Search in sources :

Example 1 with EndSessionRequest

use of com.zimbra.soap.account.message.EndSessionRequest in project zm-mailbox by Zimbra.

the class SoapProvisioning method soapLogOut.

public void soapLogOut() throws ServiceException {
    EndSessionRequest logout = new EndSessionRequest();
    logout.setLogOff(true);
    try {
        invokeJaxb(logout);
        mAuthTokenExpiration = 0;
        mAuthTokenLifetime = 0;
        mAuthToken = null;
    } catch (ServiceException e) {
        // do not thrown an exception if the authtoken has already expired
        if (!ServiceException.AUTH_REQUIRED.equals(e.getCode()) && !ServiceException.AUTH_EXPIRED.equals(e.getCode())) {
            throw ZClientException.CLIENT_ERROR("Failed to log out", e);
        }
    }
}
Also used : AccountServiceException(com.zimbra.cs.account.AccountServiceException) ServiceException(com.zimbra.common.service.ServiceException) EndSessionRequest(com.zimbra.soap.account.message.EndSessionRequest)

Example 2 with EndSessionRequest

use of com.zimbra.soap.account.message.EndSessionRequest in project zm-mailbox by Zimbra.

the class TestCookieReuse method testInvalidSearchRequest.

/**
 * Verify that we canNOT RE-use the cookie taken from a legitimate HTTP session for a SOAP request after
 * ending the original session
 */
@Test
public void testInvalidSearchRequest() throws ServiceException, IOException, HttpException {
    // establish legitimate connection
    TestUtil.setAccountAttr(USER_NAME, Provisioning.A_zimbraForceClearCookies, "FALSE");
    ZMailbox mbox = TestUtil.getZMailbox(USER_NAME);
    URI uri = mbox.getRestURI("Inbox?fmt=rss");
    mbox.getHttpClient(uri);
    ZAuthToken authT = mbox.getAuthToken();
    // create evesdropper's SOAP client
    SoapHttpTransport transport = new HttpCookieSoapTransport(TestUtil.getSoapUrl());
    transport.setAuthToken(authT);
    // check that search returns something
    SearchRequest searchReq = new SearchRequest();
    searchReq.setSearchTypes(MailItem.Type.MESSAGE.toString());
    searchReq.setQuery("in:inbox");
    Element req = JaxbUtil.jaxbToElement(searchReq, SoapProtocol.SoapJS.getFactory());
    Element res = transport.invoke(req);
    SearchResponse searchResp = JaxbUtil.elementToJaxb(res);
    List<SearchHit> searchHits = searchResp.getSearchHits();
    Assert.assertFalse("this search request should return some conversations", searchHits.isEmpty());
    // explicitely end cookie session
    Account a = TestUtil.getAccount(USER_NAME);
    a.setForceClearCookies(false);
    EndSessionRequest esr = new EndSessionRequest();
    esr.setLogOff(true);
    mbox.invokeJaxb(esr);
    // check that search returns nothing
    transport = new HttpCookieSoapTransport(TestUtil.getSoapUrl());
    transport.setAuthToken(authT);
    searchReq = new SearchRequest();
    searchReq.setSearchTypes(MailItem.Type.MESSAGE.toString());
    searchReq.setQuery("in:inbox");
    try {
        req = JaxbUtil.jaxbToElement(searchReq, SoapProtocol.SoapJS.getFactory());
        res = transport.invoke(req);
        searchResp = JaxbUtil.elementToJaxb(res);
        searchHits = searchResp.getSearchHits();
        Assert.assertTrue("this search request should fail", searchHits.isEmpty());
    } catch (SoapFaultException ex) {
        Assert.assertEquals("Should be getting 'auth required' exception", ServiceException.AUTH_EXPIRED, ex.getCode());
    }
}
Also used : SearchRequest(com.zimbra.soap.mail.message.SearchRequest) Account(com.zimbra.cs.account.Account) SearchHit(com.zimbra.soap.type.SearchHit) Element(com.zimbra.common.soap.Element) XMLElement(com.zimbra.common.soap.Element.XMLElement) JSONElement(com.zimbra.common.soap.Element.JSONElement) URI(java.net.URI) ZAuthToken(com.zimbra.common.auth.ZAuthToken) SoapFaultException(com.zimbra.common.soap.SoapFaultException) SearchResponse(com.zimbra.soap.mail.message.SearchResponse) ZMailbox(com.zimbra.client.ZMailbox) EndSessionRequest(com.zimbra.soap.account.message.EndSessionRequest) SoapHttpTransport(com.zimbra.common.soap.SoapHttpTransport) Test(org.junit.Test)

Example 3 with EndSessionRequest

use of com.zimbra.soap.account.message.EndSessionRequest in project zm-mailbox by Zimbra.

the class TestCookieReuse method testAutoEndSession.

/**
 * Verify that we canNOT RE-use the cookie for REST session if the session is valid
 * @throws HttpException
 */
@Test
public void testAutoEndSession() throws ServiceException, IOException, HttpException {
    // establish legitimate connection
    TestUtil.setAccountAttr(USER_NAME, Provisioning.A_zimbraForceClearCookies, "TRUE");
    ZMailbox mbox = TestUtil.getZMailbox(USER_NAME);
    URI uri = mbox.getRestURI("Inbox?fmt=rss");
    HttpClientContext context = HttpClientContext.create();
    HttpClient alice = mbox.getHttpClient(uri);
    // create evesdropper's connection
    HttpClientBuilder eve = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
    List<Cookie> cookies = context.getCookieStore().getCookies();
    BasicCookieStore cookieStore = new BasicCookieStore();
    for (Cookie cookie : cookies) {
        BasicClientCookie basicCookie = new BasicClientCookie(cookie.getName(), cookie.getValue());
        basicCookie.setDomain(uri.getHost());
        basicCookie.setPath("/");
        basicCookie.setSecure(false);
        cookieStore.addCookie(cookie);
    }
    eve.setDefaultCookieStore(cookieStore);
    Account a = TestUtil.getAccount(USER_NAME);
    a.setForceClearCookies(true);
    EndSessionRequest esr = new EndSessionRequest();
    mbox.invokeJaxb(esr);
    HttpGet get = new HttpGet(uri.toString());
    HttpResponse response = HttpClientUtil.executeMethod(eve.build(), get, context);
    int statusCode = response.getStatusLine().getStatusCode();
    Assert.assertEquals("This request should not succeed. Getting status code " + statusCode, HttpStatus.SC_UNAUTHORIZED, statusCode);
}
Also used : Cookie(org.apache.http.cookie.Cookie) BasicClientCookie(org.apache.http.impl.cookie.BasicClientCookie) Account(com.zimbra.cs.account.Account) HttpGet(org.apache.http.client.methods.HttpGet) HttpResponse(org.apache.http.HttpResponse) HttpClientContext(org.apache.http.client.protocol.HttpClientContext) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) BasicClientCookie(org.apache.http.impl.cookie.BasicClientCookie) URI(java.net.URI) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) ZMailbox(com.zimbra.client.ZMailbox) HttpClient(org.apache.http.client.HttpClient) EndSessionRequest(com.zimbra.soap.account.message.EndSessionRequest) Test(org.junit.Test)

Example 4 with EndSessionRequest

use of com.zimbra.soap.account.message.EndSessionRequest in project zm-mailbox by Zimbra.

the class TestCookieReuse method testForceEndSession.

/**
 * Verify that we canNOT RE-use the cookie taken from a legitimate HTTP session for a REST request
 * after ending the original session
 * @throws HttpException
 */
@Test
public void testForceEndSession() throws ServiceException, IOException, HttpException {
    // establish legitimate connection
    TestUtil.setAccountAttr(USER_NAME, Provisioning.A_zimbraForceClearCookies, "FALSE");
    ZMailbox mbox = TestUtil.getZMailbox(USER_NAME);
    URI uri = mbox.getRestURI("Inbox?fmt=rss");
    HttpClient alice = mbox.getHttpClient(uri);
    HttpClientContext context = HttpClientContext.create();
    // create evesdropper's connection
    HttpClientBuilder eve = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
    List<Cookie> cookies = context.getCookieStore().getCookies();
    BasicCookieStore cookieStore = new BasicCookieStore();
    for (Cookie cookie : cookies) {
        BasicClientCookie basicCookie = new BasicClientCookie(cookie.getName(), cookie.getValue());
        basicCookie.setDomain(uri.getHost());
        basicCookie.setPath("/");
        basicCookie.setSecure(false);
        cookieStore.addCookie(cookie);
    }
    eve.setDefaultCookieStore(cookieStore);
    Account a = TestUtil.getAccount(USER_NAME);
    a.setForceClearCookies(false);
    EndSessionRequest esr = new EndSessionRequest();
    esr.setLogOff(true);
    mbox.invokeJaxb(esr);
    HttpGet get = new HttpGet(uri.toString());
    HttpResponse response = HttpClientUtil.executeMethod(eve.build(), get);
    int statusCode = response.getStatusLine().getStatusCode();
    Assert.assertEquals("This request should not succeed. Getting status code " + statusCode, HttpStatus.SC_UNAUTHORIZED, statusCode);
}
Also used : Cookie(org.apache.http.cookie.Cookie) BasicClientCookie(org.apache.http.impl.cookie.BasicClientCookie) Account(com.zimbra.cs.account.Account) HttpGet(org.apache.http.client.methods.HttpGet) HttpResponse(org.apache.http.HttpResponse) HttpClientContext(org.apache.http.client.protocol.HttpClientContext) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) BasicClientCookie(org.apache.http.impl.cookie.BasicClientCookie) URI(java.net.URI) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) ZMailbox(com.zimbra.client.ZMailbox) HttpClient(org.apache.http.client.HttpClient) EndSessionRequest(com.zimbra.soap.account.message.EndSessionRequest) Test(org.junit.Test)

Example 5 with EndSessionRequest

use of com.zimbra.soap.account.message.EndSessionRequest in project zm-mailbox by Zimbra.

the class EndSession method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    EndSessionRequest req = JaxbUtil.elementToJaxb(request);
    String sessionId = req.getSessionId();
    boolean clearCookies = req.isLogOff();
    boolean clearAllSessions = req.isClearAllSoapSessions();
    boolean excludeCurrrentSession = req.isExcludeCurrentSession();
    Account account = getAuthenticatedAccount(zsc);
    if (clearAllSessions) {
        String currentSessionId = null;
        if (excludeCurrrentSession && zsc.hasSession()) {
            Session currentSession = getSession(zsc);
            currentSessionId = currentSession.getSessionId();
        }
        Collection<Session> sessionCollection = SessionCache.getSoapSessions(account.getId());
        if (sessionCollection != null) {
            List<Session> sessions = new ArrayList<Session>(sessionCollection);
            Iterator<Session> itr = sessions.iterator();
            while (itr.hasNext()) {
                Session session = itr.next();
                itr.remove();
                clearSession(session, currentSessionId);
            }
        }
    } else if (!StringUtil.isNullOrEmpty(sessionId)) {
        Session s = SessionCache.lookup(sessionId, account.getId());
        if (s == null) {
            throw ServiceException.FAILURE("Failed to find session with given sessionId", null);
        } else {
            clearSession(s, null);
        }
    } else {
        if (zsc.hasSession()) {
            Session s = getSession(zsc);
            endSession(s);
        }
        if (clearCookies || account.isForceClearCookies()) {
            context.put(SoapServlet.INVALIDATE_COOKIES, true);
            try {
                AuthToken at = zsc.getAuthToken();
                HttpServletRequest httpReq = (HttpServletRequest) context.get(SoapServlet.SERVLET_REQUEST);
                HttpServletResponse httpResp = (HttpServletResponse) context.get(SoapServlet.SERVLET_RESPONSE);
                at.encode(httpReq, httpResp, true);
                at.deRegister();
            } catch (AuthTokenException e) {
                throw ServiceException.FAILURE("Failed to de-register an auth token", e);
            }
        }
    }
    Element response = zsc.createElement(AccountConstants.END_SESSION_RESPONSE);
    return response;
}
Also used : Account(com.zimbra.cs.account.Account) Element(com.zimbra.common.soap.Element) ArrayList(java.util.ArrayList) HttpServletResponse(javax.servlet.http.HttpServletResponse) HttpServletRequest(javax.servlet.http.HttpServletRequest) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) EndSessionRequest(com.zimbra.soap.account.message.EndSessionRequest) AuthTokenException(com.zimbra.cs.account.AuthTokenException) AuthToken(com.zimbra.cs.account.AuthToken) SoapSession(com.zimbra.cs.session.SoapSession) Session(com.zimbra.cs.session.Session)

Aggregations

EndSessionRequest (com.zimbra.soap.account.message.EndSessionRequest)6 Account (com.zimbra.cs.account.Account)4 ZMailbox (com.zimbra.client.ZMailbox)3 URI (java.net.URI)3 Test (org.junit.Test)3 ServiceException (com.zimbra.common.service.ServiceException)2 Element (com.zimbra.common.soap.Element)2 HttpResponse (org.apache.http.HttpResponse)2 HttpClient (org.apache.http.client.HttpClient)2 HttpGet (org.apache.http.client.methods.HttpGet)2 HttpClientContext (org.apache.http.client.protocol.HttpClientContext)2 Cookie (org.apache.http.cookie.Cookie)2 BasicCookieStore (org.apache.http.impl.client.BasicCookieStore)2 HttpClientBuilder (org.apache.http.impl.client.HttpClientBuilder)2 BasicClientCookie (org.apache.http.impl.cookie.BasicClientCookie)2 ZAuthToken (com.zimbra.common.auth.ZAuthToken)1 RemoteServiceException (com.zimbra.common.service.RemoteServiceException)1 JSONElement (com.zimbra.common.soap.Element.JSONElement)1 XMLElement (com.zimbra.common.soap.Element.XMLElement)1 SoapFaultException (com.zimbra.common.soap.SoapFaultException)1