/** * Test functionality of the ForgotUsername page: * * <ul> * <li>A user can be found using correct email * <li>No user is found using wrong email * <li>Email text is properly escaped * </ul> */ @Test public void testForgotUsername() { String space = "Test"; String page = "SQLTestPage"; String mail = "*****@*****.**"; // default Admin mail String user = "******"; String badMail = "*****@*****.**"; // Ensure there is a page we will try to find using HQL injection editInWikiEditor(space, page); setFieldValue("title", page); setFieldValue("content", page); clickEditSaveAndView(); // test that it finds the correct user open("XWiki", "ForgotUsername"); setFieldValue("e", mail); submit("//input[@type='submit']"); // there are no other buttons assertTextNotPresent("No account is registered using this email address"); assertElementPresent("//div[@id='xwikicontent']//strong[text()='" + user + "']"); // test that bad mail results in no results open("XWiki", "ForgotUsername"); setFieldValue("e", badMail); submit("//input[@type='submit']"); // there are no other buttons assertTextPresent("No account is registered using this email address"); assertElementNotPresent("//div[@id='xwikicontent']//strong[@value='" + user + "']"); // XWIKI-4920 test that the email is properly escaped open("XWiki", "ForgotUsername"); setFieldValue("e", "a' synta\\'x error"); submit("//input[@type='submit']"); // there are no other buttons assertTextPresent("No account is registered using this email address"); assertTextNotPresent("Error"); }
/* * If CodeToExecute is defined in a configurable app, then it should be evaluated. * Also header should be evaluated and not just printed. * If XWiki.ConfigurableClass is saved with programming rights, it should resave itself so that it doesn't have them. */ @Test public void testCodeToExecutionAndAutoSandboxing() { String space = "Main"; String page = "TestConfigurable"; String codeToExecute = "#set($code = 's sh')" + "Thi${code}ould be displayed." + "#if($xcontext.hasProgrammingRights())" + "This should not be displayed." + "#end"; String heading = "#set($code = 'his sho')" + "T${code}uld also be displayed."; createConfigurableApplication(space, page, "TestSection6", true); open(space, page, "edit", "editor=object"); expandObject("XWiki.ConfigurableClass", 0); setFieldValue("XWiki.ConfigurableClass_0_codeToExecute", codeToExecute); setFieldValue("XWiki.ConfigurableClass_0_heading", heading); setFieldValue("XWiki.ConfigurableClass_0_configurationClass", ""); clickEditSaveAndView(); // Our admin will foolishly save XWiki.ConfigurableClass, giving it programming rights. open("XWiki", "ConfigurableClass", "edit", "editor=wiki"); try { // Since we modify ConfigurableClass, we must modify it back after to prevent polluting // further tests. // See http://code.google.com/p/selenium/issues/detail?id=2876 . getDriver() .findElement(By.id("content")) .sendKeys( Keys.chord(Keys.CONTROL, "a"), Keys.chord(Keys.CONTROL, "c"), Keys.ARROW_RIGHT, "{{velocity}}Has Programming permission: $xcontext.hasProgrammingRights(){{/velocity}}"); clickEditSaveAndContinue(); // Now we look at the section for our configurable. open("XWiki", "ConfigurableClass", "view", "editor=globaladmin§ion=TestSection6"); assertTextPresent("This should be displayed."); assertTextPresent("This should also be displayed."); assertTextNotPresent("This should not be displayed."); assertTextPresent("Has Programming permission: false"); // Make sure javascript has not added a Save button. assertElementNotPresent("//div/div/p/span/input[@type='submit'][@value='Save']"); } finally { open("XWiki", "ConfigurableClass", "edit", "editor=wiki"); getDriver() .findElement(By.id("content")) .sendKeys(Keys.chord(Keys.CONTROL, "a"), Keys.chord(Keys.CONTROL, "v")); clickEditSaveAndContinue(); } }