/*
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.rest.api.tests;
import static org.alfresco.rest.api.tests.util.RestApiUtil.toJsonAsStringNonNull;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.net.URL;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.audit.model.AuditModelRegistryImpl;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.rest.AbstractSingleNetworkSiteTest;
import org.alfresco.rest.api.tests.client.PublicApiClient;
import org.alfresco.rest.api.tests.client.PublicApiClient.AuditApps;
import org.alfresco.rest.api.tests.client.PublicApiClient.ListResponse;
import org.alfresco.rest.api.tests.client.PublicApiClient.Paging;
import org.alfresco.rest.api.tests.client.PublicApiException;
import org.alfresco.rest.api.tests.client.data.AuditApp;
import org.alfresco.rest.api.tests.client.data.AuditEntry;
import org.alfresco.rest.api.tests.client.data.Node;
import org.alfresco.rest.framework.resource.parameters.SortColumn;
import org.alfresco.service.cmr.audit.AuditService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.site.SiteVisibility;
import org.alfresco.util.ISO8601DateFormat;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.util.ResourceUtils;
/**
* @author anechifor, aforascu, eknizat, janv
*/
public class AuditAppTest extends AbstractSingleNetworkSiteTest
{
protected PermissionService permissionService;
protected AuthorityService authorityService;
protected AuditService auditService;
protected static String AUDIT_APP_ID = "alfresco-access";
@Before
public void setup() throws Exception
{
super.setup();
permissionService = applicationContext.getBean("permissionService", PermissionService.class);
authorityService = (AuthorityService) applicationContext.getBean("AuthorityService");
auditService = applicationContext.getBean("AuditService", AuditService.class);
AuditModelRegistryImpl auditModelRegistry = (AuditModelRegistryImpl) applicationContext.getBean("auditModel.modelRegistry");
// Register the test model
URL testModelUrl = ResourceUtils.getURL("classpath:alfresco/audit/alfresco-audit-access.xml");
auditModelRegistry.registerModel(testModelUrl);
auditModelRegistry.loadAuditModels();
}
@After
public void tearDown() throws Exception
{
super.tearDown();
}
@Test
public void testGetAuditApps() throws Exception
{
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
testGetAuditAppsSkipPaging();
}
@Test
public void testGetAuditApp() throws Exception
{
final AuditApps auditAppsProxy = publicApiClient.auditApps();
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
String appId = getFirstAuditAppId();
// Enable system audit
AuthenticationUtil.setFullyAuthenticatedUser(networkAdmin);
enableSystemAudit();
// Negative tests
// Check with invalid audit application id.
{
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
auditAppsProxy.getAuditApp("invalidAuditId", HttpServletResponse.SC_NOT_FOUND);
}
// Check that non-admin user doesn't have access to audit applications
{
setRequestContext(networkOne.getId(), user1, null);
auditAppsProxy.getAuditApp("randomAuditId", HttpServletResponse.SC_FORBIDDEN);
}
// Check that response code 501 is received when system audit is
// disabled
{
// Get an enabled audit application
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
// Disable system audit
AuthenticationUtil.setFullyAuthenticatedUser(networkAdmin);
disableSystemAudit();
// Check response code
auditAppsProxy.getAuditApp(appId, HttpServletResponse.SC_NOT_IMPLEMENTED);
// Re-enable system audit
enableSystemAudit();
}
// Positive tests
// Get audit application information
{
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
AuditApp auditApp = auditAppsProxy.getAuditApp(appId);
validateAuditApplicationFields(auditApp);
}
{
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
AuditApp auditApp = auditAppsProxy.getAuditApp("alfresco-access");
HashMap <String, String> params = new HashMap<>();
// Get only minimum record id
params.put("include", "min");
auditApp = auditAppsProxy.getAuditApp(auditApp.getId(), params, HttpServletResponse.SC_OK);
validateAuditApplicationFields(auditApp, params);
// Get minimum and maximum record id
params.put("include", "max,min");
auditApp = auditAppsProxy.getAuditApp(auditApp.getId(), params, HttpServletResponse.SC_OK);
validateAuditApplicationFields(auditApp, params);
// Get with invalid include parameters
params.put("include", "test,test1,test2");
auditApp = auditAppsProxy.getAuditApp(auditApp.getId(), params, HttpServletResponse.SC_OK);
validateAuditApplicationFields(auditApp, params);
// Get with duplicate params
params.put("include", "max,max");
auditApp = auditAppsProxy.getAuditApp(auditApp.getId(), params, HttpServletResponse.SC_OK);
validateAuditApplicationFields(auditApp, params);
}
}
private void testGetAuditAppsSkipPaging() throws Exception
{
// +ve: check skip count.
{
// Paging and list auditApp
int skipCount = 0;
int maxItems = 4;
Paging paging = getPaging(skipCount, maxItems);
ListResponse<AuditApp> resp = getAuditApps(paging);
// Paging and list groups with skip count.
skipCount = 2;
maxItems = 2;
paging = getPaging(skipCount, maxItems);
ListResponse<AuditApp> sublistResponse = getAuditApps(paging);
List<AuditApp> expectedSublist = sublist(resp.getList(), skipCount, maxItems);
checkList(expectedSublist, sublistResponse.getPaging(), sublistResponse);
}
// -ve: check skip count.
{
getAuditApps(getPaging(-1, null), "", HttpServletResponse.SC_BAD_REQUEST);
}
}
private ListResponse<AuditApp> getAuditApps(final PublicApiClient.Paging paging, String errorMessage,
int expectedStatus) throws Exception
{
final AuditApps auditAppsProxy = publicApiClient.auditApps();
return auditAppsProxy.getAuditApps(createParams(paging), errorMessage, expectedStatus);
}
private ListResponse<AuditApp> getAuditApps(final PublicApiClient.Paging paging) throws Exception
{
return getAuditApps(paging, "Failed to get audit applications", HttpServletResponse.SC_OK);
}
protected Map<String, String> createParams(Paging paging)
{
Map<String, String> params = new HashMap<String, String>(2);
if (paging != null)
{
if (paging.getSkipCount() != null)
{
params.put("skipCount", String.valueOf(paging.getSkipCount()));
}
if (paging.getMaxItems() != null)
{
params.put("maxItems", String.valueOf(paging.getMaxItems()));
}
}
return params;
}
private void validateAuditApplicationFields(AuditApp auditApp)
{
assertNotNull(auditApp);
assertNotNull(auditApp.getId());
assertNotNull(auditApp.getName());
assertNotNull(auditApp.getIsEnabled());
assertFalse(auditApp.getId().isEmpty());
assertFalse(auditApp.getName().isEmpty());
assertTrue(auditApp.getIsEnabled());
}
private void validateAuditApplicationFields(AuditApp auditApp, HashMap<String, String> params)
{
validateAuditApplicationFields(auditApp);
if (params.get("include").contains("max"))
{
assertNotNull(auditApp.getMaxEntryId());
}
if (params.get("include").contains("min"))
{
assertNotNull(auditApp.getMinEntryId());
}
}
private void validateAuditEntryFields(AuditEntry auditEntry, AuditApp auditApp)
{
String auditAppid = auditApp.getId();
assertNotNull(auditEntry);
assertNotNull(auditEntry.getId());
assertNotNull(auditEntry.getAuditApplicationId());
assertNotNull(auditEntry.getCreatedAt());
assertNotNull(auditEntry.getCreatedByUser());
assertFalse(auditEntry.getId().toString().isEmpty());
assertFalse(auditEntry.getAuditApplicationId().isEmpty());
if (auditApp.getId().equals(AUDIT_APP_ID))
{
assertTrue(auditEntry.getAuditApplicationId().toString().equals(auditAppid));
}
}
private String getFirstAuditAppId() throws PublicApiException
{
// Get one of the audit app ids ( fail test if there are no audit apps
// in the system )
ListResponse<AuditApp> apps = publicApiClient.auditApps().getAuditApps(null, "Getting audit apps error ",
HttpServletResponse.SC_OK);
if (apps.getList().size() == 0)
{
fail("There are no audit applications to run this test against.");
}
return apps.getList().get(0).getId();
}
@Test
public void testEnableDisableAuditApplication() throws Exception
{
AuditApp requestAuditApp = new AuditApp();
AuditApp responseAuditApp = null;
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
String appId = getFirstAuditAppId();
// +ve
// Disable audit app
requestAuditApp.setIsEnabled(false);
responseAuditApp = publicApiClient.auditApps().updateAuditApp(appId, requestAuditApp, null,
HttpServletResponse.SC_OK);
assertFalse("Wrong response for request to disable audit app.", responseAuditApp.getIsEnabled());
assertFalse("Disable audit app test failed.", publicApiClient.auditApps().getAuditApp(appId).getIsEnabled());
// Enable audit app
requestAuditApp.setIsEnabled(true);
responseAuditApp = publicApiClient.auditApps().updateAuditApp(appId, requestAuditApp, null,
HttpServletResponse.SC_OK);
assertTrue("Wrong response for request to enable audit app.", responseAuditApp.getIsEnabled());
assertTrue("Enable audit app test failed.", publicApiClient.auditApps().getAuditApp(appId).getIsEnabled());
// -ve
// 400
publicApiClient.auditApps().update("audit-applications", appId, null, null, "badBody", null,
"Was expecting error 400", HttpServletResponse.SC_BAD_REQUEST);
// 401
setRequestContext(networkOne.getId(), networkAdmin, "fakepswd");
publicApiClient.auditApps().updateAuditApp(appId, requestAuditApp, null, HttpServletResponse.SC_UNAUTHORIZED);
// 403
setRequestContext(networkOne.getId(), user1, null);
publicApiClient.auditApps().updateAuditApp(appId, requestAuditApp, null, HttpServletResponse.SC_FORBIDDEN);
// 404
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
publicApiClient.auditApps().updateAuditApp("fakeid", requestAuditApp, null, HttpServletResponse.SC_NOT_FOUND);
// 501
AuthenticationUtil.setFullyAuthenticatedUser(networkAdmin);
disableSystemAudit();
publicApiClient.auditApps().updateAuditApp(appId, requestAuditApp, null,
HttpServletResponse.SC_NOT_IMPLEMENTED);
enableSystemAudit();
}
protected void enableSystemAudit()
{
boolean isEnabled = auditService.isAuditEnabled();
if (!isEnabled)
{
auditService.setAuditEnabled(true);
isEnabled = auditService.isAuditEnabled();
if (!isEnabled)
{
fail("Failed to enable system audit for testing");
}
}
}
protected void disableSystemAudit()
{
boolean isEnabled = auditService.isAuditEnabled();
if (isEnabled)
{
auditService.setAuditEnabled(false);
isEnabled = auditService.isAuditEnabled();
if (isEnabled)
{
fail("Failed to disable system audit for testing");
}
}
}
@Test
public void testAuditEntries() throws Exception
{
final AuditApps auditAppsProxy = publicApiClient.auditApps();
// Get and enable audit app
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
AuditApp auditApp = auditAppsProxy.getAuditApp("alfresco-access");
testGetAuditEntries(auditAppsProxy, auditApp);
testAuditEntriesSorting(auditAppsProxy, auditApp);
testAuditEntriesWhereDate(auditAppsProxy, auditApp);
testAuditEntriesWhereId(auditAppsProxy, auditApp);
testAuditEntriesWithInclude(auditAppsProxy, auditApp);
testAuditEntriesSkipCount(auditAppsProxy, auditApp);
testRetrieveAuditEntry(auditAppsProxy, auditApp);
testDeleteAuditEntry(auditAppsProxy, auditApp);
testDeleteAuditEntries(auditAppsProxy, auditApp);
}
private void testGetAuditEntries(AuditApps auditAppsProxy, AuditApp auditApp) throws Exception
{
// Positive tests
ListResponse<AuditEntry> auditEntries = auditAppsProxy.getAuditAppEntries(auditApp.getId(), null,
HttpServletResponse.SC_OK);
for (AuditEntry ae : auditEntries.getList())
{
validateAuditEntryFields(ae, auditApp);
}
// Negative tests
// 401
setRequestContext(networkOne.getId(), networkAdmin, "wrongPassword");
auditAppsProxy.getAuditAppEntries(auditApp.getId(), null, HttpServletResponse.SC_UNAUTHORIZED);
// 403
setRequestContext(networkOne.getId(), user1, null);
auditAppsProxy.getAuditAppEntries(auditApp.getId(), null, HttpServletResponse.SC_FORBIDDEN);
// 404
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
auditAppsProxy.getAuditAppEntries("randomId", null, HttpServletResponse.SC_NOT_FOUND);
// 501
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
AuthenticationUtil.setFullyAuthenticatedUser(networkAdmin);
disableSystemAudit();
auditAppsProxy.getAuditAppEntries("randomId", null, HttpServletResponse.SC_NOT_IMPLEMENTED);
enableSystemAudit();
}
private void testAuditEntriesSorting(AuditApps auditAppsProxy, AuditApp auditApp) throws Exception
{
// paging
Paging paging = getPaging(0, 10);
Map<String, String> otherParams = new HashMap<>();
// Default order.
addOrderBy(otherParams, org.alfresco.rest.api.Audit.CREATED_AT, null);
ListResponse<AuditEntry> auditEntries = auditAppsProxy.getAuditAppEntries(auditApp.getId(),
createParams(paging, otherParams), HttpServletResponse.SC_OK);
assertNotNull(auditEntries);
assertTrue("audit entry size more that 2", auditEntries.getList().size() > 1);
assertTrue("auditEntries order not valid",
auditEntries.getList().get(0).getCreatedAt().before(auditEntries.getList().get(1).getCreatedAt()));
}
private void testAuditEntriesWhereDate(AuditApps auditAppsProxy, AuditApp auditApp) throws Exception
{
// paging
Paging paging = getPaging(0, 10);
Date dateBefore = new Date();
String dateBeforeWhere = ISO8601DateFormat.format(dateBefore);
createUser("usern-" + RUNID, "userNPassword", networkOne);
login("usern-" + RUNID, "userNPassword");
Date dateAfter = new Date();
String dateAfterWhere = ISO8601DateFormat.format(dateAfter);
Map<String, String> otherParams = new HashMap<>();
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_AT + " between (" + "\'" + dateBeforeWhere + "\'" + ", " + "\'"
+ dateAfterWhere + "\'" + "))");
ListResponse<AuditEntry> auditEntries = auditAppsProxy.getAuditAppEntries(auditApp.getId(), createParams(paging, otherParams),
HttpServletResponse.SC_OK);
assertNotNull(auditEntries);
assertTrue(auditEntries.getList().size() > 0);
for (AuditEntry ae : auditEntries.getList())
{
validateAuditEntryFields(ae, auditApp);
}
//
// note: sanity test parsing of a few ISO8601 formats (non-exhaustive) - eg. +01:00, +0000, Z
//
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_AT + " between ("
+ "\'2016-06-02T12:13:51.593+01:00\'" + ", " + "\'2017-06-04T10:05:16.536+01:00\'" + "))");
auditAppsProxy.getAuditAppEntries(auditApp.getId(), createParams(paging, otherParams), HttpServletResponse.SC_OK);
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_AT + " between ("
+ "\'2016-06-02T11:13:51.593+0000\'" + ", " + "\'2017-06-04T09:05:16.536+0000\'" + "))");
auditAppsProxy.getAuditAppEntries(auditApp.getId(), createParams(paging, otherParams), HttpServletResponse.SC_OK);
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_AT + " between ("
+ "\'2016-06-02T11:13:51.593Z\'" + ", " + "\'2017-06-04T09:05:16.536Z\'" + "))");
auditAppsProxy.getAuditAppEntries(auditApp.getId(), createParams(paging, otherParams), HttpServletResponse.SC_OK);
// Negative tests
otherParams = new HashMap<>();
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_AT + " between ("
+ "\'2017-06-04T10:05:16.536+01:00\'" + ", " + "\'2016-06-02T12:13:51.593+01:00\'" + "))");
auditAppsProxy.getAuditAppEntries(auditApp.getId(), createParams(paging, otherParams), HttpServletResponse.SC_BAD_REQUEST);
}
private void testAuditEntriesWhereId(AuditApps auditAppsProxy, AuditApp auditApp) throws Exception
{
// paging
Paging paging = getPaging(0, 10);
// where params
Map<String, String> otherParams = new HashMap<>();
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.ID + " between (" + "\'1\' , \'10\'" + "))");
ListResponse<AuditEntry> auditEntries = auditAppsProxy.getAuditAppEntries(auditApp.getId(),
createParams(paging, otherParams), HttpServletResponse.SC_OK);
assertNotNull(auditEntries);
// Negative tests
otherParams = new HashMap<>();
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_AT + " between between (" + "\'10\' , \'1\'" + "))");
auditAppsProxy.getAuditAppEntries(auditApp.getId(), createParams(paging, otherParams), HttpServletResponse.SC_BAD_REQUEST);
}
private void testAuditEntriesWithInclude(AuditApps auditAppsProxy, AuditApp auditApp) throws Exception
{
Paging paging = getPaging(0, 10);
Map<String, String> otherParams = new HashMap<>();
ListResponse<AuditEntry> auditEntriesWithoutValues = auditAppsProxy.getAuditAppEntries(auditApp.getId(), createParams(paging, otherParams),
HttpServletResponse.SC_OK);
assertNotNull(auditEntriesWithoutValues);
for (AuditEntry ae : auditEntriesWithoutValues.getList())
{
validateAuditEntryFields(ae, auditApp);
assertNull(ae.getValues());
}
otherParams.put("include", org.alfresco.rest.api.Audit.PARAM_INCLUDE_VALUES);
// list auditEntries with values
ListResponse<AuditEntry> auditEntriesWithValues = auditAppsProxy.getAuditAppEntries(auditApp.getId(), createParams(paging, otherParams),
HttpServletResponse.SC_OK);
assertNotNull(auditEntriesWithValues);
for (AuditEntry ae : auditEntriesWithValues.getList())
{
validateAuditEntryFields(ae, auditApp);
assertNotNull(ae.getValues());
assertTrue("audit values not empty", ae.getValues().keySet().size() > 0);
}
}
private void testAuditEntriesSkipCount(AuditApps auditAppsProxy, AuditApp auditApp) throws Exception
{
int skipCount = 0;
int maxItems = 4;
Paging paging = getPaging(skipCount, maxItems);
Map<String, String> otherParams = new HashMap<>();
ListResponse<AuditEntry> resp = auditAppsProxy.getAuditAppEntries(auditApp.getId(),
createParams(paging, otherParams), HttpServletResponse.SC_OK);
// Paging and list groups with skip count.
skipCount = 2;
maxItems = 2;
paging = getPaging(skipCount, maxItems);
ListResponse<AuditEntry> sublistResponse = auditAppsProxy.getAuditAppEntries(auditApp.getId(),
createParams(paging, otherParams), HttpServletResponse.SC_OK);
List<AuditEntry> expectedSublist = sublist(resp.getList(), skipCount, maxItems);
checkList(expectedSublist, sublistResponse.getPaging(), sublistResponse);
}
private void testRetrieveAuditEntry(AuditApps auditAppsProxy, AuditApp auditApp) throws Exception
{
int skipCount = 0;
int maxItems = 4;
Paging paging = getPaging(skipCount, maxItems);
Map<String, String> otherParams = new HashMap<>();
ListResponse<AuditEntry> resp = auditAppsProxy.getAuditAppEntries(auditApp.getId(),
createParams(paging, otherParams), HttpServletResponse.SC_OK);
String id = resp.getList().get(0).getId().toString();
//Positive tests
//200
AuditEntry entryResp = auditAppsProxy.getAuditEntry(auditApp.getId(), id, null, HttpServletResponse.SC_OK);
validateAuditEntryFields(entryResp, auditApp);
assertNotNull(entryResp.getValues());
// Negative tests
// 400
auditAppsProxy.getAuditEntry(auditApp.getId(), id+"invalidIdText", null, HttpServletResponse.SC_BAD_REQUEST);
// 401
setRequestContext(networkOne.getId(), networkAdmin, "wrongPassword");
auditAppsProxy.getAuditEntry(auditApp.getId(), id, null, HttpServletResponse.SC_UNAUTHORIZED);
// 403
setRequestContext(networkOne.getId(), user1, null);
auditAppsProxy.getAuditEntry(auditApp.getId(), id, null, HttpServletResponse.SC_FORBIDDEN);
// 404
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
auditAppsProxy.getAuditEntry(auditApp.getId(), "" + Math.abs(new Random().nextLong()), null, HttpServletResponse.SC_NOT_FOUND);
// 501
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
AuthenticationUtil.setFullyAuthenticatedUser(networkAdmin);
disableSystemAudit();
auditAppsProxy.getAuditEntry(auditApp.getId(), id, null, HttpServletResponse.SC_NOT_IMPLEMENTED);
enableSystemAudit();
}
private void testDeleteAuditEntry(AuditApps auditAppsProxy, AuditApp auditApp) throws Exception
{
int skipCount = 0;
int maxItems = 4;
Paging paging = getPaging(skipCount, maxItems);
Map<String, String> otherParams = new HashMap<>();
ListResponse<AuditEntry> resp = auditAppsProxy.getAuditAppEntries(auditApp.getId(),
createParams(paging, otherParams), HttpServletResponse.SC_OK);
String id = resp.getList().get(0).getId().toString();
// Negative tests
// 400
auditAppsProxy.getAuditEntry(auditApp.getId(), id+"invalidIdText", null, HttpServletResponse.SC_BAD_REQUEST);
// 401
setRequestContext(networkOne.getId(), networkAdmin, "wrongPassword");
auditAppsProxy.deleteAuditEntry(auditApp.getId(), id, null, HttpServletResponse.SC_UNAUTHORIZED);
// 403
setRequestContext(networkOne.getId(), user1, null);
auditAppsProxy.deleteAuditEntry(auditApp.getId(), id, null, HttpServletResponse.SC_FORBIDDEN);
// 404
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
auditAppsProxy.deleteAuditEntry(auditApp.getId(), "" + Math.abs(new Random().nextLong()), null, HttpServletResponse.SC_NOT_FOUND);
// 501
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
AuthenticationUtil.setFullyAuthenticatedUser(networkAdmin);
disableSystemAudit();
auditAppsProxy.deleteAuditEntry(auditApp.getId(), id, null, HttpServletResponse.SC_NOT_IMPLEMENTED);
enableSystemAudit();
//Positive tests
//204
auditAppsProxy.deleteAuditEntry(auditApp.getId(), id, null, HttpServletResponse.SC_NO_CONTENT);
}
private void testDeleteAuditEntries(AuditApps auditAppsProxy, AuditApp auditApp) throws Exception
{
int skipCount = 0;
int maxItems = 4;
Paging paging = getPaging(skipCount, maxItems);
Map<String, String> otherParams = new HashMap<>();
ListResponse<AuditEntry> resp = auditAppsProxy.getAuditAppEntries(auditApp.getId(), createParams(paging, otherParams),
HttpServletResponse.SC_OK);
String dateBefore = ISO8601DateFormat.format(resp.getList().get(0).getCreatedAt());
String dateAfter = ISO8601DateFormat.format(resp.getList().get(2).getCreatedAt());
Long secondDeleteEntryId = resp.getList().get(1).getId();
Long lastDeleteEntryId = resp.getList().get(2).getId();
// Negative tests
// 400 - switched dates and consecutive switched IDs
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_AT + " between (" + "\'" + dateAfter + "\'" + ", " + "\'"
+ dateBefore + "\'" + "))");
auditAppsProxy.deleteAuditEntries(auditApp.getId(), otherParams, HttpServletResponse.SC_BAD_REQUEST);
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.ID + " between (" + "\'" + lastDeleteEntryId + "\'" + ", " + "\'"
+ secondDeleteEntryId + "\'" + "))");
auditAppsProxy.deleteAuditEntries(auditApp.getId(), otherParams, HttpServletResponse.SC_BAD_REQUEST);
// 401
// put correct dates back
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_AT + " between (" + "\'" + dateBefore + "\'" + ", " + "\'"
+ dateAfter + "\'" + "))");
setRequestContext(networkOne.getId(), networkAdmin, "wrongPassword");
auditAppsProxy.deleteAuditEntries(auditApp.getId(), otherParams, HttpServletResponse.SC_UNAUTHORIZED);
// 403
setRequestContext(networkOne.getId(), user1, null);
auditAppsProxy.deleteAuditEntries(auditApp.getId(), otherParams, HttpServletResponse.SC_FORBIDDEN);
// 404
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
auditAppsProxy.deleteAuditEntries("invalidAppId", otherParams, HttpServletResponse.SC_NOT_FOUND);
// 501
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
AuthenticationUtil.setFullyAuthenticatedUser(networkAdmin);
disableSystemAudit();
auditAppsProxy.deleteAuditEntries(auditApp.getId(), otherParams, HttpServletResponse.SC_NOT_IMPLEMENTED);;
enableSystemAudit();
// Positive tests
// 200
auditAppsProxy.deleteAuditEntries(auditApp.getId(), otherParams, HttpServletResponse.SC_NO_CONTENT);
// check that the entries were deleted.
// firstEntry should have id > than lastDeleteEntryId
resp = auditAppsProxy.getAuditAppEntries(auditApp.getId(), createParams(paging, new HashMap<>()),
HttpServletResponse.SC_OK);
assertTrue("Entries were not deleted", resp.getList().get(0).getId() > lastDeleteEntryId);
}
/**
* Perform a login attempt (to be used to create audit entries)
*/
private void login(final String username, final String password) throws Exception
{
// Force a failed login
RunAsWork<Void> failureWork = new RunAsWork<Void>()
{
@Override
public Void doWork() throws Exception
{
try
{
authenticationService.authenticate(username, password.toCharArray());
fail("Failed to force authentication failure");
}
catch (AuthenticationException e)
{
// Expected
}
return null;
}
};
AuthenticationUtil.runAs(failureWork, AuthenticationUtil.getSystemUserName());
}
protected Map<String, String> createParams(Paging paging, Map<String, String> otherParams)
{
Map<String, String> params = new HashMap<String, String>(2);
if (paging != null)
{
if (paging.getSkipCount() != null)
{
params.put("skipCount", String.valueOf(paging.getSkipCount()));
}
if (paging.getMaxItems() != null)
{
params.put("maxItems", String.valueOf(paging.getMaxItems()));
}
}
if (otherParams != null)
{
params.putAll(otherParams);
}
return params;
}
private void addOrderBy(Map<String, String> otherParams, String sortColumn, Boolean asc)
{
otherParams.put("orderBy",
sortColumn + (asc != null ? " " + (asc ? SortColumn.ASCENDING : SortColumn.DESCENDING) : ""));
}
private String createFolderInPrivateSite(String siteTitle, String folderName) throws Exception
{
String siteId = createSite(siteTitle, SiteVisibility.PRIVATE).getId();
String siteDocLibNodeId = getSiteContainerNodeId(siteId, "documentLibrary");
return createFolder(siteDocLibNodeId, folderName).getId();
}
private void renameNode(String nodeId, String newName) throws Exception
{
Node nUpdate = new Node();
nUpdate.setName(newName);
put(URL_NODES, nodeId, toJsonAsStringNonNull(nUpdate), null, 200);
}
@Test
public void testAuditEntriesByNodeId() throws Exception
{
final AuditApps auditAppsProxy = publicApiClient.auditApps();
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
String adminNodeId = createFolderInPrivateSite("testSiteAdmin" + RUNID, "testFolderAdmin" + RUNID);
// requires admin
AuditApp alfAccessAuditApp = auditAppsProxy.getAuditApp(AUDIT_APP_ID);
setRequestContext(user1);
String nodeId = createFolderInPrivateSite("testSiteUser" + RUNID, "testFolderUser1" + RUNID);
renameNode(nodeId, "testFolderUser1" + RUNID + "b");
testGetAuditEntriesByNodeId(auditAppsProxy, nodeId, alfAccessAuditApp);
testAuditEntriesSortingByNodeId(auditAppsProxy, nodeId);
testAuditEntriesWhereDateByNodeId(auditAppsProxy, nodeId);
testAuditEntriesWithIncludeByNodeId(auditAppsProxy, nodeId, alfAccessAuditApp);
testAuditEntriesSkipCountByNodeId(auditAppsProxy, nodeId);
testAuditEntriesWhereUserByNodeId(auditAppsProxy, adminNodeId, alfAccessAuditApp);
}
private void testAuditEntriesSkipCountByNodeId(AuditApps auditAppsProxy, String nodeId) throws Exception
{
setRequestContext(user1);
int skipCount = 0;
int maxItems = 4;
final Paging paging = getPaging(skipCount, maxItems);
Map<String, String> params;
Map<String, String> otherParams = new HashMap<>();
params = createParams(paging, otherParams);
ListResponse<AuditEntry> resp = auditAppsProxy.getAuditAppEntriesByNodeRefId(nodeId, params, HttpServletResponse.SC_OK);
// Paging and list groups with skip count.
skipCount = 2;
maxItems = 2;
final Paging pagingSkip = getPaging(skipCount, maxItems);
params = createParams(pagingSkip, otherParams);
ListResponse<AuditEntry> sublistResponse = auditAppsProxy.getAuditAppEntriesByNodeRefId(nodeId, params, HttpServletResponse.SC_OK);
List<AuditEntry> expectedSublist = sublist(resp.getList(), skipCount, maxItems);
checkList(expectedSublist, sublistResponse.getPaging(), sublistResponse);
}
private void testAuditEntriesWithIncludeByNodeId(AuditApps auditAppsProxy, String nodeId, AuditApp alfAccessAuditApp) throws Exception
{
setRequestContext(user1);
Paging paging = getPaging(0, 10);
Map<String, String> otherParams = new HashMap<>();
Map<String, String> params = createParams(paging, otherParams);
ListResponse<AuditEntry> auditEntriesWithoutValues = auditAppsProxy.getAuditAppEntriesByNodeRefId(nodeId, params, HttpServletResponse.SC_OK);
assertNotNull(auditEntriesWithoutValues);
for (AuditEntry ae : auditEntriesWithoutValues.getList())
{
validateAuditEntryFields(ae, alfAccessAuditApp);
assertNull(ae.getValues());
}
otherParams.put("include", org.alfresco.rest.api.Audit.PARAM_INCLUDE_VALUES);
params = createParams(paging, otherParams);
// list auditEntries with values
ListResponse<AuditEntry> auditEntriesWithValues = auditAppsProxy.getAuditAppEntriesByNodeRefId(nodeId, params, HttpServletResponse.SC_OK);
assertNotNull(auditEntriesWithValues);
for (AuditEntry ae : auditEntriesWithValues.getList())
{
validateAuditEntryFields(ae, alfAccessAuditApp);
assertNotNull(ae.getValues());
assertTrue("audit values not empty", ae.getValues().keySet().size() > 0);
}
}
private void testAuditEntriesWhereDateByNodeId(AuditApps auditAppsProxy, String nodeId) throws Exception
{
setRequestContext(user1);
// paging
Paging paging = getPaging(0, 10);
final Map<String, String> otherParams = new HashMap<>();
Map<String, String> params;
//
// note: sanity test parsing of a few ISO8601 formats (non-exhaustive) -
// eg. +01:00, +0000, Z
//
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_AT + " between (" + "\'2016-06-02T12:13:51.593+01:00\'" + ", "
+ "\'2017-06-04T10:05:16.536+01:00\'" + "))");
params = createParams(paging, otherParams);
auditAppsProxy.getAuditAppEntriesByNodeRefId(nodeId, params, HttpServletResponse.SC_OK);
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_AT + " between (" + "\'2016-06-02T11:13:51.593+0000\'" + ", "
+ "\'2017-06-04T09:05:16.536+0000\'" + "))");
params = createParams(paging, otherParams);
auditAppsProxy.getAuditAppEntriesByNodeRefId(nodeId, params, HttpServletResponse.SC_OK);
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_AT + " between (" + "\'2016-06-02T11:13:51.593Z\'" + ", "
+ "\'2017-06-04T09:05:16.536Z\'" + "))");
params = createParams(paging, otherParams);
auditAppsProxy.getAuditAppEntriesByNodeRefId(nodeId, params, HttpServletResponse.SC_OK);
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_AT + " between (" + "\'2017-06-04T10:05:16.536+01:00\'" + ", "
+ "\'2016-06-02T12:13:51.593+01:00\'" + "))");
params = createParams(paging, otherParams);
auditAppsProxy.getAuditAppEntriesByNodeRefId(nodeId, params, HttpServletResponse.SC_BAD_REQUEST);
}
private void testAuditEntriesWhereUserByNodeId(AuditApps auditAppsProxy, String nodeId, AuditApp alfAccessAuditApp) throws Exception
{
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
Paging paging = getPaging(0, 10);
final Map<String, String> otherParams = new HashMap<>();
Map<String, String> params;
int countEntries;
// Get audit entries for node using 'CREATED_BY_USER' param with admin
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_BY_USER + "=" + "'" + networkAdmin + "'" + ")");
params = createParams(paging, otherParams);
ListResponse<AuditEntry> auditEntries = auditAppsProxy.getAuditAppEntriesByNodeRefId(nodeId, params, HttpServletResponse.SC_OK);
countEntries = auditEntries.getList().size();
// Get audit entries for node using 'admin' user and '-me-' alias
otherParams.put("where", "(" + org.alfresco.rest.api.Audit.CREATED_BY_USER + "=" + "'" + "-me-" + "'" + ")");
params = createParams(paging, otherParams);
auditEntries = auditAppsProxy.getAuditAppEntriesByNodeRefId(nodeId, params, HttpServletResponse.SC_OK);
// Check the audit entries list from the second GET call
assertTrue("The number of entries should be the same in both GET calls", countEntries == auditEntries.getList().size());
assertNotNull(auditEntries);
for (AuditEntry ae : auditEntries.getList())
{
validateAuditEntryFields(ae, alfAccessAuditApp);
}
}
private void testGetAuditEntriesByNodeId(AuditApps auditAppsProxy, String nodeId, AuditApp alfAccessAuditApp) throws Exception
{
setRequestContext(user1);
ListResponse<AuditEntry> auditEntries = auditAppsProxy.getAuditAppEntriesByNodeRefId(nodeId, null, HttpServletResponse.SC_OK);
for (AuditEntry ae : auditEntries.getList())
{
validateAuditEntryFields(ae, alfAccessAuditApp);
}
// Negative tests
// 401
setRequestContext(networkOne.getId(), networkAdmin, "wrongPassword");
auditAppsProxy.getAuditAppEntries(nodeId, null, HttpServletResponse.SC_UNAUTHORIZED);
// 403
setRequestContext(networkOne.getId(), user1, null);
auditAppsProxy.getAuditAppEntries(nodeId, null, HttpServletResponse.SC_FORBIDDEN);
// 404
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
auditAppsProxy.getAuditAppEntries("randomId", null, HttpServletResponse.SC_NOT_FOUND);
// 501
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
AuthenticationUtil.setFullyAuthenticatedUser(networkAdmin);
disableSystemAudit();
auditAppsProxy.getAuditAppEntries("randomId", null, HttpServletResponse.SC_NOT_IMPLEMENTED);
enableSystemAudit();
}
private void testAuditEntriesSortingByNodeId(AuditApps auditAppsProxy, String nodeId) throws Exception
{
setRequestContext(user1);
// paging
Paging paging = getPaging(0, 10);
Map<String, String> otherParams = new HashMap<>();
// Default order.
addOrderBy(otherParams, org.alfresco.rest.api.Audit.CREATED_AT, null);
Map<String, String> params = createParams(paging, otherParams);
ListResponse<AuditEntry> auditEntries = auditAppsProxy.getAuditAppEntriesByNodeRefId(nodeId, params, HttpServletResponse.SC_OK);
assertNotNull(auditEntries);
assertTrue("audit entry size less than 2", auditEntries.getList().size() > 1);
assertTrue("auditEntries order not valid", auditEntries.getList().get(0).getCreatedAt().before(auditEntries.getList().get(1).getCreatedAt()));
}
}
