fix tests that check cron expression. Do javascript-based validation of an empty value, then server size validation of valid cron expression

git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1178288 13f79535-47bb-0310-9956-ffa450edef68

archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java

@@ -38,7 +38,7 @@ public class RepositoryTest
         assertRepositoriesPage();
     }
 
-    @Test( dependsOnMethods = { "testAddManagedRepoValidValues" }, enabled = false )
+    @Test( dependsOnMethods = { "testAddManagedRepoValidValues" } )
     public void testAddManagedRepoInvalidValues()
     {
         getSelenium().open( "/archiva/admin/addRepository.action" );
@@ -55,8 +55,7 @@ public class RepositoryTest
             "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
         assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." );
         assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." );
-        // FIXME: broken
-        assertTextPresent( "Invalid cron expression." );
+        assertTextPresent( "Cron expression is required." );
     }
 
     @Test
@@ -123,7 +122,7 @@ public class RepositoryTest
         assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." );
     }
 
-    @Test( enabled = false )
+    @Test
     public void testAddManagedRepoBlankValues()
     {
         getSelenium().open( "/archiva/admin/addRepository.action" );
@@ -132,8 +131,7 @@ public class RepositoryTest
         assertTextPresent( "You must enter a repository identifier." );
         assertTextPresent( "You must enter a repository name." );
         assertTextPresent( "You must enter a directory." );
-        // FIXME: broken
-        assertTextPresent( "Invalid cron expression." );
+        assertTextPresent( "Cron expression is required." );
     }
 
     @Test
@@ -165,15 +163,14 @@ public class RepositoryTest
         assertTextPresent( "You must enter a directory." );
     }
 
-    @Test( enabled = false )
+    @Test
     public void testAddManagedRepoNoCron()
     {
         getSelenium().open( "/archiva/admin/addRepository.action" );
 
         addManagedRepository( "identifier", "name", "/home", "/.index", "Maven 2.x Repository", "", "", "", false );
 
-        // FIXME: broken
-        assertTextPresent( "Invalid cron expression." );
+        assertTextPresent( "Cron expression is required." );
     }
 
     @Test
@@ -186,7 +183,7 @@ public class RepositoryTest
         assertTextPresent( "Managed Repository Sample" );
     }
 
-    @Test( dependsOnMethods = { "testAddManagedRepoForEdit" }, enabled = false )
+    @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
     public void testEditManagedRepoInvalidValues()
     {
         editManagedRepository( "<>\\~+[]'\"", "<> ~+[ ]'\"", "<> ~+[ ]'\"", "Maven 2.x Repository", "", "-1", "101" );
@@ -198,8 +195,7 @@ public class RepositoryTest
             "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
         assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." );
         assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." );
-        // FIXME: broken
-        assertTextPresent( "Invalid cron expression." );
+        assertTextPresent( "Cron expression is required." );
     }
 
     @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
@@ -226,11 +222,24 @@ public class RepositoryTest
             "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
     }
 
-    @Test( dependsOnMethods = { "testAddManagedRepoForEdit" }, enabled = false )
-    public void testEditManagedRepoInvalidCron()
+    @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
+    public void testEditManagedRepoInvalidCronBadText()
     {
-        editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "", "1", "1" );
-        // FIXME: broken
+        editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "asdf", "1", "1" );
+        assertTextPresent( "Invalid cron expression." );
+    }
+
+    @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
+    public void testEditManagedRepoInvalidCronBadValue()
+    {
+        editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "60 0 * * * ?", "1", "1" );
+        assertTextPresent( "Invalid cron expression." );
+    }
+
+    @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
+    public void testEditManagedRepoInvalidCronTooManyElements()
+    {
+        editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "* * * * * * * *", "1", "1" );
         assertTextPresent( "Invalid cron expression." );
     }
 

archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java

@@ -154,9 +154,10 @@ public class XSSSecurityTest
         assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
     }
 
-    @Test( enabled = false )
+    @Test
     public void testAddManagedRepositoryImmunityToInputFieldCrossSiteScripting()
     {
+        // TODO: these are evaluated client side now - we should force it to do server-side to make sure (though this could probably be tested in the webapp tests instead)
         getSelenium().open( "/archiva/admin/addRepository.action" );
         addManagedRepository( "test\"><script>alert('xss')</script>", "test\"><script>alert('xss')</script>",
                               "test\"><script>alert('xss')</script>", "test\"><script>alert('xss')</script>",
@@ -172,7 +173,16 @@ public class XSSSecurityTest
             "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
         assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." );
         assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." );
-        // FIXME: broken
+        assertTextPresent( "Cron expression is required." );
+    }
+
+    @Test
+    public void testAddManagedRepositoryImmunityToInputFieldCrossSiteScriptingCron()
+    {
+        // separate test because cron is evaluated server side, not client side
+        getSelenium().open( "/archiva/admin/addRepository.action" );
+        addManagedRepository( "id", "name", "/home", "/.index", "Maven 2.x Repository",
+                              "<test\"><script>alert('xss')</script>", "1", "1", true );
         assertTextPresent( "Invalid cron expression." );
     }
 

archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java

@@ -24,6 +24,7 @@ import com.opensymphony.xwork2.Validateable;
 import org.apache.archiva.admin.model.RepositoryAdminException;
 import org.apache.archiva.admin.model.beans.ManagedRepository;
 import org.apache.commons.lang.StringUtils;
+import org.codehaus.redback.components.scheduler.CronExpressionValidator;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Controller;
 
@@ -102,6 +103,13 @@ public class AddManagedRepositoryAction
     @Override
     public void validate()
     {
+        CronExpressionValidator validator = new CronExpressionValidator();
+
+        if ( !validator.validate( repository.getCronExpression() ) )
+        {
+            addFieldError( "repository.cronExpression", "Invalid cron expression." );
+        }
+
         // trim all unecessary trailing/leading white-spaces; always put this statement before the closing braces(after all validation).
         trimAllRequestParameterValues();
     }

archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java

@@ -135,7 +135,7 @@ public class EditManagedRepositoryAction
 
         if ( !validator.validate( repository.getCronExpression() ) )
         {
-            addFieldError( "repository.refreshCronExpression", "Invalid cron expression." );
+            addFieldError( "repository.cronExpression", "Invalid cron expression." );
         }
 
         trimAllRequestParameterValues();

archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml

@@ -73,4 +73,9 @@
       <message>Repository Purge By Days Older Than needs to be larger than ${min}.</message>
     </field-validator>    
   </field>
+  <field name="repository.cronExpression">
+    <field-validator type="requiredstring">
+      <message>Cron expression is required.</message>
+    </field-validator>
+  </field>
 </validators>

archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml

@@ -73,4 +73,9 @@
       <message>Repository Purge By Days Older Than needs to be larger than ${min}.</message>
     </field-validator>
   </field>
+  <field name="repository.cronExpression">
+    <field-validator type="requiredstring">
+      <message>Cron expression is required.</message>
+    </field-validator>
+  </field>
 </validators>