OO-4517: unit test to check the default forbidden user agent in WebDAV

678f53a6 · srosse · 0021ee4a · 678f53a6 · 678f53a6
Commit 678f53a6 authored 5 years ago by srosse
--- a/src/test/java/org/olat/core/commons/services/webdav/WebDAVCommandsTest.java
+++ b/src/test/java/org/olat/core/commons/services/webdav/WebDAVCommandsTest.java
@@ -153,6 +153,7 @@ public class WebDAVCommandsTest extends WebDAVTestCase {
 		//head file
 		URI publicUri = conn.getBaseURI().path("webdav").path("home").path("public").path("test_head.txt").build();
 		HttpResponse response = conn.head(publicUri);
+		Assert.assertEquals(200, response.getStatusLine().getStatusCode());
 		Header lengthHeader = response.getFirstHeader("Content-Length");
 		Assert.assertNotNull(lengthHeader);
 		Assert.assertEquals("10", lengthHeader.getValue());
@@ -878,6 +879,49 @@ public class WebDAVCommandsTest extends WebDAVTestCase {
 		conn.close();
 	}
 	
+	/**
+	 * Default are the following User-Agent forbidden: empty, -
+	 * 
+	 * @throws IOException
+	 * @throws URISyntaxException
+	 */
+	@Test
+	public void forbiddenUserAgent()
+	throws IOException, URISyntaxException {
+		Identity user = JunitTestHelper.createAndPersistIdentityAsRndUser("webdav-2-");
+		
+		//create a file
+		String publicPath = FolderConfig.getUserHomes() + "/" + user.getName() + "/public";
+		VFSContainer vfsPublic = VFSManager.olatRootContainer(publicPath, null);
+		createFile(vfsPublic, "test_head.txt");
+		
+		WebDAVConnection conn = new WebDAVConnection();
+		URI publicUri = conn.getBaseURI().path("webdav").path("home").path("public").path("test_head.txt").build();
+
+		//head file with standard Apache User Agent -> Ok
+		conn.setCredentials(user.getName(), "A6B7C8");
+		HttpResponse response = conn.head(publicUri);
+		Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+		EntityUtils.consume(response.getEntity());
+		conn.close();
+		
+		// check with  "-" as User-Agent -> Forbidden
+		WebDAVConnection hyphenConn = new WebDAVConnection("-");
+		hyphenConn.setCredentials(user.getName(), "A6B7C8");
+		HttpResponse hyphenResponse = hyphenConn.head(publicUri);
+		Assert.assertEquals(403, hyphenResponse.getStatusLine().getStatusCode());
+		EntityUtils.consume(hyphenResponse.getEntity());
+		hyphenConn.close();
+		
+		// check with  "" as User-Agent -> Forbidden
+		WebDAVConnection emptyConn = new WebDAVConnection("-");
+		emptyConn.setCredentials(user.getName(), "A6B7C8");
+		HttpResponse emptyResponse = emptyConn.head(publicUri);
+		Assert.assertEquals(403, emptyResponse.getStatusLine().getStatusCode());
+		EntityUtils.consume(emptyResponse.getEntity());
+		emptyConn.close();
+	}
+	
 	private VFSItem createFile(VFSContainer container, String filename) throws IOException {
 		VFSLeaf testLeaf = container.createChildLeaf(filename);
 		try(InputStream in = WebDAVCommandsTest.class.getResourceAsStream("text.txt");

--- a/src/test/java/org/olat/core/commons/services/webdav/WebDAVConnection.java
+++ b/src/test/java/org/olat/core/commons/services/webdav/WebDAVConnection.java
@@ -39,8 +39,6 @@ import org.apache.http.client.methods.HttpHead;
 import org.apache.http.client.methods.HttpOptions;
 import org.apache.http.client.methods.HttpPut;
 import org.apache.http.client.methods.HttpUriRequest;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.conn.ssl.SSLContexts;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.BasicCookieStore;
 import org.apache.http.impl.client.BasicCredentialsProvider;
@@ -76,22 +74,25 @@ public class WebDAVConnection implements Closeable {
 	private final CloseableHttpClient httpclient;

 	public WebDAVConnection() {
-		this(WebDAVTestCase.PROTOCOL, WebDAVTestCase.HOST, WebDAVTestCase.PORT);
+		this(WebDAVTestCase.PROTOCOL, WebDAVTestCase.HOST, WebDAVTestCase.PORT, null);
 	}
 	
-	public WebDAVConnection(String protocol, String host, int port) {
+	public WebDAVConnection(String userAgent) {
+		this(WebDAVTestCase.PROTOCOL, WebDAVTestCase.HOST, WebDAVTestCase.PORT, userAgent);
+	}
+	
+	public WebDAVConnection(String protocol, String host, int port, String userAgent) {
 		this.protocol = protocol;
 		this.host = host;
 		this.port = port;
 		
-		SSLConnectionSocketFactory sslFactory
-			= new SSLConnectionSocketFactory(SSLContexts.createDefault(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
-		
-		httpclient = HttpClientBuilder.create()
+		HttpClientBuilder builder = HttpClientBuilder.create()
 				.setDefaultCookieStore(cookieStore)
-				.setDefaultCredentialsProvider(provider)
-				.setSSLSocketFactory(sslFactory)
-				.build();
+				.setDefaultCredentialsProvider(provider);
+		if(userAgent != null) {
+			builder.setUserAgent(userAgent);
+		}
+		httpclient = builder.build();
 	}
 	
 	public CookieStore getCookieStore() {
@@ -112,9 +113,7 @@ public class WebDAVConnection implements Closeable {
 	
 	public HttpResponse head(URI uri) throws IOException, URISyntaxException {
 		HttpHead propfind = new HttpHead(uri);
-		HttpResponse response = execute(propfind);
-		Assert.assertEquals(200, response.getStatusLine().getStatusCode());
-		return response;
+		return execute(propfind);
 	}
 	
 	public String propfind(URI uri, int depth) throws IOException, URISyntaxException {