWithoutAnyRule() {
    111. 

  111.         assertRemoteContentBlocked();
    112. 

  112.     }
    113. 

  113. 

  114.     @Test
    115. 

  115.     public void testWhitelistAllowUsingWildcard() {
    116. 

  116.         assertRemoteContentBlocked();
    117. 

  117.         whitelistTestRule.whitelistWildcard(remoteBaseUrl + "/*");
    118. 

  118.         assertRemoteContentIncluded();
    119. 

  119.     }
    120. 

  120. 

  121.     @Test
    122. 

  122.     public void testWhitelistAllowUsingExactMatch() {
    123. 

  123.         assertRemoteContentBlocked();
    124. 

  124.         whitelistTestRule.whitelistExactUrl(remoteBaseUrl + REMOTE_RESOURCE);
    125. 

  125.         assertRemoteContentIncluded();
    126. 

  126.     }
    127. 

  127. 

  128.     @Test
    129. 

  129.     public void testWhitelistAllowUsingRegex() {
    130. 

  130.         assertRemoteContentBlocked();
    131. 

  131.         whitelistTestRule.whitelistRegularExpression(remoteBaseUrl + "/download/attachments/[\\d]+/rssfeed.xml");
    132. 

  132.         assertRemoteContentIncluded();
    133. 

  133.     }
    134. 

  134. 

  135.     @Test
    136. 

  136.     public void testWhiteListAnonymousDeny() {
    137. 

  137.         assertRemoteContentBlockedForAnonymous();
    138. 

  138.         whitelistTestRule.whitelistExactUrlDisallowAnonymous(remoteBaseUrl + REMOTE_RESOURCE);
    139. 

  139.         assertRemoteContentBlockedForAnonymous();
    140. 

  140.     }
    141. 

  141. 

  142.     @Test
    143. 

  143.     public void testWhiteListAnonymousAllow() {
    144. 

  144.         assertRemoteContentBlockedForAnonymous();
    145. 

  145.         whitelistTestRule.whitelistExactUrl(remoteBaseUrl + REMOTE_RESOURCE);
    146. 

  146.         assertRemoteContentIncludedForAnonymous();
    147. 

  147.     }
    148. 

  148. 

  149.     private void assertRemoteContentIncluded() {
    150. 

  150.         product.loginAndView(user.get(), page);
    151. 

  151.         assertRssFeedShown();
    152. 

  152.     }
    153. 

  153. 

  154.     private void assertRemoteContentBlocked() {
    155. 

  155.         product.loginAndView(user.get(), page);
    156. 

  156.         assertRssFeedNotShown();
    157. 

  157.     }
    158. 

  158. 

  159.     private void assertRemoteContentIncludedForAnonymous() {
    160. 

  160.         product.viewPage(page);
    161. 

  161.         assertRssFeedShown();
    162. 

  162.     }
    163. 

  163. 

  164.     private void assertRemoteContentBlockedForAnonymous() {
    165. 

  165.         product.viewPage(page);
    166. 

  166.         assertRssFeedNotShown();
    167. 

  167.     }
    168. 

  168. 

  169.     private void assertRssFeedNotShown() {
    170. 

  170.         PageElement pageElement = pageElementFinder.find(By.xpath("//div[@class='rssMacro']//tr[1]//a[text()='\"Test RSS Exploit showing\"']"));
    171. 

  171.         waitUntilFalse(pageElement.timed().isPresent());
    172. 

  172. 

  173.         pageElement = pageElementFinder.find(By.xpath("//div[@class='wiki-content']//div[contains(@class,'errorBox')]//p//strong"));
    174. 

  174.         waitUntil(
    175. 

  175.                 pageElement.timed().getText(),
    176. 

  176.                 equalTo("Could not access the content at the URL because it is not from an allowed source.")
    177. 

  177.         );
    178. 

  178. 

  179.         pageElement = pageElementFinder.find(By.xpath("//div[@class='wiki-content']//p[3]"));
    180. 

  180.         waitUntil(
    181. 

  181.                 pageElement.timed().getText(),
    182. 

  182.                 equalTo("You may contact your site administrator and request that this URL be added to the list of allowed sources.")
    183. 

  183.         );
    184. 

  184.     }
    185. 

  185. 

  186.     private void assertRssFeedShown() {
    187. 

  187.         PageElement pageElement = pageElementFinder.find(By.xpath("//div[contains(@class,'rssMacro')]//tr[1]//a[text()='\"Test RSS Exploit showing\"']"));
    188. 

  188.         waitUntilTrue(pageElement.timed().isPresent());
    189. 

  189. 

  190.         pageElement = pageElementFinder.find(By.xpath("//div[contains(@class,'rssMacro')]//tr[1]//span"));
    191. 

  191.         waitUntil(pageElement.timed().getText(), equalTo("This is description & test"));
    192. 

  192. 

  193.         pageElement = pageElementFinder.find(By.xpath("//div[contains(@class,'rssMacro')]//tbody/tr//a"));
    194. 

  194.         waitUntil(pageElement.timed().getText(), equalTo("Items & Test"));
    195. 

  195. 

  196.         pageElement = pageElementFinder.find(By.xpath("//div[contains(@class,'rssMacro')]//tbody/tr//span"));
    197. 

  197.         waitUntil(pageElement.timed().getText(), equalTo("Item description includes html markup"));
    198. 

  198.     }
    199. 

  199. }
    200. 

  200.