From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
tests/Selenium/bootstrap.php | 175 ++++++++++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 145 insertions(+), 30 deletions(-)
diff --git a/tests/Selenium/bootstrap.php b/tests/Selenium/bootstrap.php
index 124a81e..9baf0c0 100644
--- a/tests/Selenium/bootstrap.php
+++ b/tests/Selenium/bootstrap.php
@@ -24,7 +24,7 @@
if (!defined('INSTALL_PATH')) define('INSTALL_PATH', realpath(__DIR__ . '/../../') . '/' );
-define('TESTS_DIR', __DIR__ . '/');
+define('TESTS_DIR', realpath(__DIR__ . '/../') . '/');
if (@is_dir(TESTS_DIR . 'config')) {
define('RCUBE_CONFIG_DIR', TESTS_DIR . 'config');
@@ -38,7 +38,7 @@
die("Fatal error: ini_set/set_include_path does not work.");
}
-$rcmail = rcmail::get_instance('test');
+$rcmail = rcmail::get_instance(0, 'test');
define('TESTS_URL', $rcmail->config->get('tests_url'));
define('TESTS_BROWSER', $rcmail->config->get('tests_browser', 'firefox'));
@@ -54,35 +54,39 @@
*/
class bootstrap
{
+ static $imap_ready = null;
+
/**
* Wipe and re-initialize (mysql) database
*/
public static function init_db()
{
$rcmail = rcmail::get_instance();
+ $dsn = rcube_db::parse_dsn($rcmail->config->get('db_dsnw'));
- // drop all existing tables first
- $db = $rcmail->get_dbh();
- $db->query("SET FOREIGN_KEY_CHECKS=0");
- $sql_res = $db->query("SHOW TABLES");
- while ($sql_arr = $db->fetch_array($sql_res)) {
- $table = reset($sql_arr);
- $db->query("DROP TABLE $table");
- }
+ if ($dsn['phptype'] == 'mysql' || $dsn['phptype'] == 'mysqli') {
+ // drop all existing tables first
+ $db = $rcmail->get_dbh();
+ $db->query("SET FOREIGN_KEY_CHECKS=0");
+ $sql_res = $db->query("SHOW TABLES");
+ while ($sql_arr = $db->fetch_array($sql_res)) {
+ $table = reset($sql_arr);
+ $db->query("DROP TABLE $table");
+ }
- // init database with schema
- $dsn = parse_url($rcmail->config->get('db_dsnw'));
- $db_name = trim($dsn['path'], '/');
-
- if ($dsn['scheme'] == 'mysql' || $dsn['scheme'] == 'mysqli') {
+ // init database with schema
system(sprintf('cat %s %s | mysql -h %s -u %s --password=%s %s',
realpath(INSTALL_PATH . '/SQL/mysql.initial.sql'),
- realpath(TESTS_DIR . '/Selenium/data/mysql.sql'),
- escapeshellarg($dsn['host']),
- escapeshellarg($dsn['user']),
- escapeshellarg($dsn['pass']),
- escapeshellarg($db_name)
+ realpath(TESTS_DIR . 'Selenium/data/mysql.sql'),
+ escapeshellarg($dsn['hostspec']),
+ escapeshellarg($dsn['username']),
+ escapeshellarg($dsn['password']),
+ escapeshellarg($dsn['database'])
));
+ }
+ else if ($dsn['phptype'] == 'sqlite') {
+ // delete database file -- will be re-initialized on first access
+ system(sprintf('rm -f %s', escapeshellarg($dsn['database'])));
}
}
@@ -91,10 +95,96 @@
*/
public static function init_imap()
{
- if (!TESTS_USER)
+ if (!TESTS_USER) {
return false;
+ }
+ else if (self::$imap_ready !== null) {
+ return self::$imap_ready;
+ }
- // TBD.
+ self::connect_imap(TESTS_USER, TESTS_PASS);
+ self::purge_mailbox('INBOX');
+ self::ensure_mailbox('Archive', true);
+
+ return self::$imap_ready;
+ }
+
+ /**
+ * Authenticate to IMAP with the given credentials
+ */
+ public static function connect_imap($username, $password, $host = null)
+ {
+ $rcmail = rcmail::get_instance();
+ $imap = $rcmail->get_storage();
+
+ if ($imap->is_connected()) {
+ $imap->close();
+ self::$imap_ready = false;
+ }
+
+ $imap_host = $host ?: $rcmail->config->get('default_host');
+ $a_host = parse_url($imap_host);
+ if ($a_host['host']) {
+ $imap_host = $a_host['host'];
+ $imap_ssl = isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'));
+ $imap_port = isset($a_host['port']) ? $a_host['port'] : ($imap_ssl ? 993 : 143);
+ }
+ else {
+ $imap_port = 143;
+ $imap_ssl = false;
+ }
+
+ if (!$imap->connect($imap_host, $username, $password, $imap_port, $imap_ssl)) {
+ die("IMAP error: unable to authenticate with user " . TESTS_USER);
+ }
+
+ self::$imap_ready = true;
+ }
+
+ /**
+ * Import the given file into IMAP
+ */
+ public static function import_message($filename, $mailbox = 'INBOX')
+ {
+ if (!self::init_imap()) {
+ die(__METHOD__ . ': IMAP connection unavailable');
+ }
+
+ $imap = rcmail::get_instance()->get_storage();
+ $imap->save_message($mailbox, file_get_contents($filename));
+ }
+
+ /**
+ * Delete all messages from the given mailbox
+ */
+ public static function purge_mailbox($mailbox)
+ {
+ if (!self::init_imap()) {
+ die(__METHOD__ . ': IMAP connection unavailable');
+ }
+
+ $imap = rcmail::get_instance()->get_storage();
+ $imap->delete_message('*', $mailbox);
+ }
+
+ /**
+ * Make sure the given mailbox exists in IMAP
+ */
+ public static function ensure_mailbox($mailbox, $empty = false)
+ {
+ if (!self::init_imap()) {
+ die(__METHOD__ . ': IMAP connection unavailable');
+ }
+
+ $imap = rcmail::get_instance()->get_storage();
+
+ $folders = $imap->list_folders();
+ if (!in_array($mailbox, $folders)) {
+ $imap->create_folder($mailbox, true);
+ }
+ else if ($empty) {
+ $imap->delete_message('*', $mailbox);
+ }
}
}
@@ -106,9 +196,12 @@
*/
class Selenium_Test extends PHPUnit_Extensions_Selenium2TestCase
{
+ protected $login_data = null;
+
protected function setUp()
{
$this->setBrowser(TESTS_BROWSER);
+ $this->login_data = array(TESTS_USER, TESTS_PASS);
// Set root to our index.html, for better performance
// See https://github.com/sebastianbergmann/phpunit-selenium/issues/217
@@ -116,16 +209,23 @@
$this->setBrowserUrl($baseurl . '/tests/Selenium');
}
- protected function login()
+ protected function login($username = null, $password = null)
{
- $this->go('mail');
+ if (!empty($username)) {
+ $this->login_data = array($username, $password);
+ }
+ $this->go('mail', null, true);
+ }
+
+ protected function do_login()
+ {
$user_input = $this->byCssSelector('form input[name="_user"]');
$pass_input = $this->byCssSelector('form input[name="_pass"]');
$submit = $this->byCssSelector('form input[type="submit"]');
- $user_input->value(TESTS_USER);
- $pass_input->value(TESTS_PASS);
+ $user_input->value($this->login_data[0]);
+ $pass_input->value($this->login_data[1]);
// submit login form
$submit->click();
@@ -134,16 +234,21 @@
sleep(TESTS_SLEEP);
}
- protected function go($task = 'mail', $action = null)
+ protected function go($task = 'mail', $action = null, $login = true)
{
$this->url(TESTS_URL . '?_task=' . $task);
// wait for interface load (initial ajax requests, etc.)
sleep(TESTS_SLEEP);
+ // check if we have a valid session
+ $env = $this->get_env();
+ if ($login && $env['task'] == 'login') {
+ $this->do_login();
+ }
+
if ($action) {
$this->click_button($action);
-
sleep(TESTS_SLEEP);
}
}
@@ -151,7 +256,7 @@
protected function get_env()
{
return $this->execute(array(
- 'script' => 'return rcmail.env;',
+ 'script' => 'return window.rcmail ? rcmail.env : {};',
'args' => array(),
));
}
@@ -225,10 +330,20 @@
// get response
$response = $this->execute(array(
- 'script' => "return window.test_ajax_response_object['$action'];",
+ 'script' => "return window.test_ajax_response_object ? test_ajax_response_object['$action'] : {};",
'args' => array(),
));
return $response;
}
+
+ protected function getText($element)
+ {
+ return $element->text() ?: $element->attribute('textContent');
+ }
+
+ protected function assertHasClass($classname, $element)
+ {
+ $this->assertContains($classname, $element->attribute('class'));
+ }
}
--
Gitblit v1.9.1