use of com.zimbra.soap.account.message.EndSessionRequest in project zm-mailbox by Zimbra.
the class SoapProvisioning method soapLogOut.
public void soapLogOut() throws ServiceException {
EndSessionRequest logout = new EndSessionRequest();
logout.setLogOff(true);
try {
invokeJaxb(logout);
mAuthTokenExpiration = 0;
mAuthTokenLifetime = 0;
mAuthToken = null;
} catch (ServiceException e) {
// do not thrown an exception if the authtoken has already expired
if (!ServiceException.AUTH_REQUIRED.equals(e.getCode()) && !ServiceException.AUTH_EXPIRED.equals(e.getCode())) {
throw ZClientException.CLIENT_ERROR("Failed to log out", e);
}
}
}
use of com.zimbra.soap.account.message.EndSessionRequest in project zm-mailbox by Zimbra.
the class TestCookieReuse method testInvalidSearchRequest.
/**
* Verify that we canNOT RE-use the cookie taken from a legitimate HTTP session for a SOAP request after
* ending the original session
*/
@Test
public void testInvalidSearchRequest() throws ServiceException, IOException, HttpException {
// establish legitimate connection
TestUtil.setAccountAttr(USER_NAME, Provisioning.A_zimbraForceClearCookies, "FALSE");
ZMailbox mbox = TestUtil.getZMailbox(USER_NAME);
URI uri = mbox.getRestURI("Inbox?fmt=rss");
mbox.getHttpClient(uri);
ZAuthToken authT = mbox.getAuthToken();
// create evesdropper's SOAP client
SoapHttpTransport transport = new HttpCookieSoapTransport(TestUtil.getSoapUrl());
transport.setAuthToken(authT);
// check that search returns something
SearchRequest searchReq = new SearchRequest();
searchReq.setSearchTypes(MailItem.Type.MESSAGE.toString());
searchReq.setQuery("in:inbox");
Element req = JaxbUtil.jaxbToElement(searchReq, SoapProtocol.SoapJS.getFactory());
Element res = transport.invoke(req);
SearchResponse searchResp = JaxbUtil.elementToJaxb(res);
List<SearchHit> searchHits = searchResp.getSearchHits();
Assert.assertFalse("this search request should return some conversations", searchHits.isEmpty());
// explicitely end cookie session
Account a = TestUtil.getAccount(USER_NAME);
a.setForceClearCookies(false);
EndSessionRequest esr = new EndSessionRequest();
esr.setLogOff(true);
mbox.invokeJaxb(esr);
// check that search returns nothing
transport = new HttpCookieSoapTransport(TestUtil.getSoapUrl());
transport.setAuthToken(authT);
searchReq = new SearchRequest();
searchReq.setSearchTypes(MailItem.Type.MESSAGE.toString());
searchReq.setQuery("in:inbox");
try {
req = JaxbUtil.jaxbToElement(searchReq, SoapProtocol.SoapJS.getFactory());
res = transport.invoke(req);
searchResp = JaxbUtil.elementToJaxb(res);
searchHits = searchResp.getSearchHits();
Assert.assertTrue("this search request should fail", searchHits.isEmpty());
} catch (SoapFaultException ex) {
Assert.assertEquals("Should be getting 'auth required' exception", ServiceException.AUTH_EXPIRED, ex.getCode());
}
}
use of com.zimbra.soap.account.message.EndSessionRequest in project zm-mailbox by Zimbra.
the class TestCookieReuse method testAutoEndSession.
/**
* Verify that we canNOT RE-use the cookie for REST session if the session is valid
* @throws HttpException
*/
@Test
public void testAutoEndSession() throws ServiceException, IOException, HttpException {
// establish legitimate connection
TestUtil.setAccountAttr(USER_NAME, Provisioning.A_zimbraForceClearCookies, "TRUE");
ZMailbox mbox = TestUtil.getZMailbox(USER_NAME);
URI uri = mbox.getRestURI("Inbox?fmt=rss");
HttpClientContext context = HttpClientContext.create();
HttpClient alice = mbox.getHttpClient(uri);
// create evesdropper's connection
HttpClientBuilder eve = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
List<Cookie> cookies = context.getCookieStore().getCookies();
BasicCookieStore cookieStore = new BasicCookieStore();
for (Cookie cookie : cookies) {
BasicClientCookie basicCookie = new BasicClientCookie(cookie.getName(), cookie.getValue());
basicCookie.setDomain(uri.getHost());
basicCookie.setPath("/");
basicCookie.setSecure(false);
cookieStore.addCookie(cookie);
}
eve.setDefaultCookieStore(cookieStore);
Account a = TestUtil.getAccount(USER_NAME);
a.setForceClearCookies(true);
EndSessionRequest esr = new EndSessionRequest();
mbox.invokeJaxb(esr);
HttpGet get = new HttpGet(uri.toString());
HttpResponse response = HttpClientUtil.executeMethod(eve.build(), get, context);
int statusCode = response.getStatusLine().getStatusCode();
Assert.assertEquals("This request should not succeed. Getting status code " + statusCode, HttpStatus.SC_UNAUTHORIZED, statusCode);
}
use of com.zimbra.soap.account.message.EndSessionRequest in project zm-mailbox by Zimbra.
the class TestCookieReuse method testForceEndSession.
/**
* Verify that we canNOT RE-use the cookie taken from a legitimate HTTP session for a REST request
* after ending the original session
* @throws HttpException
*/
@Test
public void testForceEndSession() throws ServiceException, IOException, HttpException {
// establish legitimate connection
TestUtil.setAccountAttr(USER_NAME, Provisioning.A_zimbraForceClearCookies, "FALSE");
ZMailbox mbox = TestUtil.getZMailbox(USER_NAME);
URI uri = mbox.getRestURI("Inbox?fmt=rss");
HttpClient alice = mbox.getHttpClient(uri);
HttpClientContext context = HttpClientContext.create();
// create evesdropper's connection
HttpClientBuilder eve = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
List<Cookie> cookies = context.getCookieStore().getCookies();
BasicCookieStore cookieStore = new BasicCookieStore();
for (Cookie cookie : cookies) {
BasicClientCookie basicCookie = new BasicClientCookie(cookie.getName(), cookie.getValue());
basicCookie.setDomain(uri.getHost());
basicCookie.setPath("/");
basicCookie.setSecure(false);
cookieStore.addCookie(cookie);
}
eve.setDefaultCookieStore(cookieStore);
Account a = TestUtil.getAccount(USER_NAME);
a.setForceClearCookies(false);
EndSessionRequest esr = new EndSessionRequest();
esr.setLogOff(true);
mbox.invokeJaxb(esr);
HttpGet get = new HttpGet(uri.toString());
HttpResponse response = HttpClientUtil.executeMethod(eve.build(), get);
int statusCode = response.getStatusLine().getStatusCode();
Assert.assertEquals("This request should not succeed. Getting status code " + statusCode, HttpStatus.SC_UNAUTHORIZED, statusCode);
}
use of com.zimbra.soap.account.message.EndSessionRequest in project zm-mailbox by Zimbra.
the class EndSession method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
EndSessionRequest req = JaxbUtil.elementToJaxb(request);
String sessionId = req.getSessionId();
boolean clearCookies = req.isLogOff();
boolean clearAllSessions = req.isClearAllSoapSessions();
boolean excludeCurrrentSession = req.isExcludeCurrentSession();
Account account = getAuthenticatedAccount(zsc);
if (clearAllSessions) {
String currentSessionId = null;
if (excludeCurrrentSession && zsc.hasSession()) {
Session currentSession = getSession(zsc);
currentSessionId = currentSession.getSessionId();
}
Collection<Session> sessionCollection = SessionCache.getSoapSessions(account.getId());
if (sessionCollection != null) {
List<Session> sessions = new ArrayList<Session>(sessionCollection);
Iterator<Session> itr = sessions.iterator();
while (itr.hasNext()) {
Session session = itr.next();
itr.remove();
clearSession(session, currentSessionId);
}
}
} else if (!StringUtil.isNullOrEmpty(sessionId)) {
Session s = SessionCache.lookup(sessionId, account.getId());
if (s == null) {
throw ServiceException.FAILURE("Failed to find session with given sessionId", null);
} else {
clearSession(s, null);
}
} else {
if (zsc.hasSession()) {
Session s = getSession(zsc);
endSession(s);
}
if (clearCookies || account.isForceClearCookies()) {
context.put(SoapServlet.INVALIDATE_COOKIES, true);
try {
AuthToken at = zsc.getAuthToken();
HttpServletRequest httpReq = (HttpServletRequest) context.get(SoapServlet.SERVLET_REQUEST);
HttpServletResponse httpResp = (HttpServletResponse) context.get(SoapServlet.SERVLET_RESPONSE);
at.encode(httpReq, httpResp, true);
at.deRegister();
} catch (AuthTokenException e) {
throw ServiceException.FAILURE("Failed to de-register an auth token", e);
}
}
}
Element response = zsc.createElement(AccountConstants.END_SESSION_RESPONSE);
return response;
}
Aggregations