Examples with CSRFToken org.xwiki.csrf.CSRFToken used on opensource projects

Search in sources :

Example 1 with CSRFToken

use of org.xwiki.csrf.CSRFToken in project xwiki-platform by xwiki.

the class UndeleteActionTest method missingCSRFToken.

@Test
public void missingCSRFToken() throws Exception {
    // Valid Deleted document ID.
    long id = 13;
    when(request.getParameter("id")).thenReturn(String.valueOf(id));
    XWikiDeletedDocument deletedDocument = mock(XWikiDeletedDocument.class);
    when(xwiki.getDeletedDocument(anyLong(), any(XWikiContext.class))).thenReturn(deletedDocument);
    // Invalid CSRF token.
    CSRFToken csrfToken = mocker.getInstance(CSRFToken.class);
    when(csrfToken.isTokenValid(null)).thenReturn(false);
    assertFalse(undeleteAction.action(context));
    // Verify that the resubmission URL was retrieved to be used in the redirect.
    verify(csrfToken).getResubmissionURL();
}
Also used : CSRFToken(org.xwiki.csrf.CSRFToken) XWikiDeletedDocument(com.xpn.xwiki.doc.XWikiDeletedDocument) XWikiContext(com.xpn.xwiki.XWikiContext) Test(org.junit.Test)

Example 2 with CSRFToken

use of org.xwiki.csrf.CSRFToken in project xwiki-platform by xwiki.

the class UndeleteActionTest method restoreSingleDocument.

/**
 * Launches a RestoreJob with the current deleted document ID.
 */
@Test
public void restoreSingleDocument() throws Exception {
    CSRFToken csrfToken = mocker.getInstance(CSRFToken.class);
    when(csrfToken.isTokenValid(null)).thenReturn(true);
    long id = 13;
    when(request.getParameter("id")).thenReturn(String.valueOf(id));
    XWikiDeletedDocument deletedDocument = mock(XWikiDeletedDocument.class);
    when(deletedDocument.getLocale()).thenReturn(Locale.ROOT);
    when(deletedDocument.getId()).thenReturn(id);
    when(xwiki.getDeletedDocument(anyLong(), any(XWikiContext.class))).thenReturn(deletedDocument);
    when(rightsService.hasAccessLevel(any(), any(), any(), any())).thenReturn(true);
    assertFalse(undeleteAction.action(context));
    verify(refactoringScriptService).createRestoreRequest(Arrays.asList(id));
    verify(jobExecutor).execute(RefactoringJobs.RESTORE, jobRequest);
    verify(job).join();
}
Also used : CSRFToken(org.xwiki.csrf.CSRFToken) XWikiDeletedDocument(com.xpn.xwiki.doc.XWikiDeletedDocument) XWikiContext(com.xpn.xwiki.XWikiContext) Test(org.junit.Test)

Example 3 with CSRFToken

use of org.xwiki.csrf.CSRFToken in project xwiki-platform by xwiki.

the class UndeleteActionTest method recycleBinDisabledOrInvalidId.

/**
 * When the recycle bin is disabled or when the deleted document ID is invalid, the document should not be restored.
 */
@Test
public void recycleBinDisabledOrInvalidId() throws Exception {
    CSRFToken csrfToken = mocker.getInstance(CSRFToken.class);
    when(csrfToken.isTokenValid(null)).thenReturn(true);
    long id = 13;
    when(request.getParameter("id")).thenReturn(String.valueOf(id));
    // null is returned when the ID is invalid or the Recycle Bin is disabled.
    when(xwiki.getDeletedDocument(anyLong(), any(XWikiContext.class))).thenReturn(null);
    assertFalse(undeleteAction.action(context));
    // Verify that we never get this far.
    verify(refactoringScriptService, never()).createRestoreRequest(Arrays.asList(id));
}
Also used : CSRFToken(org.xwiki.csrf.CSRFToken) XWikiContext(com.xpn.xwiki.XWikiContext) Test(org.junit.Test)

Example 4 with CSRFToken

use of org.xwiki.csrf.CSRFToken in project xwiki-platform by xwiki.

the class UndeleteActionTest method notAllowedToRestoreBatch.

/**
 * When trying to restore, rights are checked on the current deleted document, regardless if single or batch
 * restore.
 */
@Test
public void notAllowedToRestoreBatch() throws Exception {
    CSRFToken csrfToken = mocker.getInstance(CSRFToken.class);
    when(csrfToken.isTokenValid(null)).thenReturn(true);
    long id = 13;
    String batchId = "abc123";
    when(request.getParameter("id")).thenReturn(String.valueOf(id));
    XWikiDeletedDocument deletedDocument = mock(XWikiDeletedDocument.class);
    when(deletedDocument.getLocale()).thenReturn(Locale.ROOT);
    when(deletedDocument.getId()).thenReturn(id);
    when(deletedDocument.getBatchId()).thenReturn(batchId);
    when(xwiki.getDeletedDocument(anyLong(), any(XWikiContext.class))).thenReturn(deletedDocument);
    // Go through the screen showing the option to include the batch and displaying its contents.
    when(request.getParameter("showBatch")).thenReturn("true");
    // Option to include the entire batch when restoring is enabled.
    when(request.getParameter("includeBatch")).thenReturn("true");
    // Confirmation button pressed.
    when(request.getParameter("confirm")).thenReturn("true");
    // No rights to restore the page when checking from the Action. The job will check individual rights.
    when(rightsService.hasAccessLevel(any(), any(), any(), any())).thenReturn(false);
    assertTrue(undeleteAction.action(context));
    // Render the "accessdenied" template.
    assertEquals("accessdenied", undeleteAction.render(context));
    // Just make sure we don`t go any further.
    verify(refactoringScriptService, never()).createRestoreRequest(batchId);
}
Also used : CSRFToken(org.xwiki.csrf.CSRFToken) XWikiDeletedDocument(com.xpn.xwiki.doc.XWikiDeletedDocument) XWikiContext(com.xpn.xwiki.XWikiContext) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.Test)

Example 5 with CSRFToken

use of org.xwiki.csrf.CSRFToken in project xwiki-platform by xwiki.

the class SaveAndContinueAction method action.

@Override
public boolean action(XWikiContext context) throws XWikiException {
    CSRFToken csrf = Utils.getComponent(CSRFToken.class);
    String token = context.getRequest().getParameter("form_token");
    // If the request is an ajax request, we will:
    // 
    // 1) _not_ send a redirect response
    // 
    // 2) if for any reason the document is not saved, call the method writeAjaxErrorResponse and return false
    // (which normally indicates success).
    final boolean isAjaxRequest = Utils.isAjaxRequest(context);
    if (!csrf.isTokenValid(token)) {
        handleCSRFValidationFailure(isAjaxRequest, context);
        return false;
    }
    // Try to find the URL of the edit page which we came from
    String back = findBackURL(context);
    try {
        if (doWrappedAction(isAjaxRequest, back, context)) {
            return !isAjaxRequest;
        }
    } catch (Exception e) {
        handleException(isAjaxRequest, e, context);
        return !isAjaxRequest;
    }
    // If this is an ajax request, no need to redirect.
    if (isAjaxRequest) {
        context.getResponse().setStatus(HttpServletResponse.SC_NO_CONTENT);
        return false;
    }
    // Forward back to the originating page
    try {
        context.getResponse().sendRedirect(back);
    } catch (IOException ignored) {
    // This exception is ignored because it will only be thrown if content has already been sent to the
    // response. This should never happen but we have to catch the exception anyway.
    }
    return false;
}
Also used : CSRFToken(org.xwiki.csrf.CSRFToken) IOException(java.io.IOException) XWikiException(com.xpn.xwiki.XWikiException) IOException(java.io.IOException)

Aggregations

CSRFToken (org.xwiki.csrf.CSRFToken)7 XWikiContext (com.xpn.xwiki.XWikiContext)6 Test (org.junit.Test)6 XWikiDeletedDocument (com.xpn.xwiki.doc.XWikiDeletedDocument)5 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)2 XWikiException (com.xpn.xwiki.XWikiException)1 IOException (java.io.IOException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial