You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by bt...@apache.org on 2020/03/26 02:41:36 UTC
[james-project] 14/16: JAMES-3078 Integration tests for CORS headers
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 1bc8e367df50c557c9a4a6c71e0daebe9227723b
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Mon Mar 23 15:48:01 2020 +0700
JAMES-3078 Integration tests for CORS headers
---
.../apache/james/jmap/JMAPAuthenticationTest.java | 14 ++++
.../methods/integration/CorsHeaderAPITest.java | 82 ++++++++++++++++++++++
.../integration/cucumber/DownloadStepdefs.java | 7 ++
.../test/resources/cucumber/DownloadGet.feature | 6 ++
.../test/resources/cucumber/DownloadPost.feature | 6 ++
.../james/jmap/memory/MemoryCorsHeaderAPITest.java | 37 ++++++++++
6 files changed, 152 insertions(+)
diff --git a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/JMAPAuthenticationTest.java b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/JMAPAuthenticationTest.java
index 08018db..184bc13 100644
--- a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/JMAPAuthenticationTest.java
+++ b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/JMAPAuthenticationTest.java
@@ -165,6 +165,20 @@ public abstract class JMAPAuthenticationTest {
}
@Test
+ public void mustPositionCorsHeaders() throws Exception {
+ given()
+ .contentType(ContentType.JSON)
+ .accept(ContentType.JSON)
+ .body("{\"username\": \"" + userCredentials.getUsername() + "\", \"clientName\": \"Mozilla Thunderbird\", \"clientVersion\": \"42.0\", \"deviceName\": \"Joe Blogg’s iPhone\"}")
+ .when()
+ .post("/authentication")
+ .then()
+ .header("Access-Control-Allow-Origin", "*")
+ .header("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT")
+ .header("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept");
+ }
+
+ @Test
public void mustReturnJsonResponse() throws Exception {
given()
.contentType(ContentType.JSON)
diff --git a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/CorsHeaderAPITest.java b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/CorsHeaderAPITest.java
new file mode 100644
index 0000000..c942c69
--- /dev/null
+++ b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/CorsHeaderAPITest.java
@@ -0,0 +1,82 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+
+package org.apache.james.jmap.draft.methods.integration;
+
+import static io.restassured.RestAssured.given;
+import static org.apache.james.jmap.HttpJmapAuthentication.authenticateJamesUser;
+import static org.apache.james.jmap.JMAPTestingConstants.ALICE;
+import static org.apache.james.jmap.JMAPTestingConstants.ALICE_PASSWORD;
+import static org.apache.james.jmap.JMAPTestingConstants.DOMAIN;
+import static org.apache.james.jmap.JMAPTestingConstants.jmapRequestSpecBuilder;
+import static org.apache.james.jmap.JmapURIBuilder.baseUri;
+
+import java.io.IOException;
+
+import org.apache.james.GuiceJamesServer;
+import org.apache.james.jmap.AccessToken;
+import org.apache.james.jmap.draft.JmapGuiceProbe;
+import org.apache.james.probe.DataProbe;
+import org.apache.james.utils.DataProbeImpl;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import io.restassured.RestAssured;
+
+public abstract class CorsHeaderAPITest {
+ protected abstract GuiceJamesServer createJmapServer() throws IOException;
+
+ private AccessToken accessToken;
+ private GuiceJamesServer jmapServer;
+
+ @Before
+ public void setup() throws Throwable {
+ jmapServer = createJmapServer();
+ jmapServer.start();
+
+ RestAssured.requestSpecification = jmapRequestSpecBuilder
+ .setPort(jmapServer.getProbe(JmapGuiceProbe.class).getJmapPort().getValue())
+ .build();
+ RestAssured.enableLoggingOfRequestAndResponseIfValidationFails();
+
+ DataProbe dataProbe = jmapServer.getProbe(DataProbeImpl.class);
+ dataProbe.addDomain(DOMAIN);
+ dataProbe.addUser(ALICE.asString(), ALICE_PASSWORD);
+ accessToken = authenticateJamesUser(baseUri(jmapServer), ALICE, ALICE_PASSWORD);
+ }
+
+ @After
+ public void teardown() {
+ jmapServer.stop();
+ }
+
+ @Test
+ public void apiShouldPositionCorsHeaders() {
+ given()
+ .header("Authorization", accessToken.asString())
+ .body("[[\"getMailboxes\", {\"accountId\": \"1\"}, \"#0\"]]")
+ .when()
+ .post("/jmap")
+ .then()
+ .header("Access-Control-Allow-Origin", "*")
+ .header("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT")
+ .header("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept");
+ }
+}
diff --git a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/cucumber/DownloadStepdefs.java b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/cucumber/DownloadStepdefs.java
index eb1e05f..41a8fe1 100644
--- a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/cucumber/DownloadStepdefs.java
+++ b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/cucumber/DownloadStepdefs.java
@@ -490,6 +490,13 @@ public class DownloadStepdefs {
assertThat(response.getFirstHeader("Content-Length").getValue()).isEqualTo(String.valueOf(size));
}
+ @Then("^CORS headers are positioned$")
+ public void assertCorsHeader() {
+ assertThat(response.getFirstHeader("Access-Control-Allow-Origin").getValue()).isEqualTo("*");
+ assertThat(response.getFirstHeader("Access-Control-Allow-Methods").getValue()).isEqualTo("GET, POST, DELETE, PUT");
+ assertThat(response.getFirstHeader("Access-Control-Allow-Headers").getValue()).isEqualTo("Content-Type, Authorization, Accept");
+ }
+
@Then("^the Content-Type is \"([^\"]*)\"$")
public void assertContentType(String contentType) {
assertThat(response.getFirstHeader("Content-Type").getValue()).isEqualTo(contentType);
diff --git a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/resources/cucumber/DownloadGet.feature b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/resources/cucumber/DownloadGet.feature
index 2639d86..5132a5f 100644
--- a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/resources/cucumber/DownloadGet.feature
+++ b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/resources/cucumber/DownloadGet.feature
@@ -75,6 +75,12 @@ Feature: Download GET
Then she can read that blob
And the blob size is 36
+ Scenario: Position CORS headers
+ Given "alice@domain.tld" mailbox "INBOX" contains a message "1"
+ When "alice@domain.tld" downloads "1"
+ Then she can read that blob
+ And CORS headers are positioned
+
Scenario: Deleted message should revoke attachment blob download rights
Given "alice@domain.tld" mailbox "INBOX" contains a message "1" with an attachment "2"
And "alice@domain.tld" delete mailbox "INBOX"
diff --git a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/resources/cucumber/DownloadPost.feature b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/resources/cucumber/DownloadPost.feature
index e6f09ab..13270a1 100644
--- a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/resources/cucumber/DownloadPost.feature
+++ b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/resources/cucumber/DownloadPost.feature
@@ -35,3 +35,9 @@ Feature: Alternative authentication mechanism for getting attachment via a POST
Given "username@domain.tld" mailbox "INBOX" contains a message "1" with an attachment "2"
When "username@domain.tld" asks for a token for attachment "2"
Then the user should receive an attachment access token
+
+ Scenario: Position CORS headers
+ Given "username@domain.tld" mailbox "INBOX" contains a message "1" with an attachment "2"
+ When "username@domain.tld" asks for a token for attachment "2"
+ Then the user should receive an attachment access token
+ And CORS headers are positioned
\ No newline at end of file
diff --git a/server/protocols/jmap-draft-integration-testing/memory-jmap-draft-integration-testing/src/test/java/org/apache/james/jmap/memory/MemoryCorsHeaderAPITest.java b/server/protocols/jmap-draft-integration-testing/memory-jmap-draft-integration-testing/src/test/java/org/apache/james/jmap/memory/MemoryCorsHeaderAPITest.java
new file mode 100644
index 0000000..2b422c0
--- /dev/null
+++ b/server/protocols/jmap-draft-integration-testing/memory-jmap-draft-integration-testing/src/test/java/org/apache/james/jmap/memory/MemoryCorsHeaderAPITest.java
@@ -0,0 +1,37 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+
+package org.apache.james.jmap.memory;
+
+import java.io.IOException;
+
+import org.apache.james.GuiceJamesServer;
+import org.apache.james.MemoryJmapTestRule;
+import org.apache.james.jmap.draft.methods.integration.CorsHeaderAPITest;
+import org.junit.Rule;
+
+public class MemoryCorsHeaderAPITest extends CorsHeaderAPITest {
+ @Rule
+ public MemoryJmapTestRule memoryJmap = new MemoryJmapTestRule();
+
+ @Override
+ protected GuiceJamesServer createJmapServer() throws IOException {
+ return memoryJmap.jmapServer();
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org