/**
* Asserts that the user name is also XSS encoded. But seriously why call any one <b>xss</b>??
*
* <p>For JRA-17595
*
* @throws InterruptedException if stuff goes wrong
* @throws MessagingException if the shit hits the fan
*/
public void testUserNameIsEncodedInHtml() throws InterruptedException, MessagingException {
administration.restoreData("Test_JRA_17595.xml");
configureAndStartSmtpServer();
final AbstractSubscriptionEmailTest.FilterConfig XSS_FILTER_XSS =
new AbstractSubscriptionEmailTest.FilterConfig(
"XssFilter", "<b>Description</b>", "ProjectTwo", "TWO", 2, 2) {
public Iterator<Integer> getIssueIterator() {
return new AbstractSubscriptionEmailTest.CountingIterator(1, getReturnedIssues());
}
};
navigation.login("<b>xss</b>", "<b>xss</b>");
subscribeToFilterAndRun(XSS_FILTER_XSS, null);
navigation.login(ADMIN_USERNAME, ADMIN_PASSWORD);
flushMailQueueAndWait(1);
final MimeMessage[] messages = mailService.getReceivedMessages();
// is XSS protection in place??
final MimeMessage currentMessage = EmailKit.findMessageAddressedTo("*****@*****.**", messages);
assertNotNull(currentMessage);
final String body = EmailKit.getBody(currentMessage);
text.assertTextPresent(body, "<b>Description</b>");
text.assertTextSequence(body, new String[] {"Subscriber:", "<b>xss</b>"});
}
/**
* Check the subscription of an e-mail that only contains some of the results for an unprivieleged
* user. There should be a link to the filter in these e-mails.
*
* @throws Exception test just throws exception when unexpected error occurs to fail the test.
*/
public void testPersonalPartialResults() throws Exception {
navigation.login(FRED_USERNAME, FRED_PASSWORD);
subscribeToFilterAndRun(FilterConfig.FRED_FILTER_PARTIAL, null);
navigation.logout();
navigation.login(ADMIN_USERNAME, ADMIN_PASSWORD);
flushMailQueueAndWait(1);
MimeMessage[] messages = mailService.getReceivedMessages();
assertNotNull(messages[0]);
// Fred's message should have:
// 1. 200 issues.
// 2. Partial isssues link.
// 3. Edit link.
assertHtmlMessageValid(
messages[0],
FilterConfig.FRED_FILTER_PARTIAL,
EmailFuncTestCase.DEFAULT_FROM_ADDRESS,
FRED_EMAIL,
FRED_USERNAME);
String body = EmailKit.getBody(messages[0]);
body = assertPartialLinkHtml(FilterConfig.FRED_FILTER_PARTIAL, body);
assertEditLinkHtml(body);
}
/**
* Check e-mail subscription with no issues.
*
* @throws Exception test just throws exception when unexpected error occurs to fail the test.
*/
public void testGroupZeroResults() throws Exception {
subscribeToFilterAndRun(FilterConfig.ADMIN_FILTER_ZERO_RESULTS, "jira-users");
// we should get three messages back.
flushMailQueueAndWait(3);
MimeMessage[] messages = mailService.getReceivedMessages();
// Get the admin's message. It should have:
// 1. No issues.
// 2. No partial issues link.
// 3. An edit link.
MimeMessage currentMessage = EmailKit.findMessageAddressedTo(ADMIN_EMAIL, messages);
assertNotNull(currentMessage);
assertTextMessageValid(
currentMessage,
FilterConfig.ADMIN_FILTER_ZERO_RESULTS,
EmailFuncTestCase.DEFAULT_FROM_ADDRESS,
ADMIN_EMAIL,
ADMIN_USERNAME);
String body = EmailKit.getBody(currentMessage);
assertNotPartialLink(body);
assertEditLinkText(body);
// Get bob's message. It should have:
// 1. No issues.
// 2. No partial isssues link.
// 3. No edit link.
currentMessage = EmailKit.findMessageAddressedTo(BOB_EMAIL, messages);
assertNotNull(currentMessage);
assertTextMessageValid(
currentMessage,
FilterConfig.ADMIN_FILTER_ZERO_RESULTS,
EmailFuncTestCase.DEFAULT_FROM_ADDRESS,
BOB_EMAIL,
ADMIN_USERNAME);
body = EmailKit.getBody(currentMessage);
assertNotPartialLink(body);
assertNotEditLink(body);
// Get fred's message. It should have:
// 1. No Issues.
// 2. No partial issues link.
// 3. No edit link.
currentMessage = EmailKit.findMessageAddressedTo(FRED_EMAIL, messages);
assertNotNull(currentMessage);
assertHtmlMessageValid(
currentMessage,
FilterConfig.ADMIN_FILTER_ZERO_RESULTS,
EmailFuncTestCase.DEFAULT_FROM_ADDRESS,
FRED_EMAIL,
ADMIN_USERNAME);
body = EmailKit.getBody(currentMessage);
assertNotPartialLink(body);
assertNotEditLink(body);
}
/** For JRA-17595 */
public void testSubscriptionIsHtmlEncoded() throws Exception {
administration.restoreData("Test_JRA_17595.xml");
configureAndStartSmtpServer();
final AbstractSubscriptionEmailTest.FilterConfig ADMIN_FILTER_XSS =
new AbstractSubscriptionEmailTest.FilterConfig(
"FilterTwo", "<b>Description</b>", "ProjectTwo", "TWO", 2, 2) {
public Iterator<Integer> getIssueIterator() {
return new AbstractSubscriptionEmailTest.CountingIterator(1, getReturnedIssues());
}
};
subscribeToFilterAndRun(ADMIN_FILTER_XSS, Groups.USERS);
// we should get four messages back.
flushMailQueueAndWait(4);
MimeMessage[] messages = mailService.getReceivedMessages();
MimeMessage currentMessage = EmailKit.findMessageAddressedTo(ADMIN_EMAIL, messages);
assertNotNull(currentMessage);
assertHtmlMessageValid(
currentMessage,
ADMIN_FILTER_XSS,
EmailFuncTestCase.DEFAULT_FROM_ADDRESS,
ADMIN_EMAIL,
ADMIN_USERNAME);
String body = EmailKit.getBody(currentMessage);
// is XSS protection in place??
text.assertTextPresent(body, "<b>Description</b>");
text.assertTextPresent(body, ADMIN_FULLNAME + " <b>bold</b>");
currentMessage = EmailKit.findMessageAddressedTo("*****@*****.**", messages);
assertNotNull(currentMessage);
body = EmailKit.getBody(currentMessage);
text.assertTextPresent(body, "<b>Description</b>");
}
