From commits-return-89579-apmail-sling-commits-archive=sling.apache.org@sling.apache.org  Thu Sep 24 02:49:16 2020
Return-Path: <commits-return-89579-apmail-sling-commits-archive=sling.apache.org@sling.apache.org>
X-Original-To: apmail-sling-commits-archive@www.apache.org
Delivered-To: apmail-sling-commits-archive@www.apache.org
Received: from mailroute1-lw-us.apache.org (mailroute1-lw-us.apache.org [207.244.88.153])
	by minotaur.apache.org (Postfix) with ESMTP id B3EF419152
	for <apmail-sling-commits-archive@www.apache.org>; Thu, 24 Sep 2020 02:49:16 +0000 (UTC)
Received: from mail.apache.org (localhost [127.0.0.1])
	by mailroute1-lw-us.apache.org (ASF Mail Server at mailroute1-lw-us.apache.org) with SMTP id 644A012461B
	for <apmail-sling-commits-archive@www.apache.org>; Thu, 24 Sep 2020 02:49:16 +0000 (UTC)
Received: (qmail 51528 invoked by uid 500); 24 Sep 2020 02:49:16 -0000
Delivered-To: apmail-sling-commits-archive@sling.apache.org
Received: (qmail 51479 invoked by uid 500); 24 Sep 2020 02:49:15 -0000
Mailing-List: contact commits-help@sling.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@sling.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@sling.apache.org>
List-Post: <mailto:commits@sling.apache.org>
List-Id: <commits.sling.apache.org>
Reply-To: dev@sling.apache.org
Delivered-To: mailing list commits@sling.apache.org
Received: (qmail 51466 invoked by uid 99); 24 Sep 2020 02:49:15 -0000
Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Sep 2020 02:49:15 +0000
Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33)
	id 5430E8DCA0; Thu, 24 Sep 2020 02:49:15 +0000 (UTC)
Date: Thu, 24 Sep 2020 02:49:15 +0000
To: "commits@sling.apache.org" <commits@sling.apache.org>
Subject: [sling-org-apache-sling-app-cms] branch master updated: Testing
 other common cases for the CMS Security Filter
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-ID: <160091575512.23264.8912503812071753330@gitbox.apache.org>
From: dklco@apache.org
X-Git-Host: gitbox.apache.org
X-Git-Repo: sling-org-apache-sling-app-cms
X-Git-Refname: refs/heads/master
X-Git-Reftype: branch
X-Git-Oldrev: c8666652e26531443c743fa5a32a5164fae95a26
X-Git-Newrev: fde0d090bd412caa67fcecb61aa62dc6c8c704ea
X-Git-Rev: fde0d090bd412caa67fcecb61aa62dc6c8c704ea
X-Git-NotificationType: ref_changed_plus_diff
X-Git-Multimail-Version: 1.5.dev
Auto-Submitted: auto-generated

This is an automated email from the ASF dual-hosted git repository.

dklco pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-app-cms.git


The following commit(s) were added to refs/heads/master by this push:
     new fde0d09  Testing other common cases for the CMS Security Filter
fde0d09 is described below

commit fde0d090bd412caa67fcecb61aa62dc6c8c704ea
Author: Dan Klco <dklco@apache.org>
AuthorDate: Wed Sep 23 22:49:00 2020 -0400

    Testing other common cases for the CMS Security Filter
---
 .../internal/filters/CMSSecurityFilterTest.java    | 90 ++++++++++++++++++++++
 1 file changed, 90 insertions(+)

diff --git a/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilterTest.java b/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilterTest.java
index 7edc430..c8c853a 100644
--- a/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilterTest.java
+++ b/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilterTest.java
@@ -26,6 +26,8 @@ import javax.jcr.UnsupportedRepositoryOperationException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.cms.PublishableResource;
 import org.apache.sling.cms.core.helpers.SlingCMSTestHelper;
 import org.apache.sling.cms.publication.PUBLICATION_MODE;
 import org.apache.sling.cms.publication.PublicationManagerFactory;
@@ -99,4 +101,92 @@ public class CMSSecurityFilterTest {
         securityFilter.doFilter(context.request(), context.response(), Mockito.mock(FilterChain.class));
         assertEquals(200, context.response().getStatus());
     }
+
+    @Test
+    public void testAllowedPath() throws IOException, ServletException {
+
+        PublicationManagerFactory factory = Mockito.mock(PublicationManagerFactory.class);
+        Mockito.when(factory.getPublicationMode()).thenReturn(PUBLICATION_MODE.STANDALONE);
+        context.registerService(PublicationManagerFactory.class, factory);
+
+        CMSSecurityConfigInstance config = new CMSSecurityConfigInstance();
+        config.activate(new CMSSecurityFilterConfig() {
+
+            @Override
+            public Class<? extends Annotation> annotationType() {
+                return null;
+            }
+
+            @Override
+            public String[] hostDomains() {
+                return new String[] { "cms.apache.org" };
+            }
+
+            @Override
+            public String[] allowedPatterns() {
+                return new String[] { "\\/static\\/.*" };
+            }
+
+            @Override
+            public String group() {
+                return null;
+            }
+
+        });
+        context.registerService(CMSSecurityConfigInstance.class, config);
+
+        securityFilter = context.registerInjectActivateService(new CMSSecurityFilter());
+
+        context.request().setRemoteHost("cms.apache.org");
+        context.request().setServletPath("/static/test1.txt");
+
+        securityFilter.doFilter(context.request(), context.response(), Mockito.mock(FilterChain.class));
+        assertEquals(200, context.response().getStatus());
+    }
+
+    @Test
+    public void testPublished() throws IOException, ServletException {
+
+        PublicationManagerFactory factory = Mockito.mock(PublicationManagerFactory.class);
+        Mockito.when(factory.getPublicationMode()).thenReturn(PUBLICATION_MODE.STANDALONE);
+        context.registerService(PublicationManagerFactory.class, factory);
+
+        CMSSecurityConfigInstance config = new CMSSecurityConfigInstance();
+        config.activate(new CMSSecurityFilterConfig() {
+
+            @Override
+            public Class<? extends Annotation> annotationType() {
+                return null;
+            }
+
+            @Override
+            public String[] hostDomains() {
+                return new String[] { "cms.apache.org" };
+            }
+
+            @Override
+            public String[] allowedPatterns() {
+                return new String[] { "\\/static\\/.*" };
+            }
+
+            @Override
+            public String group() {
+                return null;
+            }
+
+        });
+        context.registerService(CMSSecurityConfigInstance.class, config);
+
+        securityFilter = context.registerInjectActivateService(new CMSSecurityFilter());
+
+        context.request().setRemoteHost("cms.apache.org");
+        context.request().setServletPath("/content/test1.txt");
+
+        PublishableResource published = Mockito.mock(PublishableResource.class);
+        Mockito.when(published.isPublished()).thenReturn(true);
+        context.registerAdapter(Resource.class, PublishableResource.class, published);
+
+        securityFilter.doFilter(context.request(), context.response(), Mockito.mock(FilterChain.class));
+        assertEquals(200, context.response().getStatus());
+    }
 }
\ No newline at end of file