use of com.zimbra.common.soap.SoapFaultException in project zm-mailbox by Zimbra.
the class TestCsrfRequest method getCreateSigWithCsrfFeatureDisbaledAndAuthTokenIsCsrfEnabled.
@Test
public void getCreateSigWithCsrfFeatureDisbaledAndAuthTokenIsCsrfEnabled() throws Exception {
Map<String, Object> attrs = new HashMap<String, Object>();
attrs.put(Provisioning.A_zimbraCsrfTokenCheckEnabled, "FALSE");
prov.modifyAttrs(prov.getConfig(), attrs, true);
Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
boolean csrfEnabled = Boolean.TRUE;
SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
Signature sig = new Signature(null, "testSig", sigContent, "text/html");
CreateSignatureRequest req = new CreateSignatureRequest(sig);
SoapProtocol proto = SoapProtocol.Soap12;
Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
try {
Element element = transport.invoke(sigReq, false, false, null);
String sigt = element.getElement("signature").getAttribute("id");
assertNotNull(sigt);
} catch (SoapFaultException e) {
e.printStackTrace();
assertNull(e);
}
}
use of com.zimbra.common.soap.SoapFaultException in project zm-mailbox by Zimbra.
the class TestGetSignature method getSignature.
@Test
public void getSignature() throws Exception {
Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
boolean csrfEnabled = Boolean.FALSE;
SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
Signature sig = new Signature(null, "testSig", sigContent, "text/html");
CreateSignatureRequest req = new CreateSignatureRequest(sig);
SoapProtocol proto = SoapProtocol.Soap12;
Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
try {
Element element = transport.invoke(sigReq, false, false, null);
String sigt = element.getElement("signature").getAttribute("id");
assertNotNull(sigt);
} catch (SoapFaultException e) {
e.printStackTrace();
assertNull(e);
}
GetSignaturesRequest getSigReq = new GetSignaturesRequest();
sigReq = JaxbUtil.jaxbToElement(getSigReq, proto.getFactory());
try {
Element element = transport.invoke(sigReq, false, false, null);
String sigtContent = element.getElement("signature").getElement("content").getText();
assertNotNull(sigContent);
int index = sigtContent.indexOf("alert(\"XSS\")");
Assert.assertEquals(-1, index);
} catch (SoapFaultException e) {
e.printStackTrace();
assertNull(e);
}
}
use of com.zimbra.common.soap.SoapFaultException in project zm-mailbox by Zimbra.
the class TestFilter method testManyAsterisks.
/**
* Make sure we disallow more than four asterisks in a :matches condition (bug 35983).
*/
@Test
public void testManyAsterisks() throws Exception {
List<ZFilterCondition> conditions = new ArrayList<ZFilterCondition>();
List<ZFilterAction> actions = new ArrayList<ZFilterAction>();
List<ZFilterRule> rules = new ArrayList<ZFilterRule>();
ZFilterCondition condition = new ZHeaderCondition("from", HeaderOp.MATCHES, "*****address@yahoo.com");
ZFilterAction action = new ZKeepAction();
conditions.add(condition);
actions.add(action);
rules.add(new ZFilterRule("test many asterisks", true, false, conditions, actions));
ZFilterRules zRules = new ZFilterRules(rules);
try {
mMbox.saveIncomingFilterRules(zRules);
fail("Saving filter rules with quotes should not have succeeded");
} catch (SoapFaultException e) {
assertTrue("Unexpected exception: " + e, e.getMessage().contains("four asterisks"));
}
}
use of com.zimbra.common.soap.SoapFaultException in project zm-mailbox by Zimbra.
the class TestZClient method testChangePassword.
@Test
public void testChangePassword() throws Exception {
Account account = TestUtil.getAccount(USER_NAME);
Options options = new Options();
options.setAccount(account.getName());
options.setAccountBy(AccountBy.name);
options.setPassword(TestUtil.DEFAULT_PASSWORD);
options.setNewPassword("test456");
options.setUri(TestUtil.getSoapUrl());
ZMailbox.changePassword(options);
try {
TestUtil.getZMailbox(USER_NAME);
} catch (SoapFaultException e) {
assertEquals(AuthFailedServiceException.AUTH_FAILED, e.getCode());
}
}
use of com.zimbra.common.soap.SoapFaultException in project zm-mailbox by Zimbra.
the class Tester method main.
public static void main(String[] argv) {
CliUtil.toolSetup();
if (argv.length != 3) {
System.out.println("Usage: Tester <serverURL> <username> <password>");
System.out.println("where:");
System.out.println("<serverURL> is the full URL to the SOAP service");
System.out.println("<username> is the name of the user to log in as");
System.out.println("<password> is that user's password");
System.out.println("NOTE: THIS COMMAND WILL DELETE E-MAIL!!!");
}
String serverURL = argv[0];
System.out.println("connecting to " + serverURL + " as " + argv[1] + " with password " + argv[2]);
try {
/* do a ping */
LmcPingRequest pr = new LmcPingRequest();
LmcPingResponse pResp = (LmcPingResponse) pr.invoke(serverURL);
/* auth first */
System.out.println("========= AUTHENTICATE ===========");
LmcAuthRequest auth = new LmcAuthRequest();
auth.setUsername(argv[1]);
auth.setPassword(argv[2]);
LmcAuthResponse authResp = (LmcAuthResponse) auth.invoke(serverURL);
LmcSession session = authResp.getSession();
/* get some prefs -- this is not part of the login sequence now */
doGetDumpPrefs(session, serverURL);
/* get the tags */
System.out.println("======== GET TAGS =======");
LmcGetTagRequest gtReq = new LmcGetTagRequest();
gtReq.setSession(session);
LmcGetTagResponse gtResp = (LmcGetTagResponse) gtReq.invoke(serverURL);
/* dump the tags */
System.out.println("==== DUMP TAGS ======");
LmcTag[] tags = gtResp.getTags();
for (int t = 0; tags != null && t < tags.length; t++) System.out.println(tags[t]);
/* get the folders */
System.out.println("==== GET FOLDERS ======");
LmcGetFolderRequest gfReq = new LmcGetFolderRequest();
gfReq.setSession(session);
LmcGetFolderResponse gfResp = (LmcGetFolderResponse) gfReq.invoke(serverURL);
/* dump the folders */
System.out.println("====== DUMP FOLDERS ======");
LmcFolder folder = gfResp.getRootFolder();
recursiveDumpFolder(folder, 0);
/* inbox listing */
System.out.println("==== SEARCH in:inbox ======");
LmcSearchRequest sReq = new LmcSearchRequest();
sReq.setOffset("0");
sReq.setLimit("30");
sReq.setQuery("in:inbox");
sReq.setSession(session);
sReq.setTypes(MailItem.Type.CONVERSATION.toString());
LmcSearchResponse sResp = (LmcSearchResponse) sReq.invoke(serverURL);
/* dump the search */
System.out.println("====== DUMP SEARCH ======");
System.out.println("offset=\"" + sResp.getOffset() + "\" more=\"" + sResp.getMore() + "\"");
LmcConversation conv = null;
LmcConversation firstConv = null;
List cList = sResp.getResults();
for (Iterator cit = cList.iterator(); cit.hasNext(); ) {
conv = (LmcConversation) cit.next();
if (firstConv == null)
firstConv = conv;
System.out.println(conv);
}
/**
*** at this point the emulation of a login is complete ****
*/
/**
*** the following code emulates the first conv retrieval ****
*/
getAndDumpContacts(session, serverURL);
/* get the first conversation from the search */
System.out.println("===== GET CONVERSATION =====");
LmcGetConvRequest gconvReq = new LmcGetConvRequest();
gconvReq.setConvToGet(firstConv.getID());
gconvReq.setSession(session);
/*
* the client gets message detail in the getConvRequest and then
* fetches the msg with GetMsgReq anyway. so that's repeated here.
*/
String[] msgDetail = new String[] { firstConv.getMessages()[0].getID() };
gconvReq.setMsgsToGet(msgDetail);
LmcGetConvResponse gconvResp = (LmcGetConvResponse) gconvReq.invoke(serverURL);
/* dump the conversation response */
System.out.println("===== DUMP CONVERSATION ===== ");
System.out.println(gconvResp.getConv());
/* get the message in that conversation */
System.out.println("===== GET MESSAGE ===== ");
LmcGetMsgRequest gmReq = new LmcGetMsgRequest();
gmReq.setRead("1");
gmReq.setMsgToGet(msgDetail[0]);
gmReq.setSession(session);
LmcGetMsgResponse gmResp = (LmcGetMsgResponse) gmReq.invoke(serverURL);
/* dump the message in that conversation */
System.out.println("===== DUMP MESSAGE ===== ");
System.out.println(gmResp.getMsg());
/**
** that completes emulation of viewing a conv and its first message ***
*/
/* send a new message */
System.out.println("===== SEND MESSAGE ===== ");
LmcMessage lMsg = new LmcMessage();
lMsg.setEmailAddresses(new LmcEmailAddress[] { gEa });
lMsg.setSubject("msg from the test program");
LmcMimePart smrMp = new LmcMimePart();
smrMp.setContentType("text/plain");
smrMp.setContent("there is some fresh coffee somewhere");
lMsg.addMimePart(smrMp);
LmcSendMsgRequest smr = new LmcSendMsgRequest();
smr.setMsg(lMsg);
smr.setSession(session);
// add an attachment. XXX hardcoded stuff...
String aid = smr.postAttachment("http://dogfood.example.zimbra.com/service/upload", session, new File("c:/temp/ops.txt"), ".example.zimbra.com", 5000);
System.out.println("got back attachment id " + aid);
lMsg.setAttachmentIDs(new String[] { aid });
LmcSendMsgResponse smrResp = (LmcSendMsgResponse) smr.invoke(serverURL);
/* print result of sending new message */
System.out.println("==== DUMP SEND MSG RESPONSE ====");
System.out.println("Send successful, resulting ID " + smrResp.getID());
doSearchReadDelete(session, serverURL);
doSearchAndConvAction(session, serverURL);
doCreateDeleteFolder(session, serverURL);
// will also dump contacts
doCreateDeleteContact(session, serverURL);
doCreateDeleteTag(session, serverURL);
doModifyDumpPrefs(session, serverURL);
doCreateGetDeleteNote(session, serverURL);
doChangePassword(session, argv[1], argv[2], serverURL);
doGetInfo(session, serverURL);
// will not match
doSearchGal(session, serverURL, "Kevin");
// will match
doSearchGal(session, serverURL, "Satish");
doSearchConv(session, serverURL);
doBrowse(session, serverURL);
doAddMsg(session, serverURL);
} catch (SoapFaultException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (LmcSoapClientException e) {
e.printStackTrace();
} catch (ServiceException e) {
e.printStackTrace();
} catch (HttpException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
Aggregations