use of com.zimbra.soap.account.message.CreateSignatureRequest in project zm-mailbox by Zimbra.
the class TestBatchRequest method batchReqWithoutCsrfToken.
@Test
public void batchReqWithoutCsrfToken() throws Exception {
Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
boolean csrfEnabled = Boolean.TRUE;
SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
Element request = new Element.XMLElement(ZimbraNamespace.E_BATCH_REQUEST);
String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
Signature sig = new Signature("test_id", "testSig", sigContent, "text/html");
CreateSignatureRequest req = new CreateSignatureRequest(sig);
SoapProtocol proto = SoapProtocol.Soap12;
Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
request.addElement(sigReq);
try {
transport.invoke(request, false, false, null);
} catch (SoapFaultException e) {
assertNotNull(e);
Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
}
}
use of com.zimbra.soap.account.message.CreateSignatureRequest in project zm-mailbox by Zimbra.
the class TestBatchRequest method batchReqWithCsrfToken.
@Test
public void batchReqWithCsrfToken() throws Exception {
Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
boolean csrfEnabled = Boolean.TRUE;
SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.TRUE);
Element request = new Element.XMLElement(ZimbraNamespace.E_BATCH_REQUEST);
String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
Signature sig = new Signature(null, "testSig", sigContent, "text/html");
CreateSignatureRequest req = new CreateSignatureRequest(sig);
SoapProtocol proto = SoapProtocol.Soap12;
Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
request.addElement(sigReq);
try {
Element sigResp = transport.invoke(request, false, false, null);
String sigt = sigResp.getElement("CreateSignatureResponse").getElement("signature").getAttribute("id");
assertNotNull(sigt);
} catch (SoapFaultException e) {
assertNull(e);
}
}
use of com.zimbra.soap.account.message.CreateSignatureRequest in project zm-mailbox by Zimbra.
the class TestCsrfRequest method getCreateSigWithCsrfFeatureDisbaledAndAuthTokenIsCsrfEnabled.
@Test
public void getCreateSigWithCsrfFeatureDisbaledAndAuthTokenIsCsrfEnabled() throws Exception {
Map<String, Object> attrs = new HashMap<String, Object>();
attrs.put(Provisioning.A_zimbraCsrfTokenCheckEnabled, "FALSE");
prov.modifyAttrs(prov.getConfig(), attrs, true);
Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
boolean csrfEnabled = Boolean.TRUE;
SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
Signature sig = new Signature(null, "testSig", sigContent, "text/html");
CreateSignatureRequest req = new CreateSignatureRequest(sig);
SoapProtocol proto = SoapProtocol.Soap12;
Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
try {
Element element = transport.invoke(sigReq, false, false, null);
String sigt = element.getElement("signature").getAttribute("id");
assertNotNull(sigt);
} catch (SoapFaultException e) {
e.printStackTrace();
assertNull(e);
}
}
use of com.zimbra.soap.account.message.CreateSignatureRequest in project zm-mailbox by Zimbra.
the class TestGetSignature method getSignature.
@Test
public void getSignature() throws Exception {
Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
boolean csrfEnabled = Boolean.FALSE;
SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
Signature sig = new Signature(null, "testSig", sigContent, "text/html");
CreateSignatureRequest req = new CreateSignatureRequest(sig);
SoapProtocol proto = SoapProtocol.Soap12;
Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
try {
Element element = transport.invoke(sigReq, false, false, null);
String sigt = element.getElement("signature").getAttribute("id");
assertNotNull(sigt);
} catch (SoapFaultException e) {
e.printStackTrace();
assertNull(e);
}
GetSignaturesRequest getSigReq = new GetSignaturesRequest();
sigReq = JaxbUtil.jaxbToElement(getSigReq, proto.getFactory());
try {
Element element = transport.invoke(sigReq, false, false, null);
String sigtContent = element.getElement("signature").getElement("content").getText();
assertNotNull(sigContent);
int index = sigtContent.indexOf("alert(\"XSS\")");
Assert.assertEquals(-1, index);
} catch (SoapFaultException e) {
e.printStackTrace();
assertNull(e);
}
}
use of com.zimbra.soap.account.message.CreateSignatureRequest in project zm-mailbox by Zimbra.
the class TestAccess method CreateSignature.
@Test
public void CreateSignature() throws Exception {
String signatureName = genSignatureName(seq);
Signature sig = new Signature((String) null, signatureName, (String) null, (String) null);
CreateSignatureRequest req = new CreateSignatureRequest(sig);
/*
XMLElement req = new XMLElement(AccountConstants.CREATE_SIGNATURE_REQUEST);
Element signature = req.addElement(AccountConstants.E_SIGNATURE);
signature.addAttribute(AccountConstants.A_NAME, signatureName);
*/
accessTest(Perm.PERM_SELF_ONLY, req);
}
Aggregations