This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 993c77d07980dc584ba6120ebc16ee45b98ee19e Author: Benoit Tellier <[email protected]> AuthorDate: Fri Sep 11 16:30:43 2020 +0700 JAMES-3373 Ensure downloads requires auth --- .../jmap/rfc8621/contract/DownloadContract.scala | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/DownloadContract.scala b/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/DownloadContract.scala index df56eb6..02d8cee 100644 --- a/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/DownloadContract.scala +++ b/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/DownloadContract.scala @@ -25,7 +25,7 @@ import java.nio.charset.StandardCharsets import io.netty.handler.codec.http.HttpHeaderNames.ACCEPT import io.restassured.RestAssured.{`given`, requestSpecification} import org.apache.commons.io.IOUtils -import org.apache.http.HttpStatus.{SC_NOT_FOUND, SC_OK} +import org.apache.http.HttpStatus.{SC_NOT_FOUND, SC_OK, SC_UNAUTHORIZED} import org.apache.james.GuiceJamesServer import org.apache.james.jmap.http.UserCredential import org.apache.james.jmap.rfc8621.contract.DownloadContract.accountId @@ -86,6 +86,24 @@ trait DownloadContract { .hasContent(expectedResponse) } + @Test + def downloadMessageShouldFailWhenUnauthentified(server: GuiceJamesServer): Unit = { + val path = MailboxPath.inbox(BOB) + server.getProbe(classOf[MailboxProbeImpl]).createMailbox(path) + val messageId: MessageId = server.getProbe(classOf[MailboxProbeImpl]) + .appendMessage(BOB.asString, path, AppendCommand.from( + ClassLoader.getSystemResourceAsStream("eml/multipart_simple.eml"))) + .getMessageId + + `given` + .auth().none() + .basePath("") + .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER) + .when + .get(s"/download/$accountId/${messageId.serialize()}") + .`then` + .statusCode(SC_UNAUTHORIZED) + } @Test def downloadMessageShouldSucceedWhenDelegated(server: GuiceJamesServer): Unit = { --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
