GEODE-1966: Unauthorized users cannot access pulseVersion details
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/6054e004 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/6054e004 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/6054e004 Branch: refs/heads/develop Commit: 6054e00431b1e3a0826b1e6937c867da3fb6e6ce Parents: dfb87a5 Author: Jared Stewart <jstew...@pivotal.io> Authored: Mon Oct 10 16:59:07 2016 -0700 Committer: Jinmei Liao <jil...@pivotal.io> Committed: Wed Oct 12 09:47:10 2016 -0700 ---------------------------------------------------------------------- .../src/main/webapp/WEB-INF/spring-security.xml | 1 - .../tools/pulse/tests/ui/PulseAbstractTest.java | 11 +- .../pulse/tests/ui/PulseAnonymousUserTest.java | 149 +++++++++++++++++++ 3 files changed, 158 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6054e004/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml ---------------------------------------------------------------------- diff --git a/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml b/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml index 7efc356..b4fccf0 100644 --- a/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml +++ b/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml @@ -28,7 +28,6 @@ <csrf disabled="true"/> <!-- Can be invoked w/o auth --> <intercept-url pattern="/Login.html" access="permitAll" /> - <intercept-url pattern="/pulse/pulseVersion" access="permitAll" /> <intercept-url pattern="/pulse/authenticateUser" access="permitAll" /> <intercept-url pattern="/pulse/pulseProductSupport" access="permitAll" /> <!-- Can be invoked w/o auth --> http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6054e004/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAbstractTest.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAbstractTest.java b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAbstractTest.java index 709a831..ad8f67b 100644 --- a/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAbstractTest.java +++ b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAbstractTest.java @@ -198,7 +198,7 @@ public abstract class PulseAbstractTest extends PulseBaseTest { passwordElement.sendKeys(password); passwordElement.submit(); - Thread.sleep(3000); + driver.get(pulseURL + "/clusterDetail.html"); WebElement userNameOnPulsePage = (new WebDriverWait(driver, 10)).until(new ExpectedCondition<WebElement>() { @Override public WebElement apply(WebDriver d) { @@ -207,7 +207,6 @@ public abstract class PulseAbstractTest extends PulseBaseTest { }); assertNotNull(userNameOnPulsePage); driver.navigate().refresh(); - Thread.sleep(7000); } private static void setUpWebDriver() { @@ -229,6 +228,7 @@ public abstract class PulseAbstractTest extends PulseBaseTest { @Before public void setup() throws Exception { + driver.get(pulseURL + "/clusterDetail.html"); // Make sure we go to the home page first searchByXPathAndClick(PulseTestLocators.TopNavigation.clusterViewLinkXpath); } @@ -975,4 +975,11 @@ public abstract class PulseAbstractTest extends PulseBaseTest { // Assert data regions are displayed assertTrue(driver.findElement(By.id("treeDemo_1")).isDisplayed()); } + + @Test + public void userCannotGetToPulseDetails() { + driver.get(pulseURL + "/pulse/pulseVersion"); + + assertTrue(driver.getPageSource().contains("sourceRevision")); + } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6054e004/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAnonymousUserTest.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAnonymousUserTest.java b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAnonymousUserTest.java new file mode 100644 index 0000000..1cf4ad4 --- /dev/null +++ b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAnonymousUserTest.java @@ -0,0 +1,149 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.geode.tools.pulse.tests.ui; + +import static org.assertj.core.api.Assertions.*; + + +import java.io.InputStream; +import java.util.Properties; +import java.util.concurrent.TimeUnit; + +import com.jayway.awaitility.Awaitility; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.FixMethodOrder; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.junit.runners.MethodSorters; +import org.openqa.selenium.By; +import org.openqa.selenium.WebDriver; +import org.openqa.selenium.WebElement; +import org.openqa.selenium.phantomjs.PhantomJSDriver; +import org.openqa.selenium.remote.DesiredCapabilities; +import org.openqa.selenium.support.ui.ExpectedCondition; +import org.openqa.selenium.support.ui.WebDriverWait; + +import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.management.internal.JettyHelper; +import org.apache.geode.test.junit.categories.UITest; +import org.apache.geode.tools.pulse.tests.PulseTestLocators; +import org.apache.geode.tools.pulse.tests.Server; + +@Category(UITest.class) +@FixMethodOrder(MethodSorters.JVM) +public class PulseAnonymousUserTest { + + private static String path; + + private static org.eclipse.jetty.server.Server jetty = null; + private static Server server = null; + private static String pulseURL = null; + public static WebDriver driver; + + @BeforeClass + public static void beforeClassSetup() throws Exception { + setUpServer("pulseUser", "12345", "pulse-auth.json"); + } + + @Before + public void setup(){ + driver.get(pulseURL + "/clusterDetail.html"); + } + + @Test + public void userCanGetToPulseLoginPage() { + driver.get(pulseURL + "/Login.html"); + System.err.println("Pulse url: " + pulseURL); + System.err.println(driver.getPageSource().toString()); + + WebElement userNameElement = driver.findElement(By.id("user_name")); + WebElement passwordElement = driver.findElement(By.id("user_password")); + + assertThat(userNameElement).isNotNull(); + assertThat(passwordElement).isNotNull(); + } + + @Test + public void userCannotGetToPulseDetails() { + driver.get(pulseURL + "/pulse/pulseVersion"); + + assertThat(driver.getPageSource()).doesNotContain("sourceRevision"); + } + + @AfterClass + public static void tearDownAfterClass() throws Exception { + driver.close(); + jetty.stop(); + } + + + public static void setUpServer(String username, String password, String jsonAuthFile) throws Exception { + ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); + + final String jmxPropertiesFile = classLoader.getResource("test.properties").getPath(); + path = getPulseWarPath(); + server = Server.createServer(9999, jmxPropertiesFile, jsonAuthFile); + + String host = "localhost"; + int port = 8080; + String context = "/pulse"; + + jetty = JettyHelper.initJetty(host, port, new SSLConfig()); + JettyHelper.addWebApplication(jetty, context, getPulseWarPath()); + jetty.start(); + + pulseURL = "http://" + host + ":" + port + context; + + Awaitility.await().until(() -> jetty.isStarted()); + + setUpWebDriver(); + } + + private static void setUpWebDriver() { + DesiredCapabilities capabilities = new DesiredCapabilities(); + capabilities.setJavascriptEnabled(true); + capabilities.setCapability("takesScreenshot", true); + capabilities.setCapability("phantomjs.page.settings.userAgent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:16.0) Gecko/20121026 Firefox/16.0"); + + driver = new PhantomJSDriver(capabilities); + driver.manage().window().maximize(); + driver.manage().timeouts().implicitlyWait(5, TimeUnit.SECONDS); + } + + public static String getPulseWarPath() throws Exception { + String warPath = null; + ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); + InputStream inputStream = classLoader.getResourceAsStream("GemFireVersion.properties"); + Properties properties = new Properties(); + properties.load(inputStream); + String version = properties.getProperty("Product-Version"); + warPath = "geode-pulse-" + version + ".war"; + String propFilePath = classLoader.getResource("GemFireVersion.properties").getPath(); + warPath = propFilePath.substring(0, propFilePath.indexOf("generated-resources")) + "libs/" + warPath; + return warPath; + } + + protected void searchByXPathAndClick(String xpath) { + WebElement element = driver.findElement(By.xpath(xpath)); + assertThat(element).isNotNull(); + element.click(); + } +}