@Test
  public void testContentClassComponentListPlexusResource() throws Exception {
    String role = "repo_content_classes";
    // do admin
    List<PlexusComponentListResource> result1 =
        this.getResult(role, this.getXMLXStream(), MediaType.APPLICATION_XML);
    Assert.assertThat(getHints(result1), IsCollectionContaining.hasItems("maven1", "maven2"));

    // 403 test
    this.overwriteUserRole(TEST_USER_NAME, "login-only" + role, "2");
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);
    Response response = sendMessage(role, this.getXMLXStream(), MediaType.APPLICATION_XML);
    Assert.assertTrue(
        "Expected Error: Status was: " + response.getStatus().getCode(),
        response.getStatus().isClientError());
    Assert.assertEquals(403, response.getStatus().getCode());

    // only content class priv
    this.overwriteUserRole(TEST_USER_NAME, "content-classes" + role, "70");
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);
    response = sendMessage(role, this.getXMLXStream(), MediaType.APPLICATION_XML);
    Assert.assertTrue(response.getStatus().isSuccess());
  }
  @Test
  public void withoutPermission() throws Exception {
    overwriteUserRole(
        TEST_USER_NAME,
        "anonymous-with-login-but-setpw",
        "1",
        "2" /* login */,
        "6",
        "14",
        "17",
        "19",
        "44",
        "54",
        "55",
        "57",
        "58",
        "59", /* "72" set pw, */
        "T1",
        "T2");

    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    // NOT Should be able to forgot my own username
    Status status = ChangePasswordUtils.changePassword("test-user", "123admin");
    Assert.assertEquals(403, status.getCode());

    // NOT Should be able to forgot anyone username
    status = ChangePasswordUtils.changePassword("admin", "123admin");
    Assert.assertEquals(403, status.getCode());
  }
  @Test
  public void testScheduledTaskTypeComonentListPlexusResource() throws Exception {
    String role = "schedule_types";
    // do admin
    List<PlexusComponentListResource> result1 =
        this.getResult(role, this.getXMLXStream(), MediaType.APPLICATION_XML);
    Assert.assertTrue("Expected list larger then 1.", result1.size() > 1);

    // 403 test
    this.overwriteUserRole(TEST_USER_NAME, "login-only" + role, "2");
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);
    Response response = sendMessage(role, this.getXMLXStream(), MediaType.APPLICATION_XML);
    Assert.assertTrue(
        "Expected Error: Status was: " + response.getStatus().getCode(),
        response.getStatus().isClientError());
    Assert.assertEquals(403, response.getStatus().getCode());

    // only content class priv
    this.overwriteUserRole(TEST_USER_NAME, "schedule_types" + role, "71");
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);
    response = sendMessage(role, this.getXMLXStream(), MediaType.APPLICATION_XML);
    Assert.assertTrue(response.getStatus().isSuccess());
  }
  @Test
  public void withoutPermission() throws Exception {
    overwriteUserRole(
        TEST_USER_NAME,
        "anonymous-with-login-but-forgot",
        "1",
        "2" /* login */,
        "6",
        "14",
        "17",
        "19",
        "44",
        "54",
        "55", /* "57" forgot, */
        "58",
        "59",
        "T1",
        "T2");

    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    // NOT Should be able to forgot anyone password
    Response response =
        ForgotPasswordUtils.get(this).recoverUserPassword("anonymous", "*****@*****.**");
    Assert.assertEquals("Status", response.getStatus().getCode(), 403);

    // NOT Should be able to forgot my own password
    response =
        ForgotPasswordUtils.get(this)
            .recoverUserPassword(TEST_USER_NAME, "*****@*****.**");
    Assert.assertEquals("Status", response.getStatus().getCode(), 403);
  }
 /**
  * Sets the exposed flag of repository.
  *
  * @param exposed
  * @throws IOException
  */
 protected void setExposed(final boolean exposed) throws IOException {
   TestContainer.getInstance().getTestContext().useAdminForRequests();
   TestContainer.getInstance().getTestContext().setSecureTest(true);
   final RepositoryBaseResource releasesRepository =
       getRepositoryMessageUtil().getRepository(REPO_TEST_HARNESS_RELEASE_REPO);
   releasesRepository.setExposed(exposed);
   getRepositoryMessageUtil().updateRepo(releasesRepository);
 }
  @Test
  public void getGroupNoAccessTest() throws Exception {
    // use test user
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    String repoId = "public";
    RequestFacade.doGet(GroupMessageUtil.SERVICE_PART + "/" + repoId, respondsWithStatusCode(403));
  }
  @Test
  public void getRepositoryNoAccessTest() throws Exception {
    // use test user
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    RequestFacade.doGet(
        "service/local/repositories/" + getTestRepositoryId(), respondsWithStatusCode(403));
  }
  @Test
  public void getRepositoriesListNoAccessTest() throws Exception {
    // use test user
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    List<RepositoryListResource> repoList = repoUtil.getList();
    Assert.assertEquals(0, repoList.size());
  }
  @Test
  public void updateRepositoryNoAccessTest() throws Exception {

    RepositoryBaseResource repo = repoUtil.getRepository(getTestRepositoryId());
    repo.setName("new name");

    // use test user
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    Response response = this.repoUtil.sendMessage(Method.PUT, repo);
    Assert.assertEquals("Status: " + response.getStatus(), response.getStatus().getCode(), 403);
  }
  @Test
  public void deleteGroupNoAccessTest() throws Exception {

    String repoId = "public";

    // use test user
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    Response response =
        RequestFacade.sendMessage(GroupMessageUtil.SERVICE_PART + "/" + repoId, Method.DELETE);
    Assert.assertEquals("Status: " + response.getStatus(), response.getStatus().getCode(), 403);
  }
  @Test
  public void deleteRepositoryNoAccessTest() throws Exception {

    String repoId = this.getTestRepositoryId();

    // use test user
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    Response response =
        RequestFacade.sendMessage("service/local/repositories/" + repoId, Method.DELETE);
    Assert.assertEquals("Status: " + response.getStatus(), response.getStatus().getCode(), 403);
  }
Ejemplo n.º 12
0
  @Test(expectedExceptions = FileNotFoundException.class)
  public void checkMetadataOnGroup() throws Exception {
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    downloadFile(
        new URL(
            nexusBaseUrl
                + GROUP_REPOSITORY_RELATIVE_URL
                + NEXUS1560_GROUP
                + "/nexus1560/artifact/maven-metadata.xml"),
        "./target/downloads/nexus1560/repo-maven-metadata.xml");
  }
  @Test
  public void createRepositoryNoAccessTest() throws Exception {

    String repoId = "test-repo";

    RepositoryBaseResource repo = this.repoUtil.getRepository(this.getTestRepositoryId());
    repo.setId(repoId);

    // use test user
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    Response response = this.repoUtil.sendMessage(Method.POST, repo, repoId);
    Assert.assertEquals("Status: " + response.getStatus(), response.getStatus().getCode(), 403);
  }
  @Test
  public void updateGroupNoAccessTest() throws Exception {

    String repoId = "public";

    RepositoryGroupResource repo = this.groupUtil.getGroup(repoId);
    repo.setName("new name");

    // use test user
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    Response response = this.groupUtil.sendMessage(Method.PUT, repo);
    Assert.assertEquals("Status: " + response.getStatus(), response.getStatus().getCode(), 403);
  }
  @Test
  public void getRepositoriesListWithAccessTest() throws Exception {
    // give the user view access to
    String repoId = this.getTestRepositoryId();
    String viewPriv = "repository-" + repoId;
    this.addPrivilege(TEST_USER_NAME, viewPriv);

    // use test user
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    List<RepositoryListResource> repoList = repoUtil.getList();
    Assert.assertEquals(1, repoList.size());
    Assert.assertEquals(repoList.get(0).getId(), repoId);
  }
  @Test
  public void test() throws Exception {
    // use admin
    TestContext testContext = TestContainer.getInstance().getTestContext();

    // user is created at security.xml

    testContext.setUsername(NEXUS504_USER);
    testContext.setPassword(TEST_USER_PASSWORD);

    assertThat(UserCreationUtil.login(), hasStatusCode(403));

    // add login privilege to role
    testContext.useAdminForRequests();

    RoleResource role = roleUtil.getRole(NEXUS504_ROLE);
    role.addPrivilege("2" /* login */);
    assertThat(
        "Unable to add login privilege to role "
            + NEXUS504_ROLE
            + "\n"
            + RoleMessageUtil.update(role).getDescription(),
        RoleMessageUtil.update(role),
        isSuccess());

    // try to login again
    testContext.setUsername(NEXUS504_USER);
    testContext.setPassword(TEST_USER_PASSWORD);
    Status status2 = UserCreationUtil.login();
    assertThat(status2, hasStatusCode(200));
  }
  /**
   * To me this seems like a bad hack around this problem. I don't have any other thoughts though.
   * <br>
   * If you see this and think: "Wow, why did he to that instead of XYZ, please let me know." <br>
   * The issue is that we want to init the tests once (to start/stop the app) and the <code>
   * @BeforeClass</code> is static, so we don't have access to the package name of the running
   * tests. We are going to use the package name to find resources for additional setup. NOTE: With
   * this setup running multiple Test at the same time is not possible.
   *
   * @throws Exception
   */
  @Before
  public void oncePerClassSetUp() throws Exception {
    synchronized (AbstractNexusIntegrationTest.class) {
      log.debug("oncePerClassSetUp is init: " + NEEDS_INIT);
      if (NEEDS_INIT) {
        // this will trigger PlexusContainer creation when test is instantiated, but only if needed
        getITPlexusContainer(getClass());

        // tell the console what we are doing, now that there is no output its
        log.info("Running Test: " + getClass().getSimpleName());

        setupLog4j();

        // clean common work dir
        beforeStartClean();

        copyTestResources();

        HashMap<String, String> variables = new HashMap<String, String>();
        variables.put("test-harness-id", getTestId());

        this.copyConfigFiles();

        // At this point we have the final log4j config for the IT, switch log4j to use it.
        PropertyConfigurator.configure(WORK_CONF_DIR + "/log4j.properties");

        // TODO: Below, Nexus configuration upgrade happens! But this is insane, since it is the IT
        // that
        // upgrades
        // nexus config, not the tested product! If, by any chance, we start to test another
        // product, that is
        // not in this buildtree (hence, the configuration classes will not be equal like
        // currently), this is
        // make hell loose!

        // we need to make sure the config is valid, so we don't need to hunt through log files
        if (this.verifyNexusConfigBeforeStart) {
          getNexusConfigUtil().validateConfig();
        }

        // the validation needs to happen before we enable security it triggers an upgrade.
        getNexusConfigUtil()
            .enableSecurity(
                TestContainer.getInstance().getTestContext().isSecureTest()
                    || Boolean.valueOf(System.getProperty("secure.test")));

        // start nexus
        startNexus();

        // deploy artifacts
        deployArtifacts();

        runOnce();

        // TODO: we can remove this now that we have the soft restart
        NEEDS_INIT = false;
      }
    }
  }
  @Test(groups = SECURITY)
  public void testCreatePermission() throws IOException {
    this.giveUserPrivilege(TEST_USER_NAME, "repository-all");

    RepositoryGroupResource group = new RepositoryGroupResource();
    group.setId("testCreatePermission");
    group.setName("testCreatePermission");
    group.setFormat("maven2");
    group.setProvider("maven2");

    RepositoryGroupMemberRepository member = new RepositoryGroupMemberRepository();
    member.setId("nexus-test-harness-repo");
    group.addRepository(member);

    TestContainer.getInstance().getTestContext().setUsername("test-user");
    TestContainer.getInstance().getTestContext().setPassword("admin123");

    Response response = this.groupUtil.sendMessage(Method.POST, group);
    Assert.assertEquals(response.getStatus().getCode(), 403, "Response status: ");

    // use admin
    TestContainer.getInstance().getTestContext().useAdminForRequests();

    // now give create
    this.giveUserPrivilege("test-user", "13");

    // now.... it should work...
    TestContainer.getInstance().getTestContext().setUsername("test-user");
    TestContainer.getInstance().getTestContext().setPassword("admin123");

    response = this.groupUtil.sendMessage(Method.POST, group);
    Assert.assertEquals(response.getStatus().getCode(), 201, "Response status: ");
    group = this.groupUtil.getGroup(group.getId());

    // read should succeed (inherited)
    response = this.groupUtil.sendMessage(Method.GET, group);
    Assert.assertEquals(response.getStatus().getCode(), 200, "Response status: ");

    // update should fail
    response = this.groupUtil.sendMessage(Method.PUT, group);
    Assert.assertEquals(response.getStatus().getCode(), 403, "Response status: ");

    // delete should fail
    response = this.groupUtil.sendMessage(Method.DELETE, group);
    Assert.assertEquals(response.getStatus().getCode(), 403, "Response status: ");
  }
  @BeforeClass
  public void setSecureTest() throws Exception {

    // get a test container for the test
    TestContainer.getInstance().getTestContext().setSecureTest(true);

    // set log level of Nexus to debug
    System.setProperty("it.nexus.log.level", "DEBUG");
  }
  @Test
  @Category(SECURITY.class)
  public void withPermission() throws Exception {
    overwriteUserRole(
        TEST_USER_NAME,
        "anonymous-with-login-changepw",
        "1",
        "2" /* login */,
        "6",
        "14",
        "17",
        "19",
        "44",
        "54",
        "55",
        "57",
        "58",
        "59",
        "64" /* change pw */,
        "T1",
        "T2");

    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    // Should be able to change my own password
    Status status = ChangePasswordUtils.changePassword("test-user", "admin123", "123admin");
    Assert.assertTrue(status.isSuccess());

    // password changed ! should fail
    status = ChangePasswordUtils.changePassword("test-user", "admin123", "123admin");
    Assert.assertEquals(401, status.getCode());
    status = ChangePasswordUtils.changePassword("test-user", "123admin", "admin123");
    Assert.assertEquals(401, status.getCode());

    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword("123admin");

    // should pass
    status = ChangePasswordUtils.changePassword("test-user", "123admin", "admin123");
    Assert.assertTrue(status.isSuccess());

    // should NOT be able to change another users password
  }
  @Test
  public void downloadWithPermition() throws Exception {
    AbstractMavenNexusIT.cleanRepository(
        new File(TestProperties.getString("maven.local.repo")), getTestId());

    TestContainer.getInstance().getTestContext().useAdminForRequests();
    replaceUserRole(TEST_USER_NAME, "nx-admin");

    download();
  }
  @Test
  public void wrongAnonymousAccount() throws Exception {
    TestContainer.getInstance().getTestContext().useAdminForRequests();

    GlobalConfigurationResource globalConfig = SettingsMessageUtil.getCurrentSettings();
    globalConfig.setSecurityAnonymousUsername("zigfrid");

    Status status = SettingsMessageUtil.save(globalConfig);
    Assert.assertEquals(status.getCode(), 400, "Can't set an invalid user as anonymous");
  }
  protected Status sendMessage(final boolean authenticated, final URL url, Method method)
      throws IOException {
    Response response = null;

    final boolean wasSecureTest = TestContainer.getInstance().getTestContext().isSecureTest();

    try {
      TestContainer.getInstance().getTestContext().setSecureTest(authenticated);

      response = RequestFacade.sendMessage(url, method, null);

      return response.getStatus();
    } finally {
      if (response != null) {
        RequestFacade.releaseResponse(response);
      }

      TestContainer.getInstance().getTestContext().setSecureTest(wasSecureTest);
    }
  }
Ejemplo n.º 24
0
  @Test
  public void checkMetadataOnRepository() throws Exception {
    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    File file =
        downloadFile(
            new URL(
                nexusBaseUrl
                    + REPOSITORY_RELATIVE_URL
                    + REPO_TEST_HARNESS_REPO
                    + "/nexus1560/artifact/maven-metadata.xml"),
            "./target/downloads/nexus1560/repo-maven-metadata.xml");
    Xpp3Dom dom = Xpp3DomBuilder.build(new FileReader(file));
    Xpp3Dom[] versions = dom.getChild("versioning").getChild("versions").getChildren("version");
    for (Xpp3Dom version : versions) {
      Assert.assertEquals(
          version.getValue(), "1.0", "Invalid version available on metadata" + dom.toString());
    }
  }
  @Test
  public void testAdminPrivileges() throws Exception {
    TestContainer.getInstance().getTestContext().useAdminForRequests();

    List<ClientPermission> permissions = this.getPermissions();

    Assert.assertEquals(this.getExpectedPrivilegeCount(), permissions.size());

    for (ClientPermission clientPermission : permissions) {
      Assert.assertEquals(15, clientPermission.getValue());
    }
  }
  @AfterClass
  public static void oncePerClassTearDown() throws Exception {
    // turn off security, of the current IT with security on won't affect the next IT
    TestContainer.getInstance().getTestContext().setSecureTest(false);

    // stop nexus
    stopNexus();

    takeSnapshot();

    // kill existing container if around
    killITPlexusContainer();
  }
  @Test
  public void withPermission() throws Exception {
    overwriteUserRole(
        TEST_USER_NAME,
        "anonymous-with-login-setpw",
        "1",
        "2" /* login */,
        "6",
        "14",
        "17",
        "19",
        "44",
        "54",
        "55",
        "57",
        "58",
        "59",
        "72" /* set pw */,
        "T1",
        "T2");

    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);

    // Should be able to change my own password
    Status status = ChangePasswordUtils.changePassword("test-user", "newPassword");
    Assert.assertEquals("Status", 204, status.getCode());

    // we need to change the password around for this
    TestContainer.getInstance().getTestContext().setPassword("newPassword");
    status = ChangePasswordUtils.changePassword("test-user", "newPassword");
    Assert.assertEquals("Status", 204, status.getCode());

    status = ChangePasswordUtils.changePassword("test-user", TEST_USER_PASSWORD);
    Assert.assertEquals("Status", 204, status.getCode());
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);
  }
Ejemplo n.º 28
0
  @BeforeMethod
  public void init() throws Exception {
    TestContainer.getInstance().getTestContext().useAdminForRequests();
    addPriv(
        TEST_USER_NAME,
        REPO_TEST_HARNESS_REPO + "-priv",
        TargetPrivilegeDescriptor.TYPE,
        "1",
        REPO_TEST_HARNESS_REPO,
        null,
        "read");

    // Now need the view priv as well
    addPrivilege(TEST_USER_NAME, "repository-" + REPO_TEST_HARNESS_REPO);
  }
Ejemplo n.º 29
0
  public <T> T invokeAsAdministrator(final Callable<T> callable) throws Exception {
    final TestContext ctx = TestContainer.getInstance().getTestContext();
    final String username = ctx.getUsername();
    final String password = ctx.getPassword();
    final boolean secure = ctx.isSecureTest();
    ctx.useAdminForRequests();
    ctx.setSecureTest(true);

    try {
      return callable.call();
    } finally {
      ctx.setUsername(username);
      ctx.setPassword(password);
      ctx.setSecureTest(secure);
    }
  }
  private int getExpectedPrivilegeCount() throws Exception {
    TestContainer.getInstance().getTestContext().useAdminForRequests();

    Set<String> privIds = new HashSet<String>();
    List<PrivilegeStatusResource> privs =
        new PrivilegesMessageUtil(this, XStreamFactory.getXmlXStream(), MediaType.APPLICATION_XML)
            .getList();
    for (PrivilegeStatusResource priv : privs) {
      if (priv.getType().equals("method")) {
        for (PrivilegeProperty prop : priv.getProperties()) {
          if (prop.getKey().equals("permission")) {
            privIds.add(prop.getValue());
          }
        }
      }
    }
    return privIds.size();
    // return getUserPrivs( TestContainer.getInstance().getTestContext().getUsername() ).size();
  }