1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.rendering.macro.velocity

File VelocityMacroSecurityTest.java

 

Code metrics

0
25
3
1
116
71
3
0.12
8.33
3
1

Classes

Class Line # Actions
VelocityMacroSecurityTest 57 25 0% 3 1
0.9642857396.4%
 

Contributing tests

This file is covered by 2 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.rendering.macro.velocity;
21   
22    import java.util.Collections;
23   
24    import org.junit.Before;
25    import org.junit.Rule;
26    import org.junit.Test;
27    import org.xwiki.observation.internal.DefaultObservationManager;
28    import org.xwiki.properties.BeanDescriptor;
29    import org.xwiki.properties.BeanManager;
30    import org.xwiki.rendering.block.MacroBlock;
31    import org.xwiki.rendering.internal.macro.script.PermissionCheckerListener;
32    import org.xwiki.rendering.internal.macro.velocity.VelocityMacro;
33    import org.xwiki.rendering.internal.macro.velocity.VelocityMacroPermissionPolicy;
34    import org.xwiki.rendering.macro.Macro;
35    import org.xwiki.rendering.macro.MacroExecutionException;
36    import org.xwiki.rendering.macro.MacroId;
37    import org.xwiki.rendering.macro.MacroManager;
38    import org.xwiki.rendering.syntax.Syntax;
39    import org.xwiki.rendering.transformation.MacroTransformationContext;
40    import org.xwiki.security.authorization.ContextualAuthorizationManager;
41    import org.xwiki.security.authorization.Right;
42    import org.xwiki.test.annotation.ComponentList;
43    import org.xwiki.test.mockito.MockitoComponentMockingRule;
44   
45    import static org.mockito.ArgumentMatchers.any;
46    import static org.mockito.Mockito.mock;
47    import static org.mockito.Mockito.verify;
48    import static org.mockito.Mockito.when;
49   
50    /**
51    * Verify that a Velocity macro's execution can be restricted.
52    *
53    * @version $Id: 410c46ccd14a9fcd05568fe5e0d81ce9faf777df $
54    * @since 4.2M1
55    */
56    @ComponentList({VelocityMacroPermissionPolicy.class, DefaultObservationManager.class, PermissionCheckerListener.class})
 
57    public class VelocityMacroSecurityTest
58    {
59    @Rule
60    public MockitoComponentMockingRule<Macro<VelocityMacroParameters>> mocker =
61    new MockitoComponentMockingRule<Macro<VelocityMacroParameters>>(VelocityMacro.class);
62   
63    ContextualAuthorizationManager authorizationManager;
64   
 
65  2 toggle @Before
66    public void setUp() throws Exception
67    {
68  2 authorizationManager = mocker.registerMockComponent(ContextualAuthorizationManager.class);
69   
70  2 BeanDescriptor mockBeanDescriptor = mock(BeanDescriptor.class);
71  2 when(mockBeanDescriptor.getProperties()).thenReturn(Collections.EMPTY_LIST);
72   
73  2 BeanManager beanManager = mocker.getInstance(BeanManager.class);
74  2 when(beanManager.getBeanDescriptor(any(Class.class))).thenReturn(mockBeanDescriptor);
75   
76  2 Macro velocityMacro = mocker.getComponentUnderTest();
77  2 MacroManager mockMacroManager = mocker.registerMockComponent(MacroManager.class);
78  2 when(mockMacroManager.getMacro(any(MacroId.class))).thenReturn(velocityMacro);
79    }
80   
 
81  1 toggle @Test(expected = MacroExecutionException.class)
82    public void testRestrictedByContext() throws Exception
83    {
84  1 VelocityMacroParameters params = new VelocityMacroParameters();
85  1 MacroTransformationContext context = new MacroTransformationContext();
86  1 context.setSyntax(Syntax.XWIKI_2_0);
87  1 context.setCurrentMacroBlock(new MacroBlock("velocity", Collections.<String, String>emptyMap(), false));
88  1 context.setId("page1");
89   
90    // Restrict the transformation context.
91  1 context.getTransformationContext().setRestricted(true);
92   
93  1 when(authorizationManager.hasAccess(Right.SCRIPT)).thenReturn(true);
94   
95  1 mocker.getComponentUnderTest().execute(params, "#macro(testMacrosAreLocal)mymacro#end", context);
96    }
97   
 
98  1 toggle @Test(expected = MacroExecutionException.class)
99    public void testRestrictedByRights() throws Exception
100    {
101  1 VelocityMacroParameters params = new VelocityMacroParameters();
102  1 MacroTransformationContext context = new MacroTransformationContext();
103  1 context.setSyntax(Syntax.XWIKI_2_0);
104  1 context.setCurrentMacroBlock(new MacroBlock("velocity", Collections.<String, String>emptyMap(), false));
105  1 context.setId("page1");
106   
107  1 context.getTransformationContext().setRestricted(false);
108   
109    // Restrict the SCRIPT right.
110  1 when(authorizationManager.hasAccess(Right.SCRIPT)).thenReturn(false);
111   
112  1 mocker.getComponentUnderTest().execute(params, "#macro(testMacrosAreLocal)mymacro#end", context);
113   
114  0 verify(authorizationManager.hasAccess(Right.SCRIPT));
115    }
116    }