Example 1 with Signature
use of com.zimbra.soap.account.type.Signature in project zm-mailbox by Zimbra.
the class TestBatchRequest method batchReqWithoutCsrfToken.
@Test
public void batchReqWithoutCsrfToken() throws Exception {
Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
boolean csrfEnabled = Boolean.TRUE;
SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
Element request = new Element.XMLElement(ZimbraNamespace.E_BATCH_REQUEST);
String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
Signature sig = new Signature("test_id", "testSig", sigContent, "text/html");
CreateSignatureRequest req = new CreateSignatureRequest(sig);
SoapProtocol proto = SoapProtocol.Soap12;
Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
request.addElement(sigReq);
try {
transport.invoke(request, false, false, null);
} catch (SoapFaultException e) {
assertNotNull(e);
Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
}
}
Also used :
Account(com.zimbra.cs.account.Account)
CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest)
Element(com.zimbra.common.soap.Element)
Signature(com.zimbra.soap.account.type.Signature)
SoapProtocol(com.zimbra.common.soap.SoapProtocol)
SoapTransport(com.zimbra.common.soap.SoapTransport)
SoapFaultException(com.zimbra.common.soap.SoapFaultException)
Test(org.junit.Test)
Example 2 with Signature
use of com.zimbra.soap.account.type.Signature in project zm-mailbox by Zimbra.
the class TestBatchRequest method batchReqWithCsrfToken.
@Test
public void batchReqWithCsrfToken() throws Exception {
Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
boolean csrfEnabled = Boolean.TRUE;
SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.TRUE);
Element request = new Element.XMLElement(ZimbraNamespace.E_BATCH_REQUEST);
String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
Signature sig = new Signature(null, "testSig", sigContent, "text/html");
CreateSignatureRequest req = new CreateSignatureRequest(sig);
SoapProtocol proto = SoapProtocol.Soap12;
Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
request.addElement(sigReq);
try {
Element sigResp = transport.invoke(request, false, false, null);
String sigt = sigResp.getElement("CreateSignatureResponse").getElement("signature").getAttribute("id");
assertNotNull(sigt);
} catch (SoapFaultException e) {
assertNull(e);
}
}
Also used :
Account(com.zimbra.cs.account.Account)
CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest)
Element(com.zimbra.common.soap.Element)
Signature(com.zimbra.soap.account.type.Signature)
SoapProtocol(com.zimbra.common.soap.SoapProtocol)
SoapTransport(com.zimbra.common.soap.SoapTransport)
SoapFaultException(com.zimbra.common.soap.SoapFaultException)
Test(org.junit.Test)
Example 3 with Signature
use of com.zimbra.soap.account.type.Signature in project zm-mailbox by Zimbra.
the class TestCsrfRequest method getCreateSigWithCsrfFeatureDisbaledAndAuthTokenIsCsrfEnabled.
@Test
public void getCreateSigWithCsrfFeatureDisbaledAndAuthTokenIsCsrfEnabled() throws Exception {
Map<String, Object> attrs = new HashMap<String, Object>();
attrs.put(Provisioning.A_zimbraCsrfTokenCheckEnabled, "FALSE");
prov.modifyAttrs(prov.getConfig(), attrs, true);
Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
boolean csrfEnabled = Boolean.TRUE;
SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
Signature sig = new Signature(null, "testSig", sigContent, "text/html");
CreateSignatureRequest req = new CreateSignatureRequest(sig);
SoapProtocol proto = SoapProtocol.Soap12;
Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
try {
Element element = transport.invoke(sigReq, false, false, null);
String sigt = element.getElement("signature").getAttribute("id");
assertNotNull(sigt);
} catch (SoapFaultException e) {
e.printStackTrace();
assertNull(e);
}
}
Also used :
Account(com.zimbra.cs.account.Account)
CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest)
HashMap(java.util.HashMap)
Signature(com.zimbra.soap.account.type.Signature)
Element(com.zimbra.common.soap.Element)
SoapProtocol(com.zimbra.common.soap.SoapProtocol)
SoapTransport(com.zimbra.common.soap.SoapTransport)
SoapFaultException(com.zimbra.common.soap.SoapFaultException)
Test(org.junit.Test)
Example 4 with Signature
use of com.zimbra.soap.account.type.Signature in project zm-mailbox by Zimbra.
the class TestGetSignature method getSignature.
@Test
public void getSignature() throws Exception {
Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
boolean csrfEnabled = Boolean.FALSE;
SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
Signature sig = new Signature(null, "testSig", sigContent, "text/html");
CreateSignatureRequest req = new CreateSignatureRequest(sig);
SoapProtocol proto = SoapProtocol.Soap12;
Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
try {
Element element = transport.invoke(sigReq, false, false, null);
String sigt = element.getElement("signature").getAttribute("id");
assertNotNull(sigt);
} catch (SoapFaultException e) {
e.printStackTrace();
assertNull(e);
}
GetSignaturesRequest getSigReq = new GetSignaturesRequest();
sigReq = JaxbUtil.jaxbToElement(getSigReq, proto.getFactory());
try {
Element element = transport.invoke(sigReq, false, false, null);
String sigtContent = element.getElement("signature").getElement("content").getText();
assertNotNull(sigContent);
int index = sigtContent.indexOf("alert(\"XSS\")");
Assert.assertEquals(-1, index);
} catch (SoapFaultException e) {
e.printStackTrace();
assertNull(e);
}
}
Also used :
Account(com.zimbra.cs.account.Account)
CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest)
GetSignaturesRequest(com.zimbra.soap.account.message.GetSignaturesRequest)
Signature(com.zimbra.soap.account.type.Signature)
Element(com.zimbra.common.soap.Element)
SoapProtocol(com.zimbra.common.soap.SoapProtocol)
SoapTransport(com.zimbra.common.soap.SoapTransport)
SoapFaultException(com.zimbra.common.soap.SoapFaultException)
Test(org.junit.Test)
Example 5 with Signature
use of com.zimbra.soap.account.type.Signature in project zm-mailbox by Zimbra.
the class TestCsrfRequest method getCreateSigWithAuthAndCsrfDisabled.
@Test
public void getCreateSigWithAuthAndCsrfDisabled() throws Exception {
Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
boolean csrfEnabled = Boolean.FALSE;
SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
Signature sig = new Signature(null, "testSig", sigContent, "text/html");
CreateSignatureRequest req = new CreateSignatureRequest(sig);
SoapProtocol proto = SoapProtocol.Soap12;
Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
try {
Element element = transport.invoke(sigReq, false, false, null);
String sigt = element.getElement("signature").getAttribute("id");
assertNotNull(sigt);
} catch (SoapFaultException e) {
e.printStackTrace();
assertNull(e);
}
}
Also used :
Account(com.zimbra.cs.account.Account)
CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest)
Signature(com.zimbra.soap.account.type.Signature)
Element(com.zimbra.common.soap.Element)
SoapProtocol(com.zimbra.common.soap.SoapProtocol)
SoapTransport(com.zimbra.common.soap.SoapTransport)
SoapFaultException(com.zimbra.common.soap.SoapFaultException)
Test(org.junit.Test)
Aggregations
CreateSignatureRequest (com.zimbra.soap.account.message.CreateSignatureRequest)10
Signature (com.zimbra.soap.account.type.Signature)10
Test (org.junit.Test)10
Element (com.zimbra.common.soap.Element)9
SoapFaultException (com.zimbra.common.soap.SoapFaultException)9
SoapProtocol (com.zimbra.common.soap.SoapProtocol)9
SoapTransport (com.zimbra.common.soap.SoapTransport)9
Account (com.zimbra.cs.account.Account)9
GetSignaturesRequest (com.zimbra.soap.account.message.GetSignaturesRequest)2
HashMap (java.util.HashMap)2
