Examples with SoapHttpTransport com.zimbra.common.soap.SoapHttpTransport used on opensource projects

Example 16 with SoapHttpTransport

use of com.zimbra.common.soap.SoapHttpTransport in project zm-mailbox by Zimbra.

the class TestAuthentication method testAuthViaPreauthToken.

/**
     * test auth request with preauth in SOAP instead of login/password
     * @throws Exception
     */
public void testAuthViaPreauthToken() throws Exception {
    long timestamp = System.currentTimeMillis();
    long expires = timestamp + 60000;
    String domainPreAuthKey = setUpAndReturnDomainAuthKey();
    Account a = TestUtil.getAccount(USER_NAME);
    AccountSelector acctSel = new AccountSelector(com.zimbra.soap.type.AccountBy.name, a.getName());
    SoapHttpTransport transport = new SoapHttpTransport(TestUtil.getSoapUrl());
    AuthRequest req = new AuthRequest(acctSel);
    HashMap<String, String> params = new HashMap<String, String>();
    params.put("account", a.getName());
    params.put("by", "name");
    params.put("timestamp", timestamp + "");
    params.put("expires", expires + "");
    PreAuth preAuth = new PreAuth().setExpires(expires).setTimestamp(timestamp).setValue(PreAuthKey.computePreAuth(params, domainPreAuthKey));
    req = req.setPreauth(preAuth);
    Element resp = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
    AuthResponse authResp = JaxbUtil.elementToJaxb(resp);
    assertTrue("Lifetime is invalid", authResp.getLifetime() < expires - timestamp);
    String newAuthToken = authResp.getAuthToken();
    assertNotNull("should have received a new authtoken", newAuthToken);
    assertTrue("should have a received a non-empty authtoken", newAuthToken.length() > 0);
    AuthToken at = ZimbraAuthToken.getAuthToken(newAuthToken);
    assertTrue("new auth token should be registered", at.isRegistered());
    assertFalse("new auth token should not be expired yet", at.isExpired());
}

Example 17 with SoapHttpTransport

use of com.zimbra.common.soap.SoapHttpTransport in project zm-mailbox by Zimbra.

the class TestUtil method authUser.

public static SoapTransport authUser(String acctName, String password) throws Exception {
    com.zimbra.soap.type.AccountSelector acct = new com.zimbra.soap.type.AccountSelector(com.zimbra.soap.type.AccountBy.name, acctName);
    SoapHttpTransport transport = new SoapHttpTransport(TestUtil.getSoapUrl());
    AuthRequest req = new AuthRequest(acct, password);
    AuthResponse resp = SoapTest.invokeJaxb(transport, req);
    transport.setAuthToken(resp.getAuthToken());
    return transport;
}

Example 18 with SoapHttpTransport

use of com.zimbra.common.soap.SoapHttpTransport in project zm-mailbox by Zimbra.

the class TestDeployZimlet method testZipWithAbsolutePath.

@Test
public void testZipWithAbsolutePath() throws Exception {
    SoapHttpTransport transport = new SoapHttpTransport(TestUtil.getAdminSoapUrl());
    com.zimbra.soap.admin.message.AuthRequest authReq = new com.zimbra.soap.admin.message.AuthRequest(LC.zimbra_ldap_user.value(), LC.zimbra_ldap_password.value());
    authReq.setCsrfSupported(false);
    Element response = transport.invoke(JaxbUtil.jaxbToElement(authReq, SoapProtocol.SoapJS.getFactory()));
    com.zimbra.soap.admin.message.AuthResponse authResp = JaxbUtil.elementToJaxb(response);
    String authToken = authResp.getAuthToken();
    String aid = adminUpload(authToken, "absolute.zip", "/opt/zimbra/unittest/zimlets/absolute.zip");
    assertNotNull("Attachment ID should not be null", aid);
    AttachmentIdAttrib att = new AttachmentIdAttrib(aid);
    transport.setAdmin(true);
    transport.setAuthToken(authToken);
    DeployZimletRequest deployReq = new DeployZimletRequest(AdminConstants.A_DEPLOYLOCAL, false, true, att);
    Element req = JaxbUtil.jaxbToElement(deployReq);
    try {
        Element res = transport.invoke(req);
        JaxbUtil.elementToJaxb(res);
        fail("Should throw SoapFaultException");
    } catch (SoapFaultException e) {
    //expected
    }
    //check that file did not get extracted to absolute path
    File rogueFile = new File("/opt/zimbra/conf/rogue.file");
    assertFalse("/opt/zimbra/conf/rogue.file should not have been created", rogueFile.exists());
}

Example 19 with SoapHttpTransport

use of com.zimbra.common.soap.SoapHttpTransport in project zm-mailbox by Zimbra.

the class TestCookieReuse method testInvalidSearchRequest.

/**
     * Verify that we canNOT RE-use the cookie taken from a legitimate HTTP session for a SOAP request after
     * ending the original session
     */
@Test
public void testInvalidSearchRequest() throws ServiceException, IOException {
    //establish legitimate connection
    TestUtil.setAccountAttr(USER_NAME, Provisioning.A_zimbraForceClearCookies, "FALSE");
    ZMailbox mbox = TestUtil.getZMailbox(USER_NAME);
    URI uri = mbox.getRestURI("Inbox?fmt=rss");
    mbox.getHttpClient(uri);
    ZAuthToken authT = mbox.getAuthToken();
    //create evesdropper's SOAP client
    SoapHttpTransport transport = new HttpCookieSoapTransport(TestUtil.getSoapUrl());
    transport.setAuthToken(authT);
    //check that search returns something
    SearchRequest searchReq = new SearchRequest();
    searchReq.setSearchTypes(MailItem.Type.MESSAGE.toString());
    searchReq.setQuery("in:inbox");
    Element req = JaxbUtil.jaxbToElement(searchReq, SoapProtocol.SoapJS.getFactory());
    Element res = transport.invoke(req);
    SearchResponse searchResp = JaxbUtil.elementToJaxb(res);
    List<SearchHit> searchHits = searchResp.getSearchHits();
    Assert.assertFalse("this search request should return some conversations", searchHits.isEmpty());
    //explicitely end cookie session
    Account a = TestUtil.getAccount(USER_NAME);
    a.setForceClearCookies(false);
    EndSessionRequest esr = new EndSessionRequest();
    esr.setLogOff(true);
    mbox.invokeJaxb(esr);
    //check that search returns nothing
    transport = new HttpCookieSoapTransport(TestUtil.getSoapUrl());
    transport.setAuthToken(authT);
    searchReq = new SearchRequest();
    searchReq.setSearchTypes(MailItem.Type.MESSAGE.toString());
    searchReq.setQuery("in:inbox");
    try {
        req = JaxbUtil.jaxbToElement(searchReq, SoapProtocol.SoapJS.getFactory());
        res = transport.invoke(req);
        searchResp = JaxbUtil.elementToJaxb(res);
        searchHits = searchResp.getSearchHits();
        Assert.assertTrue("this search request should fail", searchHits.isEmpty());
    } catch (SoapFaultException ex) {
        Assert.assertEquals("Should be getting 'auth required' exception", ServiceException.AUTH_EXPIRED, ex.getCode());
    }
}

Example 20 with SoapHttpTransport

use of com.zimbra.common.soap.SoapHttpTransport in project zm-mailbox by Zimbra.

the class TestCookieReuse method testForgedNonCSRFPost.

/**
     * Verify that we CANNOT make an POST request with a non-CSRF-enabled auth token if the auth token
     * has an associated CSRF token
     */
@Test
public void testForgedNonCSRFPost() throws Exception {
    AuthToken at = AuthProvider.getAuthToken(TestUtil.getAccount(USER_NAME));
    at.setCsrfTokenEnabled(false);
    CsrfUtil.generateCsrfToken(at.getAccountId(), at.getExpires(), new Random().nextInt() + 1, at);
    SoapHttpTransport transport = new SoapHttpTransport(TestUtil.getSoapUrl());
    transport.setAuthToken(at.getEncoded());
    GetInfoRequest request = new GetInfoRequest();
    try {
        transport.invoke(JaxbUtil.jaxbToElement(request));
    } catch (ServiceException e) {
        Assert.assertEquals("should be catching AUTH EXPIRED here", ServiceException.AUTH_REQUIRED, e.getCode());
        return;
    }
    Assert.fail("should have caught an exception");
}