Skip to content
Permalink
Browse files
[FIXED JENKINS-21254] Ensuring that all <link>s offered on the /login…
… page can be read even by anonymous users without Jenkins.READ.

(cherry picked from commit 7c91c40)

Conflicts:
	changelog.html
  • Loading branch information
jglick authored and olivergondza committed Feb 15, 2014
1 parent 620513f commit 39865664cba56b9e01a76eb7ed73c12e318d98f8
@@ -133,7 +133,9 @@ ${h.initPageVariables(context)}
<link rel="stylesheet" href="${resURL}/scripts/yui/menu/assets/skins/sam/menu.css" type="text/css" />
<!--link rel="stylesheet" href="${resURL}/scripts/yui/editor/assets/skins/sam/editor.css" type="text/css" /-->

<link rel="search" type="application/opensearchdescription+xml" href="${rootURL}/opensearch.xml" title="Jenkins" />
<l:hasPermission permission="${app.READ}">
<link rel="search" type="application/opensearchdescription+xml" href="${rootURL}/opensearch.xml" title="Jenkins" />
</l:hasPermission>
<meta name="ROBOTS" content="INDEX,NOFOLLOW" />
<j:set var="mode" value="header" />
<d:invokeBody />
@@ -30,6 +30,7 @@
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.Page;
import com.gargoylesoftware.htmlunit.WebRequestSettings;
import com.gargoylesoftware.htmlunit.WebResponse;
import com.gargoylesoftware.htmlunit.html.DomNode;
import com.gargoylesoftware.htmlunit.html.HtmlButton;
import com.gargoylesoftware.htmlunit.html.HtmlElement;
@@ -206,6 +207,7 @@
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;

import jenkins.model.JenkinsLocationConfiguration;

@@ -249,11 +251,12 @@ public class JenkinsRule implements TestRule, MethodRule, RootAction {
protected Server server;

/**
* Where in the {@link Server} is Hudson deployed?
* Where in the {@link Server} is Jenkins deployed?
* <p>
* Just like {@link javax.servlet.ServletContext#getContextPath()}, starts with '/' but doesn't end with '/'.
* Unlike {@link WebClient#getContextPath} this is not a complete URL.
*/
protected String contextPath = "/jenkins";
public String contextPath = "/jenkins";

/**
* {@link Runnable}s to be invoked at {@link #after()} .
@@ -1881,10 +1884,10 @@ public Page getPage(String url) throws IOException, FailingHttpStatusCodeExcepti
}

/**
* Requests a page within Hudson.
* Requests an HTML page within Jenkins.
*
* @param relative
* Relative path within Hudson. Starts without '/'.
* Relative path within Jenkins. Starts without '/'.
* For example, "job/test/" to go to a job top page.
*/
public HtmlPage goTo(String relative) throws IOException, SAXException {
@@ -1896,14 +1899,24 @@ public HtmlPage goTo(String relative) throws IOException, SAXException {
}
}

public Page goTo(String relative, String expectedContentType) throws IOException, SAXException {
/**
* Requests a page within Jenkins.
*
* @param relative
* Relative path within Jenkins. Starts without '/'.
* For example, "job/test/" to go to a job top page.
* @param expectedContentType the expected {@link WebResponse#getContentType}, or null to do no such check
*/
public Page goTo(String relative, @CheckForNull String expectedContentType) throws IOException, SAXException {
assert !relative.startsWith("/");
Page p = super.getPage(getContextPath() + relative);
assertThat(p.getWebResponse().getContentType(), is(expectedContentType));
if (expectedContentType != null) {
assertThat(p.getWebResponse().getContentType(), is(expectedContentType));
}
return p;
}

/** Loads a page as XML. Useful for testing Hudson's xml api, in concert with
/** Loads a page as XML. Useful for testing Jenkins's XML API, in concert with
* assertXPath(DomNode page, String xpath)
* @param path the path part of the url to visit
* @return the XmlPage found at that url
@@ -1936,6 +1949,7 @@ public void assertFails(String url, int statusCode) throws Exception {
/**
* Returns the URL of the webapp top page.
* URL ends with '/'.
* <p>This is actually the same as {@link #getURL} and should not be confused with {@link #contextPath}.
*/
public String getContextPath() throws IOException {
return getURL().toExternalForm();
@@ -0,0 +1,55 @@
/*
* The MIT License
*
* Copyright 2014 Jesse Glick.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/

package lib.layout;

import com.gargoylesoftware.htmlunit.html.HtmlElement;
import com.gargoylesoftware.htmlunit.html.HtmlLink;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.Bug;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.recipes.PresetData;

public class LayoutTest {

@Rule public JenkinsRule r = new JenkinsRule();

@Bug(21254)
@PresetData(PresetData.DataSet.NO_ANONYMOUS_READACCESS)
@Test public void rejectedLinks() throws Exception {
JenkinsRule.WebClient wc = r.createWebClient();
String prefix = r.contextPath + '/';
for (HtmlElement e : wc.goTo("login").getElementsByTagName("link")) {
String href = ((HtmlLink) e).getHrefAttribute();
if (!href.startsWith(prefix)) {
System.err.println("ignoring " + href);
continue;
}
System.err.println("checking " + href);
wc.goTo(href.substring(prefix.length()), null);
}
}

}

0 comments on commit 3986566

Please sign in to comment.