Author: matthieu
Date: Fri Dec 11 10:05:17 2015
New Revision: 1719304
URL: http://svn.apache.org/viewvc?rev=1719304&view=rev
Log:
JAMES-1644 JMAP Authentication servlet should Check Accept header and
Content-Type charset
Modified:
james/project/trunk/server/protocols/jmap/src/main/java/org/apache/james/jmap/AuthenticationServlet.java
james/project/trunk/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPAuthenticationTest.java
Modified:
james/project/trunk/server/protocols/jmap/src/main/java/org/apache/james/jmap/AuthenticationServlet.java
URL:
http://svn.apache.org/viewvc/james/project/trunk/server/protocols/jmap/src/main/java/org/apache/james/jmap/AuthenticationServlet.java?rev=1719304&r1=1719303&r2=1719304&view=diff
==============================================================================
---
james/project/trunk/server/protocols/jmap/src/main/java/org/apache/james/jmap/AuthenticationServlet.java
(original)
+++
james/project/trunk/server/protocols/jmap/src/main/java/org/apache/james/jmap/AuthenticationServlet.java
Fri Dec 11 10:05:17 2015
@@ -26,12 +26,28 @@ import javax.servlet.http.HttpServletReq
import javax.servlet.http.HttpServletResponse;
public class AuthenticationServlet extends HttpServlet {
+
+ public static final String JSON_CONTENT_TYPE = "application/json";
public static final String JSON_CONTENT_TYPE_UTF8 = "application/json;
charset=UTF-8";
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- if (!req.getContentType().equals(JSON_CONTENT_TYPE_UTF8)) {
+ if (!checkJsonContentType(req)) {
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return;
+ }
+ if (!checkAcceptJsonOnly(req)) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return;
}
}
+
+ private boolean checkJsonContentType(HttpServletRequest req) {
+ return req.getContentType().equals(JSON_CONTENT_TYPE_UTF8);
+ }
+
+ private boolean checkAcceptJsonOnly(HttpServletRequest req) {
+ String accept = req.getHeader("Accept");
+ return accept != null && accept.contains(JSON_CONTENT_TYPE);
+ }
}
Modified:
james/project/trunk/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPAuthenticationTest.java
URL:
http://svn.apache.org/viewvc/james/project/trunk/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPAuthenticationTest.java?rev=1719304&r1=1719303&r2=1719304&view=diff
==============================================================================
---
james/project/trunk/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPAuthenticationTest.java
(original)
+++
james/project/trunk/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPAuthenticationTest.java
Fri Dec 11 10:05:17 2015
@@ -19,6 +19,8 @@
package org.apache.james.jmap;
import static com.jayway.restassured.RestAssured.given;
+import static com.jayway.restassured.config.EncoderConfig.encoderConfig;
+import static com.jayway.restassured.config.RestAssuredConfig.newConfig;
import org.apache.james.http.jetty.Configuration;
import org.apache.james.http.jetty.JettyHttpServer;
@@ -26,6 +28,7 @@ import org.junit.After;
import org.junit.Before;
import org.junit.Test;
+import com.google.common.base.Charsets;
import com.jayway.restassured.RestAssured;
import com.jayway.restassured.http.ContentType;
@@ -37,13 +40,20 @@ public class JMAPAuthenticationTest {
public void setup() throws Exception {
server = JettyHttpServer.create(
Configuration.builder()
- .serve("/*")
- .with(AuthenticationServlet.class)
- .randomPort()
- .build());
+ .serve("/*")
+ .with(AuthenticationServlet.class)
+ .randomPort()
+ .build());
server.start();
RestAssured.port = server.getPort();
+ RestAssured.config =
newConfig().encoderConfig(encoderConfig().defaultContentCharset(Charsets.UTF_8));
+ }
+
+
+ @After
+ public void teardown() throws Exception {
+ server.stop();
}
@Test
@@ -56,9 +66,57 @@ public class JMAPAuthenticationTest {
.statusCode(400);
}
- @After
- public void teardown() throws Exception {
- server.stop();
+ @Test
+ public void mustReturnMalformedRequestWhenContentTypeIsMissing() {
+ given()
+ .accept(ContentType.JSON)
+ .when()
+ .post("/authentication")
+ .then()
+ .statusCode(400);
+ }
+
+ @Test
+ public void mustReturnMalformedRequestWhenContentTypeIsNotJson() {
+ given()
+ .contentType(ContentType.XML)
+ .accept(ContentType.JSON)
+ .when()
+ .post("/authentication")
+ .then()
+ .statusCode(400);
+ }
+
+ @Test
+ public void mustReturnMalformedRequestWhenAcceptIsMissing() {
+ given()
+ .contentType(ContentType.JSON)
+ .when()
+ .post("/authentication")
+ .then()
+ .statusCode(400);
+ }
+
+ @Test
+ public void mustReturnMalformedRequestWhenAcceptIsNotJson() {
+ given()
+ .contentType(ContentType.JSON)
+ .accept(ContentType.XML)
+ .when()
+ .post("/authentication")
+ .then()
+ .statusCode(400);
+ }
+
+ @Test
+ public void mustReturnMalformedRequestWhenCharsetIsNotUTF8() {
+ given()
+ .contentType("application/json; charset=ISO-8859-1")
+ .accept(ContentType.JSON)
+ .when()
+ .post("/authentication")
+ .then()
+ .statusCode(400);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
