luetzkendorf 2004/09/03 07:38:59
Added: testsuite/testsuite/junit/xmltestcases/functional/lock/mix
nonOwnerUsesLocktoken.xml
Log:
added to reproduce BUG 30982
Revision Changes Path
1.1
jakarta-slide/testsuite/testsuite/junit/xmltestcases/functional/lock/mix/nonOwnerUsesLocktoken.xml
Index: nonOwnerUsesLocktoken.xml
===================================================================
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE test SYSTEM "../../../../Tprocessor.dtd">
<test>
<specification>
<abstract>Checks if a Lock properly denies write actions by others even if they
provide a "stolen" lock token.</abstract>
<description>
%user% creates a file
%user% locks it
%user%2 tries to unlock (providing a lock token) *
%user%2 tries to put
%user%2 tries to put (providing a lock token)
%user%2 tries to delete
%user%2 tries to delete (providing a lock token)
%user%2 tries to proppatch
%user%2 tries to proppatch (providing a lock token)
%user%2 tries to move
%user%2 tries to move (providing a lock token)
cleanup
* Step 3 only works if slides security is enabled, because otherwise everybody
has the
kill-lock permission.
</description>
<expectedResult>all steps by %user%2 should be denied</expectedResult>
<condition name="authenticationEnabled">true</condition>
</specification>
<step>
<request>
<command varUsage="globalVariableCollection,globalVariableServerName">MKCOL
/%globalVariableServerName%/%globalVariableCollection%/test HTTP/1.1</command>
</request>
<response>
<command>HTTP/1.0 201 Created</command>
</response>
</step>
<step>
<request>
<command varUsage="globalVariableCollection,globalVariableServerName">PUT
/%globalVariableServerName%/%globalVariableCollection%/test/doc.html HTTP/1.1</command>
<body fileReference="../../../contentDirectory/html.html" />
</request>
<response>
<command>HTTP/1.0 201 Created</command>
</response>
</step>
<step>
<request>
<command varUsage="globalVariableCollection,globalVariableServerName">LOCK
/%globalVariableServerName%/%globalVariableCollection%/test/doc.html HTTP/1.1</command>
<header>Timeout: Second-86400</header>
<header>Content-Type: text/xml</header>
<body><![CDATA[<?xml version="1.0" encoding="utf-8"?>
<A:lockinfo xmlns:A="DAV:">
<A:locktype>
<A:write />
</A:locktype>
<A:lockscope>
<A:exclusive />
</A:lockscope>
<owner xmlns="DAV:">some owner</owner>
</A:lockinfo>
]]></body>
</request>
<response>
<command>HTTP/1.0 200 OK</command>
<body varUsage="globalVariableUserPath,globalVariableServerName,user,host"
varDefinition="locktoken"
varPath="prop/lockdiscovery/activelock/locktoken/href"><![CDATA[<?xml version="1.0"
encoding="utf-8"?>
<d:prop xmlns:d="DAV:">
<d:lockdiscovery>
<d:activelock>
<d:locktype>
<d:write />
</d:locktype>
<d:lockscope>
<d:exclusive />
</d:lockscope>
<d:depth>infinity</d:depth>
<d:timeout>Second-86400</d:timeout>
<d:locktoken>
<d:href />
</d:locktoken>
<d:principal-URL>
<d:href>%globalVariableUserPath%</d:href>
</d:principal-URL>
<owner xmlns="DAV:">some owner</owner>
</d:activelock>
</d:lockdiscovery>
</d:prop>
]]></body>
</response>
</step>
<!-- an other user should not be able to UNLOCK -->
<step>
<condition name="org.apache.slide.security">true</condition>
<user varUsage="user">%user%2</user>
<password varUsage="user">%user%2</password>
<request>
<command varUsage="globalVariableCollection,globalVariableServerName">UNLOCK
/%globalVariableServerName%/%globalVariableCollection%/test/doc.html HTTP/1.1</command>
<header varUsage="locktoken"><![CDATA[Lock-Token: %locktoken%]]></header>
<header>Translate: f</header>
</request>
<response>
<command>HTTP/1.0 403 Forbidden</command>
</response>
</step>
<!-- an other user should not be able to PUT (without providing locktoken) -->
<step>
<user varUsage="user">%user%2</user>
<password varUsage="user">%user%2</password>
<request>
<command varUsage="globalVariableCollection,globalVariableServerName">PUT
/%globalVariableServerName%/%globalVariableCollection%/test/doc.html HTTP/1.1</command>
<body fileReference="../../../contentDirectory/html.html" />
</request>
<response>
<command>HTTP/1.0 423 Locked</command>
</response>
</step>
<!-- an other user should not be able to PUT (with providing locktoken) -->
<step>
<user varUsage="user">%user%2</user>
<password varUsage="user">%user%2</password>
<request>
<command varUsage="globalVariableCollection,globalVariableServerName">PUT
/%globalVariableServerName%/%globalVariableCollection%/test/doc.html HTTP/1.1</command>
<header varUsage="locktoken"><![CDATA[If: (<%locktoken%>)]]></header>
<body fileReference="../../../contentDirectory/html.html" />
</request>
<response>
<command>HTTP/1.0 423 Locked</command>
</response>
</step>
<!-- an other user should not be able to DELETE (without providing locktoken) -->
<step>
<user varUsage="user">%user%2</user>
<password varUsage="user">%user%2</password>
<request>
<command varUsage="globalVariableCollection,globalVariableServerName">DELETE
/%globalVariableServerName%/%globalVariableCollection%/test/doc.html HTTP/1.1</command>
</request>
<response>
<command>HTTP/1.0 423 Locked</command>
</response>
</step>
<!-- an other user should not be able to DELETE (with providing locktoken) -->
<step>
<user varUsage="user">%user%2</user>
<password varUsage="user">%user%2</password>
<request>
<command varUsage="globalVariableCollection,globalVariableServerName">DELETE
/%globalVariableServerName%/%globalVariableCollection%/test/doc.html HTTP/1.1</command>
<header varUsage="locktoken"><![CDATA[If: (<%locktoken%>)]]></header>
</request>
<response>
<command>HTTP/1.0 423 Locked</command>
</response>
</step>
<!-- an other user should not be able to PROPPATCH (without providing locktoken)
-->
<step>
<user varUsage="user">%user%2</user>
<password varUsage="user">%user%2</password>
<request>
<command
varUsage="globalVariableCollection,globalVariableServerName">PROPPATCH
/%globalVariableServerName%/%globalVariableCollection%/test/doc.html HTTP/1.1</command>
<header>Content-Type: text/xml</header>
<body><![CDATA[<?xml version="1.0" encoding="utf-8"?>
<D:propertyupdate xmlns:D="DAV:">
<D:set><D:prop><D:displayname>test</D:displayname></D:prop></D:set>
</D:propertyupdate>
]]></body>
</request>
<response>
<command>HTTP/1.0 423 Locked</command>
</response>
</step>
<!-- an other user should not be able to PROPPATCH (with locktoken in If header)
-->
<step>
<user varUsage="user">%user%2</user>
<password varUsage="user">%user%2</password>
<request>
<command
varUsage="globalVariableCollection,globalVariableServerName">PROPPATCH
/%globalVariableServerName%/%globalVariableCollection%/test/doc.html HTTP/1.1</command>
<header>Content-Type: text/xml</header>
<header varUsage="locktoken"><![CDATA[If: (<%locktoken%>)]]></header>
<body><![CDATA[<?xml version="1.0" encoding="utf-8"?>
<D:propertyupdate xmlns:D="DAV:">
<D:set><D:prop><D:displayname>test</D:displayname></D:prop></D:set>
</D:propertyupdate>
]]></body>
</request>
<response>
<command>HTTP/1.0 423 Locked</command>
</response>
</step>
<step>
<user varUsage="user">%user%2</user>
<password varUsage="user">%user%2</password>
<request>
<command varUsage="globalVariableCollection,globalVariableServerName">MOVE
/%globalVariableServerName%/%globalVariableCollection%/test/doc.html HTTP/1.1</command>
<header
varUsage="globalVariableCollection,globalVariableServerName">Destination:
/%globalVariableServerName%/%globalVariableCollection%/test/other.html</header>
</request>
<response>
<command>HTTP/1.0 423 Locked</command>
</response>
</step>
<step>
<user varUsage="user">%user%2</user>
<password varUsage="user">%user%2</password>
<request>
<command varUsage="globalVariableCollection,globalVariableServerName">MOVE
/%globalVariableServerName%/%globalVariableCollection%/test/doc.html HTTP/1.1</command>
<header
varUsage="globalVariableCollection,globalVariableServerName">Destination:
/%globalVariableServerName%/%globalVariableCollection%/test/other.html</header>
<header varUsage="locktoken"><![CDATA[If: (<%locktoken%>)]]></header>
</request>
<response>
<command>HTTP/1.0 423 Locked</command>
</response>
</step>
<step>
<request>
<command varUsage="globalVariableCollection,globalVariableServerName">DELETE
/%globalVariableServerName%/%globalVariableCollection%/test/doc.html HTTP/1.1</command>
<header varUsage="locktoken"><![CDATA[If: (<%locktoken%>)]]></header>
</request>
<response>
<command>HTTP/1.0 204 No Content</command>
</response>
</step>
<step>
<request>
<command varUsage="globalVariableCollection,globalVariableServerName">DELETE
/%globalVariableServerName%/%globalVariableCollection%/test HTTP/1.1</command>
</request>
<response>
<command>HTTP/1.0 204 No Content</command>
</response>
</step>
</test>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
