/* * Copyright (C) 2008-2017, Juick * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ package com.juick.server.tests; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; import com.juick.ExternalToken; import com.juick.Message; import com.juick.Tag; import com.juick.User; import com.juick.server.EmailManager; import com.juick.server.XMPPBot; import com.juick.server.XMPPServer; import com.juick.server.helpers.TagStats; import com.juick.service.*; import com.juick.util.DateFormattersHolder; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration; import org.springframework.boot.builder.SpringApplicationBuilder; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.MediaType; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.web.context.WebApplicationContext; import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponentsBuilder; import rocks.xmpp.addr.Jid; import rocks.xmpp.core.stanza.model.Stanza; import rocks.xmpp.core.stanza.model.server.ServerMessage; import javax.inject.Inject; import java.lang.reflect.InvocationTargetException; import java.text.ParseException; import java.util.Arrays; import java.util.Collections; import java.util.List; import java.util.Scanner; import java.util.stream.IntStream; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.*; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; /** * Created by vitalyster on 25.11.2016. */ @RunWith(SpringRunner.class) @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) @TestPropertySource(properties = {"broken_ssl_hosts=localhost,serverstorageisfull.tld", "xmpp_disabled=true"}) @AutoConfigureMockMvc public class ServerTests extends AbstractJUnit4SpringContextTests { @Inject private MockMvc mockMvc; @Inject private MessagesService messagesService; @Inject private UserService userService; @Inject private TagService tagService; @Inject private ObjectMapper jsonMapper; @Inject private ImagesService imagesService; @Inject private WebApplicationContext wac; @Inject private XMPPServer server; @Inject private XMPPBot bot; @Inject private SubscriptionService subscriptionService; @Inject private PrivacyQueriesService privacyQueriesService; @Inject private JdbcTemplate jdbcTemplate; @Value("${hostname:localhost}") private Jid jid; private static User ugnich, freefd, juick; static String ugnichName, ugnichPassword, freefdName, freefdPassword, juickName, juickPassword; static Message msg; static int juickTagId; private static boolean isSetUp = false; @Before public void setUp() { if (!isSetUp) { ugnichName = "ugnich"; ugnichPassword = "secret"; freefdName = "freefd"; freefdPassword = "MyPassw0rd!"; juickName = "juick"; juickPassword = "demo"; int ugnichId = userService.createUser(ugnichName, ugnichPassword); ugnich = userService.getUserByUID(ugnichId).orElseThrow(IllegalStateException::new); int freefdId = userService.createUser(freefdName, freefdPassword); freefd = userService.getUserByUID(freefdId).orElseThrow(IllegalStateException::new); int juickId = userService.createUser(juickName, juickPassword); juick = userService.getUserByUID(juickId).orElseThrow(IllegalStateException::new); String msgText = "Привет, я - Угнич"; int mid = messagesService.createMessage(ugnich.getUid(), msgText, "png", null); msg = messagesService.getMessage(mid); tagService.createTag("тест"); juickTagId = tagService.createTag("juick"); isSetUp = true; } } @Test public void testAllUnAuthorized() throws Exception { mockMvc.perform(get("/")) .andExpect(status().isMovedPermanently()); mockMvc.perform(get("/auth")) .andExpect(status().isUnauthorized()); mockMvc.perform(get("/home")) .andExpect(status().isUnauthorized()); mockMvc.perform(get("/messages/recommended")) .andExpect(status().isUnauthorized()); mockMvc.perform(get("/messages/set_privacy")) .andExpect(status().isUnauthorized()); } @Test public void homeTestWithMessages() throws Exception { mockMvc.perform( get("/home") .with(httpBasic(ugnichName, ugnichPassword))) .andExpect(status().isOk()) .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8)) .andExpect(jsonPath("$[-1].mid", is(msg.getMid()))) .andExpect(jsonPath("$[-1].timestamp", is(DateFormattersHolder.getMessageFormatterInstance().format(msg.getTimestamp())))) .andExpect(jsonPath("$[-1].body", is(msg.getText()))) .andExpect(jsonPath("$[-1].attachment.url", is("https://i.juick.com/p/1.png"))) .andExpect(jsonPath("$[-1].attachment.small.url", is("https://i.juick.com/photos-512/1.png"))); } @Test public void homeTestWithMessagesAndRememberMe() throws Exception { String ugnichHash = userService.getHashByUID(ugnich.getUid()); mockMvc.perform( get("/home") .with(httpBasic(ugnichName, ugnichPassword))) .andExpect(status().isOk()) .andReturn(); mockMvc.perform(get("/home") .param("hash", ugnichHash)) .andExpect(status().isOk()); } @Test public void homeTestWithMessagesAndSimpleCors() throws Exception { mockMvc.perform( get("/home") .with(httpBasic(ugnichName, ugnichPassword)) .header("Origin", "http://api.example.net")) .andExpect(status().isOk()) .andExpect(header().string("Access-Control-Allow-Origin", "*")); } @Test public void homeTestWithPreflightCors() throws Exception { mockMvc.perform( options("/home") .with(httpBasic(ugnichName, ugnichPassword)) .header("Origin", "http://api.example.net") .header("Access-Control-Request-Method", "POST") .header("Access-Control-Request-Headers", "X-PINGOTHER, Content-Type")) .andExpect(status().isOk()) .andExpect(header().string("Access-Control-Allow-Origin", "*")) .andExpect(header().string("Access-Control-Allow-Methods", "POST,GET,PUT,OPTIONS,DELETE")) .andExpect(header().string("Access-Control-Allow-Headers", "X-PINGOTHER, Content-Type")); } @Test public void anonymousApis() throws Exception { mockMvc.perform(get("/messages")) .andExpect(status().isOk()); mockMvc.perform(get("/users") .param("uname", "ugnich") .param("uname", "freefd")) .andExpect(status().isOk()) .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8)) .andExpect(jsonPath("$", hasSize(2))); } @Test public void tags() throws Exception { Tag weather = tagService.getTag("weather", true); Tag yo = tagService.getTag("yo", true); messagesService.createMessage(ugnich.getUid(), "text", null, Arrays.asList(yo, weather)); messagesService.createMessage(freefd.getUid(), "text2", null, Collections.singletonList(yo)); MvcResult result = mockMvc.perform(get("/tags")) .andExpect(status().isOk()) .andReturn(); List tagsFromApi = jsonMapper.readValue(result.getResponse().getContentAsString(), new TypeReference>(){}); TagStats yoStats = tagsFromApi.stream().filter(t -> t.getTag().getName().equals("yo")).findFirst().get(); assertThat(yoStats.getUsageCount(), is(2)); MvcResult result2 = mockMvc.perform(get("/tags") .param("user_id", String.valueOf(ugnich.getUid()))) .andExpect(status().isOk()) .andReturn(); List ugnichTagsFromApi = jsonMapper.readValue(result2.getResponse().getContentAsString(), new TypeReference>(){}); TagStats yoUgnichStats = ugnichTagsFromApi.stream().filter(t -> t.getTag().getName().equals("yo")).findFirst().get(); assertThat(yoUgnichStats.getUsageCount(), is(1)); } @Test public void postWithReferer() throws Exception { mockMvc.perform(post("/post") .param("body", "yo") .with(httpBasic(ugnichName, ugnichPassword))) .andExpect(status().isOk()); } @Test public void threadWithEphemeralNumberShouldReturn404() throws Exception { mockMvc.perform(get("/thread").param("mid", "999999999") .with(httpBasic(ugnichName, ugnichPassword))).andExpect(status().is4xxClientError()); } @Test public void performRequestsWithIssuedToken() throws Exception { String ugnichHash = userService.getHashByUID(ugnich.getUid()); mockMvc.perform(get("/home")).andExpect(status().isUnauthorized()); mockMvc.perform(get("/auth")) .andExpect(status().isUnauthorized()); mockMvc.perform(get("/auth").with(httpBasic(ugnichName, "wrongpassword"))) .andExpect(status().isUnauthorized()); MvcResult result = mockMvc.perform(get("/auth").with(httpBasic(ugnichName, ugnichPassword))) .andExpect(status().isOk()) .andReturn(); String authHash = jsonMapper.readValue(result.getResponse().getContentAsString(), String.class); assertThat(authHash, equalTo(ugnichHash)); mockMvc.perform(get("/home").param("hash", ugnichHash)).andExpect(status().isOk()); } @Test public void registerForNotificationsTests() throws Exception { String token = "123456"; ExternalToken registration = new ExternalToken(null, "apns", token, null); mockMvc.perform(put("/notifications").with(httpBasic(ugnichName, ugnichPassword)) .contentType(MediaType.APPLICATION_JSON_UTF8) .content(jsonMapper.writeValueAsBytes(Collections.singletonList(registration)))) .andExpect(status().isOk()); MvcResult result = mockMvc.perform(get("/notifications") .param("uid", String.valueOf(ugnich.getUid())) .with(httpBasic(juickName, juickPassword))) .andExpect(status().isOk()) .andReturn(); List user = jsonMapper.readValue(result.getResponse().getContentAsString(), new TypeReference>() { }); assertThat(user.get(0).getTokens().get(0).getToken(), equalTo(token)); } @Test public void tg2juickLinks() { UriComponents uriComponents = UriComponentsBuilder.fromUriString("http://juick.com/123456#23").build(); assertThat(uriComponents.getPath().substring(1), is("123456")); assertThat(uriComponents.getFragment(), is("23")); } @Test public void notificationsTokensTest() throws Exception { List tokens = Collections.singletonList(new ExternalToken(null, "gcm", "123456", null)); mockMvc.perform(delete("/notifications").with(httpBasic(ugnichName, ugnichPassword)) .contentType(MediaType.APPLICATION_JSON_UTF8) .content(jsonMapper.writeValueAsBytes(tokens))).andExpect(status().isForbidden()); mockMvc.perform(delete("/notifications").with(httpBasic(juickName, juickPassword)) .contentType(MediaType.APPLICATION_JSON_UTF8) .content(jsonMapper.writeValueAsBytes(tokens))).andExpect(status().isOk()); } @Test public void notificationsSettingsAllowedOnlyForServiceUser() throws Exception { mockMvc.perform(get("/notifications").with(httpBasic(juickName, juickPassword)) .param("mid", "1").param("uid", String.valueOf(ugnich.getUid()))).andExpect(status().isOk()); mockMvc.perform(get("/notifications") .param("mid", "1").param("uid", String.valueOf(ugnich.getUid()))).andExpect(status().isUnauthorized()); } @Test public void topTest() throws Exception { int topmid = messagesService.createMessage(ugnich.getUid(), "top message", null, null); IntStream.rangeClosed(6, 12).forEach(i -> { messagesService.createReply(topmid, 0, i, "yo", null); }); assertThat(messagesService.getPopularCandidates().get(0), is(topmid)); Tag juickTag = tagService.getTag(juickTagId); assertThat(juickTag.TID, is(2)); tagService.updateTags(topmid, Collections.singletonList(juickTag)); assertThat(messagesService.getPopularCandidates().isEmpty(), is(true)); } @Test public void inReplyToScannerTest() { String header = "<123456.56@juick.com>"; Scanner headerScanner = new Scanner(header).useDelimiter(EmailManager.MSGID_PATTERN); int mid = Integer.parseInt(headerScanner.next()); int rid = Integer.parseInt(headerScanner.next()); assertThat(mid, equalTo(123456)); assertThat(rid, equalTo(56)); } @Test public void lastMessagesTest() throws Exception { mockMvc.perform( get("/rss/")) .andExpect(status().isOk()) .andExpect(content().contentType("application/rss+xml;charset=UTF-8")) .andExpect(xpath("/rss/channel/description").string("The latest messages at Juick")); } @Test public void statusPageIsUp() throws Exception { mockMvc.perform(get("/api/status").with(httpBasic(ugnichName, ugnichPassword))).andExpect(status().isOk()); assertThat(server.getJid(), equalTo(jid)); } @Test public void botIsUpAndProcessingResourceConstraints() { int renhaId; renhaId = userService.createUser("renha", "umnnbt"); Jid from = Jid.of("renha@serverstorageisfull.tld"); jdbcTemplate.update("INSERT INTO jids(user_id,jid,active) VALUES(?,?,?)", renhaId, from.toEscapedString(), 1); String xmlMessage = "Reply by @LexXПохоже нынче можно публично заявлять о своем веганстве. Your contact offline message queue is full. The message has been discarded."; Stanza msg = server.parse(xmlMessage); assertThat(from, equalTo(msg.getFrom())); boolean isActive = jdbcTemplate.queryForObject("SELECT active FROM jids WHERE user_id=?", Integer.class, renhaId) == 1; assertThat(isActive, equalTo(true)); bot.incomingMessage((ServerMessage)msg); isActive = jdbcTemplate.queryForObject("SELECT active FROM jids WHERE user_id=?", Integer.class, renhaId) == 1; assertThat(isActive, equalTo(false)); } @Test public void botCommandsTests() throws IllegalAccessException, NoSuchMethodException, InvocationTargetException { assertThat(bot.processCommand(new User(), Jid.of("test@localhost"), "PING").get(), is("PONG")); // subscription commands have two lines, others have 1 assertThat(bot.processCommand(new User(), Jid.of("test@localhost"), "help").get().split("\n").length, is(31)); } @Test public void protocolTests() throws IllegalAccessException, NoSuchMethodException, InvocationTargetException, ParseException, JsonProcessingException { int uid = userService.createUser("me", "secret"); User user = userService.getUserByUID(uid).orElse(new User()); Tag yo = tagService.getTag("yo", true); int mid = messagesService.createMessage(uid, "yoyo", null, Collections.singletonList(yo)); assertEquals("should be message", true, bot.processCommand(user, Jid.of("test@localhost"), String.format("#%d", mid)).get().startsWith("@me")); mid = messagesService.getUserBlog(user.getUid(), -1, 0).stream().reduce((first, second) -> second).get(); assertEquals("text should match", "yoyo", messagesService.getMessage(mid).getText()); assertEquals("tag should match", "yo", tagService.getMessageTags(mid).get(0).getTag().getName()); int readerUid = userService.createUser("dummyReader", "dummySecret"); User readerUser = userService.getUserByUID(readerUid).orElse(new User()); Jid dummyJid = Jid.of("dummy@localhost"); assertEquals("should be subscribed", "Subscribed", bot.processCommand(readerUser, dummyJid, "S #" + mid).get()); assertEquals("should be favorited", "Message is added to your recommendations", bot.processCommand(readerUser, dummyJid, "! #" + mid).get()); int rid = messagesService.createReply(mid, 0, uid, "comment", null); assertEquals("number of subscribed users should match", 1, subscriptionService.getUsersSubscribedToComments( messagesService.getMessage(mid), messagesService.getReply(mid, rid)).size()); privacyQueriesService.blacklistUser(user, readerUser); assertEquals("number of subscribed users should match", 0, subscriptionService.getUsersSubscribedToComments( messagesService.getMessage(mid), messagesService.getReply(mid, rid)).size()); assertEquals("should be subscribed", "Subscribed to @" + user.getName(), bot.processCommand(readerUser, Jid.of("dummy@localhost"), "S @" + user.getName()).get()); List friends = userService.getUserFriends(readerUid); assertEquals("number of friend users should match", 2, friends.size()); assertEquals("number of reader users should match", 1, userService.getUserReaders(uid).size()); String expectedSecondReply = "Reply posted.\n#" + mid + "/2 " + "https://juick.com/" + mid + "#2"; String expectedThirdReply = "Reply posted.\n#" + mid + "/3 " + "https://juick.com/" + mid + "#3"; assertEquals("should be second reply", expectedSecondReply, bot.processCommand(user, Jid.of("test@localhost"), "#" + mid + " yoyo").get()); assertEquals("should be third reply", expectedThirdReply, bot.processCommand(user, Jid.of("test@localhost"), "#" + mid + "/2 yoyo").get()); Message reply = messagesService.getReplies(mid).stream().filter(m -> m.getRid() == 3).findFirst() .orElse(new Message()); assertEquals("should be reply to second comment", 2, reply.getReplyto()); assertEquals("tags should NOT be updated", "It is not your message", bot.processCommand(readerUser, Jid.of("dummy@localhost"), "#" + mid + " *yo *there").get()); assertEquals("tags should be updated", "Tags are updated", bot.processCommand(user, Jid.of("test@localhost"), "#" + mid + " *there").get()); assertEquals("number of tags should match", 2, tagService.getMessageTags(mid).size()); assertEquals("should be blacklisted", "Tag added to your blacklist", bot.processCommand(readerUser, Jid.of("dummy@localhost"), "BL *there").get()); assertEquals("number of subscribed users should match", 0, subscriptionService.getSubscribedUsers(uid, mid).size()); assertEquals("tags should be updated", "Tags are updated", bot.processCommand(user, Jid.of("test@localhost"), "#" + mid + " *there").get()); assertEquals("number of tags should match", 1, tagService.getMessageTags(mid).size()); int taggerUid = userService.createUser("dummyTagger", "dummySecret"); User taggerUser = userService.getUserByUID(taggerUid).orElse(new User()); assertEquals("should be subscribed", "Subscribed", bot.processCommand(taggerUser, Jid.of("tagger@localhost"), "S *yo").get()); assertEquals("number of subscribed users should match", 2, subscriptionService.getSubscribedUsers(uid, mid).size()); assertEquals("should be unsubscribed", "Unsubscribed from yo", bot.processCommand(taggerUser, Jid.of("tagger@localhost"), "U *yo").get()); assertEquals("number of subscribed users should match", 1, subscriptionService.getSubscribedUsers(uid, mid).size()); assertEquals("number of readers should match", 1, userService.getUserReaders(uid).size()); String readerFeed = bot.processCommand(readerUser, Jid.of("dummy@localhost"), "#").get(); assertEquals("description should match", true, readerFeed.startsWith("Your feed")); assertEquals("should be unsubscribed", "Unsubscribed from @" + user.getName(), bot.processCommand(readerUser, Jid.of("dummy@localhost"), "U @" + user.getName()).get()); assertEquals("number of readers should match", 0, userService.getUserReaders(uid).size()); assertEquals("number of friends should match", 1, userService.getUserFriends(uid).size()); assertEquals("should be unsubscribed", "Unsubscribed from #" + mid, bot.processCommand(readerUser, Jid.of("dummy@localhost"), "u #" + mid).get()); assertEquals("number of subscribed users should match", 0, subscriptionService.getUsersSubscribedToComments(messagesService.getMessage(mid), messagesService.getReply(mid, rid)).size()); assertNotEquals("should NOT be deleted", String.format("Message %s deleted", mid), bot.processCommand(readerUser, Jid.of("dummy@localhost"), "D #" + mid).get()); assertEquals("should be deleted", "Message deleted", bot.processCommand(user, Jid.of("test@localhost"), "D #" + mid).get()); assertEquals("should be not found", "Message not found", bot.processCommand(user, Jid.of("test@localhost"), "#" + mid).get()); } @Test public void mailParserTest() throws Exception { String mail = "MIME-Version: 1.0\n" + "Received: by 10.176.0.242 with HTTP; Fri, 16 Mar 2018 05:31:50 -0700 (PDT)\n" + "In-Reply-To: <2891710.100@juick.com>\n" + "References: <2891710.0@juick.com> <2891710.100@juick.com>\n" + "Date: Fri, 16 Mar 2018 15:31:50 +0300\n" + "Delivered-To: vitalyster@gmail.com\n" + "Message-ID: \n" + "Subject: Re: New reply to TJ\n" + "From: Vitaly Takmazov \n" + "To: Juick \n" + "Content-Type: multipart/alternative; boundary=\"001a11454886e42be5056786ca70\"\n" + "\n" + "--001a11454886e42be5056786ca70\n" + "Content-Type: text/plain; charset=\"UTF-8\"\n" + "\n" + "s2313334\n" + "\n" + "--001a11454886e42be5056786ca70\n" + "Content-Type: text/html; charset=\"UTF-8\"\n" + "\n" + "
s2313334
\n" + "\n" + "--001a11454886e42be5056786ca70--"; mockMvc.perform(post("/mail").with(httpBasic(juickName, juickPassword)).content(mail)) .andExpect(status().isOk()); } @Test public void websocketsTest() throws Exception { ConfigurableApplicationContext context = new SpringApplicationBuilder( WebsocketClientConfig.class, PropertyPlaceholderAutoConfiguration.class) .run("--spring.main.web_environment=false"); long count = context.getBean(WebsocketClientConfig.class).getLatch().getCount(); context.close(); Assert.assertThat(count, equalTo(0L)); mockMvc.perform(get("/ws/_all")).andExpect(status().isBadRequest()); } }