Google Git
Sign in
apache / jackrabbit-oak / 7566967543158e8512668082d17f73464f6eb3f4 / . / oak-core / src / test / java / org / apache / jackrabbit / oak / security / user / IntermediatePathTest.java
blob: ee65fec08029ed971be9d5f9e285e85dbb962f4d [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jackrabbit.oak.security.user;
import java.util.List;
import java.util.UUID;
import javax.jcr.RepositoryException;
import javax.jcr.nodetype.ConstraintViolationException;
import com.google.common.collect.ImmutableList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.jetbrains.annotations.Nullable;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
/**
* Test user/group creation with intermediate path parameter.
*/
public class IntermediatePathTest extends AbstractSecurityTest {
@Override
public void after() throws Exception {
try {
root.refresh();
} finally {
super.after();
}
}
private Authorizable createAuthorizable(boolean createGroup, @Nullable String intermediatePath) throws RepositoryException {
String id = UUID.randomUUID().toString();
if (createGroup) {
return getUserManager(root).createGroup(id, new PrincipalImpl(id), intermediatePath);
} else {
return getUserManager(root).createUser(id, null, new PrincipalImpl(id), intermediatePath);
}
}
@Test
public void testUserNullPath() throws Exception {
assertNotNull(createAuthorizable(false, null));
}
@Test
public void testGroupNullPath() throws Exception {
assertNotNull(createAuthorizable(true, null));
}
@Test
public void testUserEmptyPath() throws Exception {
Authorizable authorizable = createAuthorizable(false, "");
assertNotEquals(UserConstants.DEFAULT_USER_PATH, PathUtils.getAncestorPath(authorizable.getPath(), 1));
assertTrue(authorizable.getPath().startsWith(UserConstants.DEFAULT_USER_PATH));
}
@Test
public void testGroupEmptyPath() throws Exception {
Authorizable authorizable = createAuthorizable(true, "");
assertNotEquals(UserConstants.DEFAULT_GROUP_PATH, PathUtils.getAncestorPath(authorizable.getPath(), 1));
assertTrue(authorizable.getPath().startsWith(UserConstants.DEFAULT_GROUP_PATH));
}
@Test
public void testUserRelativePath() throws Exception {
Authorizable authorizable = createAuthorizable(false, "a/b/c");
assertTrue(authorizable.getPath().startsWith(UserConstants.DEFAULT_USER_PATH + "/a/b/c"));
}
@Test
public void testGroupRelativePath() throws Exception {
Authorizable authorizable = createAuthorizable(true, "a/b/c");
assertTrue(authorizable.getPath().startsWith(UserConstants.DEFAULT_GROUP_PATH + "/a/b/c"));
}
@Test
public void testUserAbsolutePath() throws Exception {
Authorizable authorizable = createAuthorizable(false, UserConstants.DEFAULT_USER_PATH + "/a/b/c");
assertTrue(authorizable.getPath().startsWith(UserConstants.DEFAULT_USER_PATH + "/a/b/c"));
}
@Test
public void testGroupAbsolutePath() throws Exception {
Authorizable authorizable = createAuthorizable(true, UserConstants.DEFAULT_GROUP_PATH + "/a/b/c");
assertTrue(authorizable.getPath().startsWith(UserConstants.DEFAULT_GROUP_PATH + "/a/b/c"));
}
@Test
public void testUserRootPath() throws Exception {
Authorizable authorizable = createAuthorizable(false, UserConstants.DEFAULT_USER_PATH);
assertNotEquals(UserConstants.DEFAULT_USER_PATH, PathUtils.getAncestorPath(authorizable.getPath(), 1));
assertTrue(authorizable.getPath().startsWith(UserConstants.DEFAULT_USER_PATH));
}
@Test
public void testGroupRootPath() throws Exception {
Authorizable authorizable = createAuthorizable(true, UserConstants.DEFAULT_GROUP_PATH);
assertNotEquals(UserConstants.DEFAULT_GROUP_PATH, PathUtils.getAncestorPath(authorizable.getPath(), 1));
assertTrue(authorizable.getPath().startsWith(UserConstants.DEFAULT_GROUP_PATH));
}
@Test(expected = ConstraintViolationException.class)
public void testUserWrongRoot() throws Exception {
createAuthorizable(false, UserConstants.DEFAULT_GROUP_PATH);
}
@Test(expected = ConstraintViolationException.class)
public void testGroupWrongRoot() throws Exception {
createAuthorizable(true, UserConstants.DEFAULT_USER_PATH);
}
@Test
public void testInvalidAbsolutePaths() throws Exception {
TreeUtil.addChild(root.getTree(PathUtils.ROOT_PATH), "testNode", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
List<String> invalidPaths = ImmutableList.of(
"/",
PathUtils.getAncestorPath(UserConstants.DEFAULT_GROUP_PATH, 1),
PathUtils.getAncestorPath(UserConstants.DEFAULT_GROUP_PATH, 2),
"/testNode",
"/nonExisting");
for (String absPath : invalidPaths) {
try {
createAuthorizable(false, absPath);
fail("Invalid path " + absPath + " outside of configured scope.");
} catch (ConstraintViolationException e) {
// success
} finally {
root.refresh();
}
}
}
@Test
public void testAbsolutePathsWithParentElements() throws Exception {
Authorizable authorizable = createAuthorizable(true, UserConstants.DEFAULT_GROUP_PATH + "/a/../b");
assertTrue(authorizable.getPath().startsWith(UserConstants.DEFAULT_GROUP_PATH + "/b"));
}
@Test
public void testAbsolutePathsWithInvalidParentElements() throws Exception {
try {
String invalidPath = UserConstants.DEFAULT_GROUP_PATH + "/../a";
Authorizable authorizable = createAuthorizable(true, invalidPath);
assertTrue(authorizable.getPath().startsWith(PathUtils.getAncestorPath(UserConstants.DEFAULT_GROUP_PATH, 1) + "/a"));
root.commit();
fail("Invalid path " + invalidPath + " outside of configured scope.");
} catch (CommitFailedException e) {
// success
assertTrue(e.isConstraintViolation());
assertEquals(28, e.getCode());
} finally {
root.refresh();
}
}
@Test
public void testRelativePaths() throws Exception {
TreeUtil.addChild(root.getTree(PathUtils.ROOT_PATH), "testNode", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
List<String> invalidPaths = ImmutableList.of("..", "../..", "../../..", "../../../testNode","a/b/../../../c");
for (String relPath : invalidPaths) {
try {
createAuthorizable(false, relPath);
// NOTE: requires commit to detect the violation
root.commit();
fail("Invalid path " + relPath + " outside of configured scope.");
} catch (CommitFailedException e) {
// success
assertTrue(e.isConstraintViolation());
assertEquals(28, e.getCode());
} finally {
root.refresh();
}
}
}
@Test
public void testCurrentRelativePath() throws Exception {
Authorizable authorizable = createAuthorizable(false, ".");
assertEquals(UserConstants.DEFAULT_USER_PATH, PathUtils.getAncestorPath(authorizable.getPath(), 1));
}
}