diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java
index 94db3f39c..b51bc0694 100644
--- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java
+++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java
@@ -38,7 +38,7 @@ public class RepositoryTest
assertRepositoriesPage();
}
- @Test( dependsOnMethods = { "testAddManagedRepoValidValues" }, enabled = false )
+ @Test( dependsOnMethods = { "testAddManagedRepoValidValues" } )
public void testAddManagedRepoInvalidValues()
{
getSelenium().open( "/archiva/admin/addRepository.action" );
@@ -55,8 +55,7 @@ public class RepositoryTest
"Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." );
assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." );
- // FIXME: broken
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent( "Cron expression is required." );
}
@Test
@@ -123,7 +122,7 @@ public class RepositoryTest
assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." );
}
- @Test( enabled = false )
+ @Test
public void testAddManagedRepoBlankValues()
{
getSelenium().open( "/archiva/admin/addRepository.action" );
@@ -132,8 +131,7 @@ public class RepositoryTest
assertTextPresent( "You must enter a repository identifier." );
assertTextPresent( "You must enter a repository name." );
assertTextPresent( "You must enter a directory." );
- // FIXME: broken
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent( "Cron expression is required." );
}
@Test
@@ -165,15 +163,14 @@ public class RepositoryTest
assertTextPresent( "You must enter a directory." );
}
- @Test( enabled = false )
+ @Test
public void testAddManagedRepoNoCron()
{
getSelenium().open( "/archiva/admin/addRepository.action" );
addManagedRepository( "identifier", "name", "/home", "/.index", "Maven 2.x Repository", "", "", "", false );
- // FIXME: broken
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent( "Cron expression is required." );
}
@Test
@@ -186,7 +183,7 @@ public class RepositoryTest
assertTextPresent( "Managed Repository Sample" );
}
- @Test( dependsOnMethods = { "testAddManagedRepoForEdit" }, enabled = false )
+ @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
public void testEditManagedRepoInvalidValues()
{
editManagedRepository( "<>\\~+[]'\"", "<> ~+[ ]'\"", "<> ~+[ ]'\"", "Maven 2.x Repository", "", "-1", "101" );
@@ -198,8 +195,7 @@ public class RepositoryTest
"Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." );
assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." );
- // FIXME: broken
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent( "Cron expression is required." );
}
@Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
@@ -226,11 +222,24 @@ public class RepositoryTest
"Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
}
- @Test( dependsOnMethods = { "testAddManagedRepoForEdit" }, enabled = false )
- public void testEditManagedRepoInvalidCron()
+ @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
+ public void testEditManagedRepoInvalidCronBadText()
{
- editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "", "1", "1" );
- // FIXME: broken
+ editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "asdf", "1", "1" );
+ assertTextPresent( "Invalid cron expression." );
+ }
+
+ @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
+ public void testEditManagedRepoInvalidCronBadValue()
+ {
+ editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "60 0 * * * ?", "1", "1" );
+ assertTextPresent( "Invalid cron expression." );
+ }
+
+ @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
+ public void testEditManagedRepoInvalidCronTooManyElements()
+ {
+ editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "* * * * * * * *", "1", "1" );
assertTextPresent( "Invalid cron expression." );
}
@@ -342,4 +351,4 @@ public class RepositoryTest
assertPage( "Collection: /" );
assertTextPresent( "Collection: /" );
}
-}
\ No newline at end of file
+}
diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
index fe868956a..0f05752c9 100644
--- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
+++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
@@ -154,9 +154,10 @@ public class XSSSecurityTest
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
- @Test( enabled = false )
+ @Test
public void testAddManagedRepositoryImmunityToInputFieldCrossSiteScripting()
{
+ // TODO: these are evaluated client side now - we should force it to do server-side to make sure (though this could probably be tested in the webapp tests instead)
getSelenium().open( "/archiva/admin/addRepository.action" );
addManagedRepository( "test\">", "test\">",
"test\">", "test\">",
@@ -172,7 +173,16 @@ public class XSSSecurityTest
"Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." );
assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." );
- // FIXME: broken
+ assertTextPresent( "Cron expression is required." );
+ }
+
+ @Test
+ public void testAddManagedRepositoryImmunityToInputFieldCrossSiteScriptingCron()
+ {
+ // separate test because cron is evaluated server side, not client side
+ getSelenium().open( "/archiva/admin/addRepository.action" );
+ addManagedRepository( "id", "name", "/home", "/.index", "Maven 2.x Repository",
+ "", "1", "1", true );
assertTextPresent( "Invalid cron expression." );
}
@@ -241,4 +251,4 @@ public class XSSSecurityTest
assertTextPresent(
"Username must only contain alphanumeric characters, at's(@), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)." );
}
-}
\ No newline at end of file
+}
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java
index 885079818..488db6c68 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java
@@ -24,6 +24,7 @@ import com.opensymphony.xwork2.Validateable;
import org.apache.archiva.admin.model.RepositoryAdminException;
import org.apache.archiva.admin.model.beans.ManagedRepository;
import org.apache.commons.lang.StringUtils;
+import org.codehaus.redback.components.scheduler.CronExpressionValidator;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Controller;
@@ -102,6 +103,13 @@ public class AddManagedRepositoryAction
@Override
public void validate()
{
+ CronExpressionValidator validator = new CronExpressionValidator();
+
+ if ( !validator.validate( repository.getCronExpression() ) )
+ {
+ addFieldError( "repository.cronExpression", "Invalid cron expression." );
+ }
+
// trim all unecessary trailing/leading white-spaces; always put this statement before the closing braces(after all validation).
trimAllRequestParameterValues();
}
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java
index e4a9dbfd0..f28047afe 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java
@@ -135,7 +135,7 @@ public class EditManagedRepositoryAction
if ( !validator.validate( repository.getCronExpression() ) )
{
- addFieldError( "repository.refreshCronExpression", "Invalid cron expression." );
+ addFieldError( "repository.cronExpression", "Invalid cron expression." );
}
trimAllRequestParameterValues();
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml
index 8c951cbd1..68ffb6cf7 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml
@@ -73,4 +73,9 @@
Repository Purge By Days Older Than needs to be larger than ${min}.
+
+
+ Cron expression is required.
+
+
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml
index abc9e5526..9f82c37bd 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml
@@ -73,4 +73,9 @@
Repository Purge By Days Older Than needs to be larger than ${min}.
+
+
+ Cron expression is required.
+
+