diff --git a/Cargo.toml b/Cargo.toml index a04067e..81e125f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "cds" -version = "1.0.4-fix.1" +version = "1.0.4-fix.2" authors = ["Pietrangelo Masala "] edition = "2021" diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml index dbc75d6..a6d569e 100644 --- a/k8s/deployment.yaml +++ b/k8s/deployment.yaml @@ -70,7 +70,7 @@ spec: - name: CORS_ALLOWED_ORIGIN_END_WITH value: domain.com name: cds - image: docker.io/entando/cds:1.0.4-fix.1 + image: docker.io/entando/cds:1.0.4-fix.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/opt/.env b/opt/.env new file mode 100644 index 0000000..4c51b7a --- /dev/null +++ b/opt/.env @@ -0,0 +1 @@ +COMPOSE_PROJECT_NAME=ent-cds-test \ No newline at end of file diff --git a/opt/.gitignore b/opt/.gitignore new file mode 100644 index 0000000..2e5af8b --- /dev/null +++ b/opt/.gitignore @@ -0,0 +1,4 @@ +volumes/cds/** +volumes/cds/!placeholder +volumes/keycloak/** +volumes/keycloak/!placeholder diff --git a/opt/CDS API Tests.postman_collection.json b/opt/CDS API Tests.postman_collection.json deleted file mode 100644 index 997cb16..0000000 --- a/opt/CDS API Tests.postman_collection.json +++ /dev/null @@ -1,2190 +0,0 @@ -{ - "info": { - "_postman_id": "6275f298-e0b1-4c5f-aebe-ce6cf0292c3f", - "name": "Keycloak and CDS API Tests", - "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", - "_exporter_id": "5245832" - }, - "item": [ - { - "name": "Authentication", - "item": [ - { - "name": "Login as Admin", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - " pm.collectionVariables.set('accessToken', pm.response.json().access_token);", - " pm.collectionVariables.set('refreshToken', pm.response.json().refresh_token);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Content-Type", - "value": "application/x-www-form-urlencoded" - } - ], - "body": { - "mode": "urlencoded", - "urlencoded": [ - { - "key": "username", - "value": "{{admin-username}}" - }, - { - "key": "password", - "value": "{{admin-password}}" - }, - { - "key": "client_id", - "value": "{{keycloak-client-id}}" - }, - { - "key": "client_secret", - "value": "{{keycloak-client-secret}}" - }, - { - "key": "grant_type", - "value": "password" - } - ] - }, - "url": { - "raw": "{{keycloak-url}}/realms/{{keycloak-realm}}/protocol/openid-connect/token", - "host": [ - "{{keycloak-url}}" - ], - "path": [ - "realms", - "{{keycloak-realm}}", - "protocol", - "openid-connect", - "token" - ] - } - }, - "response": [] - }, - { - "name": "Delete Public Directories", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/delete/public/temp", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "delete", - "public", - "temp" - ] - } - }, - "response": [] - }, - { - "name": "Delete Protected Directories", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/delete/public/temp", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "delete", - "public", - "temp" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "Directory and File Creation", - "item": [ - { - "name": "Create Public Directory", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "body": { - "mode": "formdata", - "formdata": [ - { - "key": "path", - "value": "temp", - "type": "text" - }, - { - "key": "protected", - "value": "false", - "type": "text" - } - ] - }, - "url": { - "raw": "{{cds-private-url}}/api/v1/upload/", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "upload", - "" - ] - } - }, - "response": [] - }, - { - "name": "Create Public Subdirectory", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "body": { - "mode": "formdata", - "formdata": [ - { - "key": "path", - "value": "temp/subfolder", - "type": "text" - }, - { - "key": "protected", - "value": "false", - "type": "text" - } - ] - }, - "url": { - "raw": "{{cds-private-url}}/api/v1/upload/", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "upload", - "" - ] - } - }, - "response": [] - }, - { - "name": "Create Public File", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "body": { - "mode": "formdata", - "formdata": [ - { - "key": "path", - "value": "temp/subfolder", - "type": "text" - }, - { - "key": "protected", - "value": "false", - "type": "text" - }, - { - "key": "filename", - "value": "pippo.pdf", - "type": "text" - }, - { - "key": "file", - "type": "file", - "src": "postman-cloud:///1f08a27b-bc60-45c0-82b0-f5ae77639294" - } - ] - }, - "url": { - "raw": "{{cds-private-url}}/api/v1/upload/", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "upload", - "" - ] - } - }, - "response": [] - }, - { - "name": "Create Protected Directory", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "body": { - "mode": "formdata", - "formdata": [ - { - "key": "path", - "value": "temp", - "type": "text" - }, - { - "key": "protected", - "value": "true", - "type": "text" - } - ] - }, - "url": { - "raw": "{{cds-private-url}}/api/v1/upload/", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "upload", - "" - ] - } - }, - "response": [] - }, - { - "name": "Create Protected File", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "body": { - "mode": "formdata", - "formdata": [ - { - "key": "path", - "value": "temp/subfolder", - "type": "text" - }, - { - "key": "protected", - "value": "true", - "type": "text" - }, - { - "key": "filename", - "value": "pippo.pdf", - "type": "text" - }, - { - "key": "file", - "type": "file", - "src": "postman-cloud:///1f08a27b-bc60-45c0-82b0-f5ae77639294" - } - ] - }, - "url": { - "raw": "{{cds-private-url}}/api/v1/upload/", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "upload", - "" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "Resource Retrieval", - "item": [ - { - "name": "Get Existing Public Resource - As User", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [], - "url": { - "raw": "{{cds-public-url}}/public/temp/subfolder/pippo.pdf", - "host": [ - "{{cds-public-url}}" - ], - "path": [ - "public", - "temp", - "subfolder", - "pippo.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Get Existing Public Resource - As Admin", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/public/temp/subfolder/pippo.pdf", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "public", - "temp", - "subfolder", - "pippo.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Get Public Resource - Not Found", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(404);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [], - "url": { - "raw": "{{cds-public-url}}/public/cms/temp/subfolder/pippo.txt", - "host": [ - "{{cds-public-url}}" - ], - "path": [ - "public", - "cms", - "temp", - "subfolder", - "pippo.txt" - ] - } - }, - "response": [] - }, - { - "name": "Get Public Resource - As Admin - Not Found", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(404);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/public/temp/subfolder/pippo.txt", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "public", - "temp", - "subfolder", - "pippo.txt" - ] - } - }, - "response": [] - }, - { - "name": "Get Existing Protected Resource - As Admin", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/protected/temp/subfolder/pippo.pdf", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "protected", - "temp", - "subfolder", - "pippo.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Get Protected Resource - As Admin - Not Found", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(404);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/protected/temp/subfolder/pippo.txt", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "protected", - "temp", - "subfolder", - "pippo.txt" - ] - } - }, - "response": [] - }, - { - "name": "List Resources - protected", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/list/protected", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "list", - "protected" - ] - } - }, - "response": [] - }, - { - "name": "List Resources - public", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/list/public", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "list", - "public" - ] - } - }, - "response": [] - }, - { - "name": "List Resources - archives", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/list/archives", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "list", - "archives" - ] - } - }, - "response": [] - }, - { - "name": "List Resources - protected/temp/subfolder", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/list/protected/temp/subfolder", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "list", - "protected", - "temp", - "subfolder" - ] - } - }, - "response": [] - }, - { - "name": "List Resources - public/temp/subfolder", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/list/public/temp/subfolder", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "list", - "public", - "temp", - "subfolder" - ] - } - }, - "response": [] - }, - { - "name": "List Resources - public/../../entando-data/public/", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/list/public/../../entando-data/public/", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "list", - "public", - "..", - "..", - "entando-data", - "public", - "" - ] - } - }, - "response": [] - }, - { - "name": "Compress Resources", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/utils/compress/public/temp", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "utils", - "compress", - "public", - "temp" - ] - } - }, - "response": [] - }, - { - "name": "Get Archive", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/archives/entando-data.tar.gz", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "archives", - "entando-data.tar.gz" - ] - } - }, - "response": [] - }, - { - "name": "Decompress Archive", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/utils/decompress/entando-data.tar.gz", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "utils", - "decompress", - "entando-data.tar.gz" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "Path Traversal Attacks", - "item": [ - { - "name": "Path Traversal Error - As User - 1", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(404);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [], - "url": { - "raw": "{{cds-public-url}}/public/cms/../etc/passwd", - "host": [ - "{{cds-public-url}}" - ], - "path": [ - "public", - "cms", - "..", - "etc", - "passwd" - ] - } - }, - "response": [] - }, - { - "name": "Path Traversal Error - As User - 2", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(403);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [], - "url": { - "raw": "{{cds-public-url}}/public/cms/../../etc/passwd", - "host": [ - "{{cds-public-url}}" - ], - "path": [ - "public", - "cms", - "..", - "..", - "etc", - "passwd" - ] - } - }, - "response": [] - }, - { - "name": "Path Traversal Error - As User - 3", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(404);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [], - "url": { - "raw": "{{cds-public-url}}/public/cms/../../../etc/passwd", - "host": [ - "{{cds-public-url}}" - ], - "path": [ - "public", - "cms", - "..", - "..", - "..", - "etc", - "passwd" - ] - } - }, - "response": [] - }, - { - "name": "Path Traversal Error - As Admin - 1", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(404);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/protected/cms/../etc/passwd", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "protected", - "cms", - "..", - "etc", - "passwd" - ] - } - }, - "response": [] - }, - { - "name": "Path Traversal Error - As Admin - 2", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(404);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/protected/cms/../../etc/passwd", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "protected", - "cms", - "..", - "..", - "etc", - "passwd" - ] - } - }, - "response": [] - }, - { - "name": "Path Traversal Error - As Admin - 3", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(400);", - " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/protected/cms/../../../etc/passwd", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "protected", - "cms", - "..", - "..", - "..", - "etc", - "passwd" - ] - } - }, - "response": [] - }, - { - "name": "List Resources - Path Traversal - 1", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(400);", - " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/list/protected/../../tmp", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "list", - "protected", - "..", - "..", - "tmp" - ] - } - }, - "response": [] - }, - { - "name": "List Resources - Path Traversal - 2", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(400);", - " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/list/public/../../tmp", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "list", - "public", - "..", - "..", - "tmp" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "Directory and File Cleanup", - "item": [ - { - "name": "Delete Public File", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - " pm.expect(pm.response.json().status).to.equal(\"OK\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/delete/public/temp/subfolder/pippo.pdf", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "delete", - "public", - "temp", - "subfolder", - "pippo.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Delete Public File - Not Found", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - " pm.expect(pm.response.json().status).to.equal(\"KO\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/delete/public/temp/subfolder/pippo.pdf", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "delete", - "public", - "temp", - "subfolder", - "pippo.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Delete Public Directory", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - " pm.expect(pm.response.json().status).to.equal(\"OK\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/delete/public/temp", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "delete", - "public", - "temp" - ] - } - }, - "response": [] - }, - { - "name": "Delete Protected File", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - " pm.expect(pm.response.json().status).to.equal(\"OK\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/delete/protected/temp/subfolder/pippo.pdf", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "delete", - "protected", - "temp", - "subfolder", - "pippo.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Delete Protected File - Not Found", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - " pm.expect(pm.response.json().status).to.equal(\"KO\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/delete/protected/temp/subfolder/pippo.pdf", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "delete", - "protected", - "temp", - "subfolder", - "pippo.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Delete Protected Directory", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(200);", - " pm.expect(pm.response.json().status).to.equal(\"OK\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/delete/protected/temp", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "delete", - "protected", - "temp" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "Path Traversal CRUD", - "item": [ - { - "name": "Create public file - Path Traversal Upload", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(400);", - " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "body": { - "mode": "formdata", - "formdata": [ - { - "key": "path", - "value": "temp/../../../tmp", - "type": "text" - }, - { - "key": "protected", - "value": "false", - "type": "text" - }, - { - "key": "filename", - "value": "public.pdf", - "type": "text" - }, - { - "key": "file", - "type": "file", - "src": "postman-cloud:///1f08a27b-bc60-45c0-82b0-f5ae77639294" - } - ] - }, - "url": { - "raw": "{{cds-private-url}}/api/v1/upload/", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "upload", - "" - ] - } - }, - "response": [] - }, - { - "name": "Get Public Resource - Uploaded by Path Traversal", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(404);", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [], - "url": { - "raw": "{{cds-public-url}}/public/temp/../../../tmp/public.pdf", - "host": [ - "{{cds-public-url}}" - ], - "path": [ - "public", - "temp", - "..", - "..", - "..", - "tmp", - "public.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Get Public Resource By Admin - Uploaded by Path Traversal", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(400);", - " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}", - "type": "text" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/public/temp/../../../tmp/public.pdf", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "public", - "temp", - "..", - "..", - "..", - "tmp", - "public.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Delete public file - Uploaded by Path Traversal", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(400);", - " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/delete/public/temp/../../../tmp/public.pdf", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "delete", - "public", - "temp", - "..", - "..", - "..", - "tmp", - "public.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Get Public Resource By Admin - Uploaded by Path Traversal - Not Found", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(400);", - " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}", - "type": "text" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/public/temp/../../../tmp/public.pdf", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "public", - "temp", - "..", - "..", - "..", - "tmp", - "public.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Create protected file - Path Traversal Upload", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(400);", - " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "body": { - "mode": "formdata", - "formdata": [ - { - "key": "path", - "value": "temp/../../../tmp", - "type": "text" - }, - { - "key": "protected", - "value": "true", - "type": "text" - }, - { - "key": "filename", - "value": "protected.pdf", - "type": "text" - }, - { - "key": "file", - "type": "file", - "src": "postman-cloud:///1f08a27b-bc60-45c0-82b0-f5ae77639294" - } - ] - }, - "url": { - "raw": "{{cds-private-url}}/api/v1/upload/", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "upload", - "" - ] - } - }, - "response": [] - }, - { - "name": "Get Protected Resource By Admin - Uploaded by Path Traversal", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(400);", - " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}", - "type": "text" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/protected/temp/../../../tmp/protected.pdf", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "protected", - "temp", - "..", - "..", - "..", - "tmp", - "protected.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Delete protected Resource - Uploaded by Path Traversal", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(400);", - " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/delete/protected/temp/../../../tmp/protected.pdf", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "delete", - "protected", - "temp", - "..", - "..", - "..", - "tmp", - "protected.pdf" - ] - } - }, - "response": [] - }, - { - "name": "Get Protected Resource By Admin - Uploaded by Path Traversal - Not Found", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('Request executed successfully', function () {", - " pm.expect(pm.response.code).to.equal(400);", - " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{accessToken}}", - "type": "text" - } - ], - "url": { - "raw": "{{cds-private-url}}/api/v1/protected/temp/../../../tmp/protected.pdf", - "host": [ - "{{cds-private-url}}" - ], - "path": [ - "api", - "v1", - "protected", - "temp", - "..", - "..", - "..", - "tmp", - "protected.pdf" - ] - } - }, - "response": [] - } - ] - } - ], - "event": [ - { - "listen": "prerequest", - "script": { - "type": "text/javascript", - "packages": {}, - "exec": [ - "" - ] - } - }, - { - "listen": "test", - "script": { - "type": "text/javascript", - "packages": {}, - "exec": [ - "" - ] - } - } - ], - "variable": [ - { - "key": "keycloak-url", - "value": "http://localhost:8081/auth" - }, - { - "key": "keycloak-realm", - "value": "entando-development" - }, - { - "key": "admin-username", - "value": "admin" - }, - { - "key": "admin-password", - "value": "admin" - }, - { - "key": "keycloak-client-id", - "value": "entando-core" - }, - { - "key": "keycloak-client-secret", - "value": "930837f0-95b2-4eeb-b303-82a56cac76e6" - }, - { - "key": "cds-private-url", - "value": "http://localhost:18080" - }, - { - "key": "cds-public-url", - "value": "http://cds.entando.realt/cds" - }, - { - "key": "test-base-folder", - "value": "test", - "type": "string" - }, - { - "key": "test-full-folder", - "value": "test/subfolder", - "type": "string" - }, - { - "key": "test-filename", - "value": "pippo.pdf", - "type": "string" - }, - { - "key": "test-filename-notfound", - "value": "pippo.txt", - "type": "string" - }, - { - "key": "test-public-filename", - "value": "public.pdf", - "type": "string" - }, - { - "key": "test-protected-filename", - "value": "protected.pdf", - "type": "string" - }, - { - "key": "accessToken", - "value": "", - "type": "string" - }, - { - "key": "refreshToken", - "value": "", - "type": "string" - } - ] -} \ No newline at end of file diff --git a/opt/README.md b/opt/README.md new file mode 100644 index 0000000..03e3672 --- /dev/null +++ b/opt/README.md @@ -0,0 +1,76 @@ +# CDS - Content Delivery Server + +## Requirements ## + +This guide requires the following tools: + +- Cargo +- Postman or Postman CLI +- Docker + + +## Cargo Tests + +Cargo tests can be executed running `cargo test` on the project root. + +```bash +cd .. +cargo test +``` + +## Postman Tests- ## + + +### Docker Environment ### + +The provided docker-compose.yml uses: +- keycloak +- cds: the current image + + +#### Port Requirements + +The docker stack requires the following ports: +- 59080: for keycloak +- 58080: for keycloak +- 58080: for keycloak + + +#### Startup + +To start the docker containers, use the command: +```bash +docker-compose up -d +``` + +After the first startup, it's necessary to update the KEYCLOAK_PUBLIC_KEY in docker-compose.yml: +- open the url [http://localhost:50090/auth/admin/master/console/#/realms/entando-dev/keys](http://localhost:50090/auth/admin/master/console/#/realms/entando-dev/keys) +- login with admin/admin +- retrieve the public key and paste it into the docker-compose in the cds section +- destroy and regenerate the containers using the following command: +```bash +docker compose up -d --no-deps --build cds +``` + + +#### Stop +- Stop the docker containers using the command: +```bash +docker-compose down --rmi local +``` + + +### Postman Tests ### + +Update the following variables in [postman_collection.json](postman_collection.json) changing the ports in the parameters: +- cds-private-url +- cds-public-url +- keycloak-url + + +Import the file [postman_collection.json](postman_collection.json) in Postman and run the entire collection, +or run it directly with Postman CLI using the following command: + +```bash +postman collection run postman_collection.json +``` diff --git a/opt/docker-compose.yml b/opt/docker-compose.yml new file mode 100644 index 0000000..040d462 --- /dev/null +++ b/opt/docker-compose.yml @@ -0,0 +1,48 @@ +version: '3.3' +services: + keycloak: + image: entando/entando-keycloak:7.3.0 + hostname: keycloak + command: [ + '-b', + '0.0.0.0', + '-Dkeycloak.profile.feature.scripts=enabled', + '-Dkeycloak.profile.feature.upload_scripts=enabled', + '-Dkeycloak.migration.action=import', + '-Dkeycloak.migration.provider=dir', + '-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config', + '-Dkeycloak.migration.strategy=IGNORE_EXISTING', # use 'OVERWRITE_EXISTING' instead if you want to reset your current configuration + '-Djboss.socket.binding.port-offset=1000', + '-Dhttp-enabled=true' + ] + volumes: + - ./keycloak/realm-config:/opt/jboss/keycloak/realm-config + - ./volumes/keycloak:/opt/jboss/keycloak/standalone/data + environment: + - KEYCLOAK_USER=admin + - KEYCLOAK_PASSWORD=admin + - DB_VENDOR=h2 + - SERVER_SERVLET_CONTEXT_PATH=/auth + - PROXY_ADDRESS_FORWARDING=true + user: "${UID}" + ports: + - "50090:9080" + + cds: + build: ../ + hostname: cds + environment: + - CORS_ALLOWED_ORIGIN_END_WITH=.entando.realt + - CORS_ALLOWED_ORIGIN=All + - RUST_LOG=actix_web=debug,actix_server=debug,actix_web_middleware_keycloak_auth=debug + - RUST_BACKTRACE=1 + - KEYCLOAK_PUBLIC_KEY= | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+LF1taXiPGAciV3A1ltu0H4HOY43YI2IDo8pUI9XEYylFlIWovFS+YMi4cSmZDGRtgmMmH8V16vkPJu1UhzKAvO5V55UQq0l01th023OrdyBWkWbrgrEFZt+uI6LBJnCwYNrY0SSs4zT+aLdulBGMHq2R2qqNgMbw3vrbbRFdIwbwPKRalId8amgkIvJZ1g0kRwTq1A89g9d5htXvZ4CKUBA6DWji1+uOt7cPqRcwuKF/vYONrNvgHvbZ10HjmHacQVlvY1XMM6yTInkk5tmssgad8hzIh6zTlJofb6MDfLb0IydQxt3Hrfh8qzpJcurbLF9WJ11NATtg3wKwONCwIDAQAB + -----END PUBLIC KEY----- + volumes: + - ./volumes/cds:/entando-data + user: "${UID}" + ports: + - 50080:8080 + - 50081:8081 diff --git a/opt/keycloak/realm-config/entando-dev-realm.json b/opt/keycloak/realm-config/entando-dev-realm.json new file mode 100644 index 0000000..cbd1c5a --- /dev/null +++ b/opt/keycloak/realm-config/entando-dev-realm.json @@ -0,0 +1,2329 @@ +{ + "id": "entando-dev", + "realm": "entando-dev", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "a2350d85-938e-440c-0000-35086fe0f1d8", + "name": "ROLE_ADMIN", + "description": "Entando-dev administrator role", + "composite": false, + "clientRole": false, + "containerId": "entando-dev", + "attributes": {} + }, + { + "id": "4db01b43-d0d3-407c-0000-29c41eb2775b", + "name": "default-roles-entando-dev", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": ["offline_access", "uma_authorization"], + "client": { + "account": ["view-profile", "manage-account"] + } + }, + "clientRole": false, + "containerId": "entando-dev", + "attributes": {} + }, + { + "id": "932ca70d-a311-42f9-0000-431cef835b9e", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "entando-dev", + "attributes": {} + }, + { + "id": "8b1a0e78-24be-49ed-0000-6471bd8d0f8f", + "name": "ROLE_USER", + "description": "Entando-dev user role", + "composite": false, + "clientRole": false, + "containerId": "entando-dev", + "attributes": {} + }, + { + "id": "96c0124c-0f00-4769-0000-f7dfd74a0af3", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "entando-dev", + "attributes": {} + } + ], + "client": { + "swagger_ui": [], + "external": [ + { + "id": "02174934-efb8-4630-0000-3ad983d920e2", + "name": "superuser", + "composite": false, + "clientRole": true, + "containerId": "af4d0fa6-aa13-4f15-0000-0526f8012388", + "attributes": {} + } + ], + "internal": [ + { + "id": "6ceaaca5-30a4-444b-0000-723b7cc13591", + "name": "uma_protection", + "composite": false, + "clientRole": true, + "containerId": "98ae8603-4547-4218-0000-ebc550a0e10b", + "attributes": {} + } + ], + "realm-management": [ + { + "id": "4873b8a8-8035-4b5e-0000-99ac74a4a43b", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "2f58d746-0582-47fe-0000-30809d5ad461", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "5aa18f9b-2fb1-4edb-0000-fb79273eee38", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "c9fb6965-e734-46b4-0000-fa9d1fb7e1cc", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "84752518-6f2f-451f-0000-de3ce6674ba1", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": ["query-users", "query-groups"] + } + }, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "42abef51-b33b-4eb3-0000-3c6b16ca3849", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "a3f9ba91-6ed5-47ff-0000-384c00cc203d", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "24493c26-5ea3-4e53-0000-ca27a06ff098", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "24ba1589-1141-4836-0000-ad1b10db4944", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "2d8a0ec8-111b-41a2-0000-7f1ae086c5b1", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "38cbec3e-9ca1-4292-0000-09e86fdcf6b1", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "4ee94804-bc06-4d02-0000-410768b88a49", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "3774414f-db0d-4928-0000-f22599622e97", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "8fdff21b-f46c-407c-0000-ce4fcc4c51d4", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "2a54d26e-7a55-4fc9-0000-45e613084562", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "5ea73aac-d0cf-4303-0000-c9d7f5852734", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "083a848a-49cb-457f-0000-120be8c74d9e", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-users", + "query-clients", + "view-events", + "view-users", + "manage-events", + "manage-identity-providers", + "impersonation", + "manage-users", + "create-client", + "manage-realm", + "view-identity-providers", + "manage-authorization", + "manage-clients", + "view-realm", + "view-authorization", + "view-clients", + "query-realms", + "query-groups" + ] + } + }, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "11bc32e5-55a6-431d-0000-32bd9504d070", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": ["query-clients"] + } + }, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + }, + { + "id": "8018bd1e-0b43-4b0c-0000-fbf31f8ee6db", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "48fb7988-d909-445a-0000-fe825dca0db2", + "attributes": {} + } + ], + "security-admin-console": [], + "webapp": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "225066d4-4a07-4550-0000-3d9359cbbac2", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "274afcdb-7742-4a3a-0000-17db61a4d200", + "attributes": {} + } + ], + "account": [ + { + "id": "90c6f520-bcc6-4387-0000-37fb4944573f", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "e07da50b-cddc-4524-0000-436a5a6ba8ab", + "attributes": {} + }, + { + "id": "354b3a09-47a6-4051-0000-c6a3ee28a190", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "e07da50b-cddc-4524-0000-436a5a6ba8ab", + "attributes": {} + }, + { + "id": "8d650dc2-d0e7-4ad7-0000-3ce1b7361b02", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "e07da50b-cddc-4524-0000-436a5a6ba8ab", + "attributes": {} + }, + { + "id": "5b722ce9-f381-4e0a-0000-8c0a2d7ed2d3", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": ["view-consent"] + } + }, + "clientRole": true, + "containerId": "e07da50b-cddc-4524-0000-436a5a6ba8ab", + "attributes": {} + }, + { + "id": "21b65e52-b4e3-453e-0000-10a44a4a887d", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": ["manage-account-links"] + } + }, + "clientRole": true, + "containerId": "e07da50b-cddc-4524-0000-436a5a6ba8ab", + "attributes": {} + }, + { + "id": "8f975ce3-545e-49c7-0000-e87790a6dac7", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "e07da50b-cddc-4524-0000-436a5a6ba8ab", + "attributes": {} + }, + { + "id": "d9215d43-a785-4521-0000-1408b46d92a5", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "e07da50b-cddc-4524-0000-436a5a6ba8ab", + "attributes": {} + } + ] + } + }, + "groups": [ + { + "id": "c4255caa-6cf7-40fb-0000-1b8799a438b8", + "name": "Admins", + "path": "/Admins", + "attributes": {}, + "realmRoles": ["ROLE_ADMIN"], + "clientRoles": {}, + "subGroups": [] + }, + { + "id": "ab0947d8-3b91-42a0-0000-953a3c207316", + "name": "Users", + "path": "/Users", + "attributes": {}, + "realmRoles": ["ROLE_USER"], + "clientRoles": {}, + "subGroups": [] + } + ], + "defaultRole": { + "id": "4db01b43-d0d3-407c-0000-29c41eb2775b", + "name": "default-roles-entando-dev", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "entando-dev" + }, + "requiredCredentials": ["password"], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": ["FreeOTP", "Google Authenticator"], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": ["ES256"], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "users": [ + { + "id": "43ebecad-e686-4af5-0000-7f32026517c1", + "createdTimestamp": 1681307493753, + "username": "service-account-internal", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "internal", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["default-roles-entando-dev"], + "clientRoles": { + "internal": ["uma_protection"] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "e39b2f96-e538-4026-0000-9d8d68de6d4a", + "createdTimestamp": 1679453512396, + "username": "service-account-external", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "external", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-entando-dev" + ], + "clientRoles": { + "realm-management": [ + "realm-admin" + ] + }, + "notBefore": 0, + "groups": [] + } + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": ["offline_access"] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": ["manage-account"] + } + ] + }, + "clients": [ + { + "id": "e07da50b-cddc-4524-0000-436a5a6ba8ab", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/entando-dev/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": ["/realms/entando-dev/account/*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": ["web-origins", "roles", "profile", "email"], + "optionalClientScopes": ["address", "phone", "offline_access"] + }, + { + "id": "58ef7891-c9aa-4000-0000-975f337cd19b", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/entando-dev/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["/realms/entando-dev/account/*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "643425af-c30c-47a1-0000-a218c4474aee", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": ["web-origins", "roles", "profile", "email"], + "optionalClientScopes": ["address", "phone", "offline_access"] + }, + { + "id": "5a9610bf-6a47-46a1-0000-9e43eacd98e8", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": ["web-origins", "roles", "profile", "email"], + "optionalClientScopes": ["address", "phone", "offline_access"] + }, + { + "id": "274afcdb-7742-4a3a-0000-17db61a4d200", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": ["web-origins", "roles", "profile", "email"], + "optionalClientScopes": ["address", "phone", "offline_access"] + }, + { + "id": "af4d0fa6-aa13-4f15-0000-0526f8012388", + "clientId": "external", + "name": "external", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "external", + "redirectUris": [ + "*" + ], + "webOrigins": [ + "*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": true, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "86f795f6-7a2a-46c3-0000-f737ce263d89", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "f697c439-05d3-4fcc-0000-983a9afa274f", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "9d209963-ebf6-4c4c-0000-381c2fbf9474", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + }, + { + "id": "98ae8603-4547-4218-0000-ebc550a0e10b", + "clientId": "internal", + "rootUrl" : "http://localhost:8081", + "adminUrl" : "http://localhost:8081", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "internal", + "redirectUris": ["*"], + "webOrigins": ["*"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes" : { + "saml.assertion.signature": "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers": [ + { + "id": "46513189-074c-4ba5-0000-29bae63faaaf", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "974887a2-e14a-4afd-0000-a848009079ae", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + }, + { + "id": "1b1a1f44-66df-4670-0000-46a3d361ec7c", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": ["web-origins", "roles", "profile", "email"], + "optionalClientScopes": ["address", "phone", "offline_access"], + "authorizationSettings": { + "allowRemoteResourceManagement": false, + "policyEnforcementMode": "ENFORCING", + "resources": [ + { + "name": "Default Resource", + "type": "urn:internal:resources:default", + "ownerManagedAccess": false, + "attributes": {}, + "_id": "3d0ef103-a177-492c-b3e1-622eb16f597e", + "uris": ["/*"] + } + ], + "policies": [], + "scopes": [], + "decisionStrategy": "UNANIMOUS" + } + }, + { + "id": "48fb7988-d909-445a-0000-fe825dca0db2", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": ["profile", "email"], + "optionalClientScopes": ["address", "phone", "offline_access"] + }, + { + "id": "0aa176c1-8d28-4a8b-0000-7e4b49a289ff", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/entando-dev/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": ["/admin/entando-dev/console/*"], + "webOrigins": ["+"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "abfaa4cd-4bc1-4223-0000-c56c641369f2", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": ["web-origins", "roles", "profile", "email"], + "optionalClientScopes": ["address", "phone", "offline_access"] + }, + { + "id": "d64b8b39-e190-44b8-0000-13d589e3e21f", + "clientId": "swagger_ui", + "rootUrl": "http://localhost:8081", + "adminUrl": "http://localhost:8081", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "*" + ], + "webOrigins": ["*"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": true, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "entando-dev", + "email" + ], + "optionalClientScopes": ["address", "phone", "offline_access"] + }, + { + "id": "1eabef67-6473-4ba8-0000-14bdbae4aaed", + "clientId": "webapp", + "rootUrl": "http://localhost:8081", + "adminUrl": "http://localhost:8081", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "*" + ], + "webOrigins": ["*"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": true, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "entando-dev", + "email" + ], + "optionalClientScopes": ["address", "phone", "offline_access"] + } + ], + "clientScopes": [ + { + "id": "391f1641-cb22-41a3-0000-752d9264aaf5", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "7cbb4477-af0c-4394-0000-b72a1b4638e0", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "021d9ac1-9650-401c-0000-efa2f3e6b70c", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "bbbd7dc1-63d0-468f-0000-4772833ef2fa", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "9271d821-b803-406d-0000-2f5a2693f065", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "90b1a715-e12e-4af8-0000-82a370d57d1a", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "3880d5d9-fced-4446-0000-0434f2bb76ea", + "name": "entando-dev", + "description": "Entando-dev specific claims", + "protocol": "openid-connect", + "attributes": { + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "e7c536ca-1711-4ed5-0000-20a25435f475", + "name": "login", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "preferred_username", + "claim.name": "login", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "646e3a98-5f0c-4192-0000-9719c295b278", + "name": "langKey", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "langKey", + "claim.name": "langKey", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "70b3e85f-e7b4-4c30-0000-e0b589776951", + "name": "roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "access.token.claim": "true", + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "84fdcb72-668b-408e-0000-110d594afe5e", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "134b3451-cf2d-4ead-0000-bf24b32f014c", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "39e1693b-a924-4fbb-0000-520869771f83", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${emailScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "76f898bc-70e4-4e0a-0000-ae4cb58260f9", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "e348c7f8-e835-4539-0000-b588510a82a9", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "5253d2be-3116-4510-0000-99619ce2494c", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "d5de6a8a-8894-4e72-0000-f9bf3a7a6541", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${profileScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "ecb34ff7-d27d-4696-0000-0512044b21a9", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "f3cf3c8b-891a-48a1-0000-1d10d55ddecd", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "fa3b86c8-abaf-4261-0000-41cd3cf2dc6a", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "219532f1-3c5c-4b30-0000-ae99adb6fc87", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "c443f4cd-1174-49a7-0000-65d5ccde5efa", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "14631b9c-83eb-48ab-0000-29f047015e52", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "cedd1f1b-951a-4332-0000-2edf1a266283", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "5a33d5e4-e124-412e-0000-b6b28b41382a", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "c4122959-6738-4883-0000-acd0033a477a", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "d7db1b88-2c3c-419a-0000-19ad13355a56", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "dfd19868-5c87-4a51-0000-2a82dfabb16c", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "id": "19551b04-fc0c-44c4-0000-966da87ba3c3", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "c422b63f-e809-41c2-0000-e801e8e25485", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "2ccf435c-c255-4715-0000-15091f97c5a5", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "1dc1e050-891a-4f5b-0000-5ea0c2e3c05e", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${addressScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "b9a92105-8ca5-45d1-0000-626255ac174f", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "e3836dd2-467b-4d0a-0000-03220f829c07", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "826a3d78-4dfc-42be-0000-659a2a624eaf", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "0d3b55db-e68b-4c83-0000-7370a6810a24", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${phoneScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "bbc582f4-4749-42b8-0000-71f4edfd3979", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "74840763-9b35-4c9a-0000-4008fedc26c2", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "roles", + "role_list", + "email", + "web-origins", + "profile", + "acr" + ], + "defaultOptionalClientScopes": ["phone", "address", "offline_access"], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": ["jboss-logging"], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "96bb5289-e057-4a3d-0000-89372bbc8cc0", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": ["true"] + } + }, + { + "id": "5782d02c-2ba5-47d1-0000-dfaaf0e5cfdf", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper" + ] + } + }, + { + "id": "c8d395e2-dd81-4118-0000-7095be5cc1c8", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", + "oidc-address-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "1175c6f8-2d58-437f-0000-4660c8c1a62c", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "4bd2778a-908f-4ac3-0000-61e674eecc2f", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "65809493-b60f-4b44-0000-28a22772c321", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": ["true"] + } + }, + { + "id": "950acf43-614d-47a3-0000-d5072433c4b8", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": ["200"] + } + }, + { + "id": "e2a65f9f-5ad8-4634-0000-810409a3e067", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": ["true"], + "client-uris-must-match": ["true"] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "8ab3be1d-3e01-4eb6-0000-d116b02ffc48", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": ["100"] + } + }, + { + "id": "2a3661d8-3594-4872-0000-9f2d394b675d", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": ["100"] + } + }, + { + "id": "1d291cea-3d41-41cb-0000-ef1513fe3fe8", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": ["100"] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "6de2b3e1-61af-4686-0000-f41f560374f7", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account - Alternatives - 0", + "userSetupAllowed": false + } + ] + }, + { + "id": "81d6eaf5-ecbf-4701-0000-d1d2e92bcc54", + "alias": "Handle Existing Account - Alternatives - 0", + "description": "Subflow of Handle Existing Account with alternative executions", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "74e366be-7226-4f25-0000-b5d73c8e28f7", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", + "userSetupAllowed": false + } + ] + }, + { + "id": "64bc4673-564c-498f-0000-cbcdd89b9fff", + "alias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", + "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "fb8c99fa-a365-4bfe-0000-5959a12ae464", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "4190c645-2bed-42ef-0000-7ac9f121adfa", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "2754ca5b-9ff9-4887-0000-d9d34eea871f", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "direct grant - direct-grant-validate-otp - Conditional", + "userSetupAllowed": false + } + ] + }, + { + "id": "ee0343c2-b339-471d-0000-111e5a8d897f", + "alias": "direct grant - direct-grant-validate-otp - Conditional", + "description": "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "01beda2d-c3c0-4c1e-0000-0f5a945a998a", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "3afa6359-0b39-41e3-0000-7bf587026c21", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "first broker login - Alternatives - 0", + "userSetupAllowed": false + } + ] + }, + { + "id": "8e8ff188-59ea-43ed-0000-33b3209b7ba8", + "alias": "first broker login - Alternatives - 0", + "description": "Subflow of first broker login with alternative executions", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "b228a78a-2fc4-4d5b-0000-86f4d83fa6a9", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "forms - auth-otp-form - Conditional", + "userSetupAllowed": false + } + ] + }, + { + "id": "8596b264-489a-4ea2-0000-3d945096848f", + "alias": "forms - auth-otp-form - Conditional", + "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "1f2059f7-014f-48db-0000-e1ed0de3c686", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "6d322f85-5ecb-471c-0000-14526801b3b0", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-profile-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "8c36cc04-c7d2-4fba-0000-eb99e12d3c49", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "reset credentials - reset-otp - Conditional", + "userSetupAllowed": false + } + ] + }, + { + "id": "77f65819-5c97-4e4e-0000-2d1052ec89dd", + "alias": "reset credentials - reset-otp - Conditional", + "description": "Flow to determine if the reset-otp authenticator should be used or not.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "04256a0f-1819-426f-0000-d138a26d8f6e", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "673a4c5d-64ed-4621-0000-950244786e64", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "74d1f81b-10e6-4fcc-0000-dcbcc020caec", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 0, + "config": {} + }, + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "priority": 0, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 0, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 0, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 0, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "oauth2DevicePollingInterval": "5", + "parRequestUriLifespan": "60", + "cibaInterval": "5" + }, + "keycloakVersion": "18.0.2", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} diff --git a/opt/keycloak/realm-config/entando-dev-users-0.json b/opt/keycloak/realm-config/entando-dev-users-0.json new file mode 100644 index 0000000..d60cd3c --- /dev/null +++ b/opt/keycloak/realm-config/entando-dev-users-0.json @@ -0,0 +1,64 @@ +{ + "realm": "entando-dev", + "users": [ + { + "id": "4c973896-5761-41fc-0000-07c5d13a004b", + "createdTimestamp": 1505479415590, + "username": "admin", + "enabled": true, + "totp": false, + "emailVerified": true, + "firstName": "Admin", + "lastName": "Administrator", + "email": "admin@localhost", + "credentials": [ + { + "id": "2159f7fb-a49e-406b-0000-9bbf59985496", + "type": "password", + "createdDate": 1505479429154, + "secretData": "{\"value\":\"4pf9K2jWSCcHC+CwsZP/qidN5pSmDUe6AX6wBerSGdBVKkExay8MWKx+EKmaaObZW6FVsD8vdW/ZsyUFD9gJ1Q==\",\"salt\":\"1/qNkZ5kr77jOMOBPBogGw==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } + ], + "attributes": { + "authorizations": ["administrators_r_admin"] + }, + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["offline_access", "uma_authorization"], + "clientRoles": { + "account": ["view-profile", "manage-account"] + }, + "notBefore": 0, + "groups": ["/Admins", "/Users"] + }, + { + "id": "c4af4e2f-b432-4c3b-0000-cca86cd5b97b", + "createdTimestamp": 1505479373742, + "username": "user", + "enabled": true, + "totp": false, + "emailVerified": true, + "firstName": "", + "lastName": "User", + "email": "user@localhost", + "credentials": [ + { + "id": "c34e657c-e061-4020-0000-e58d5b024d5c", + "type": "password", + "createdDate": 1505479392766, + "secretData": "{\"value\":\"MbKsMgWPnZyImih8s4SaoCSCq+XIY/c6S9F93sXEidHF1TjPWxCqMkec0+o3860CMLXHt3az61cIJOWI0FW9aw==\",\"salt\":\"fmpBI1r8R1u75hDLMUlwBw==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["offline_access", "uma_authorization"], + "clientRoles": { + "account": ["view-profile", "manage-account"] + }, + "notBefore": 0, + "groups": ["/Users"] + } + ] +} diff --git a/opt/postman_collection.json b/opt/postman_collection.json new file mode 100644 index 0000000..e270c92 --- /dev/null +++ b/opt/postman_collection.json @@ -0,0 +1,3582 @@ +{ + "info": { + "_postman_id": "38b18b96-c3cf-470e-9a00-70c087aba069", + "name": "CDS API Tests", + "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", + "_exporter_id": "5245832" + }, + "item": [ + { + "name": "Authentication", + "item": [ + { + "name": "Login as Admin", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.collectionVariables.set('accessToken', pm.response.json().access_token);", + " pm.collectionVariables.set('refreshToken', pm.response.json().refresh_token);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/x-www-form-urlencoded" + } + ], + "body": { + "mode": "urlencoded", + "urlencoded": [ + { + "key": "username", + "value": "{{keycloak-username}}" + }, + { + "key": "password", + "value": "{{keycloak-password}}" + }, + { + "key": "client_id", + "value": "{{keycloak-client-id}}" + }, + { + "key": "client_secret", + "value": "{{keycloak-client-secret}}" + }, + { + "key": "grant_type", + "value": "password" + } + ] + }, + "url": { + "raw": "{{keycloak-url}}/realms/{{keycloak-realm}}/protocol/openid-connect/token", + "host": [ + "{{keycloak-url}}" + ], + "path": [ + "realms", + "{{keycloak-realm}}", + "protocol", + "openid-connect", + "token" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Cleanup", + "item": [ + { + "name": "Delete Public Directory", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/public/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "public", + "" + ] + } + }, + "response": [] + }, + { + "name": "Delete entando-data Directory", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/entando-data/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "entando-data", + "" + ] + } + }, + "response": [] + }, + { + "name": "Delete Protected Directory", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/protected/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "protected", + "" + ] + } + }, + "response": [] + }, + { + "name": "Delete Archive Directory", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/archives/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "archives", + "" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Directory and File Creation", + "item": [ + { + "name": "Create Public Directory Relative", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "{{test-main-folder}}", + "type": "text" + }, + { + "key": "protected", + "value": "false", + "type": "text" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Public Directory Absolute", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path/", + "value": "/{{test-absolute-folder}}", + "type": "text" + }, + { + "key": "protected", + "value": "false", + "type": "text" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Public Subdirectory Relative", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "{{test-main-subfolder}}", + "type": "text" + }, + { + "key": "protected", + "value": "false", + "type": "text" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Public Subdirectory Absolute", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "/{{test-absolute-subfolder}}", + "type": "text" + }, + { + "key": "protected", + "value": "false", + "type": "text" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Public File in Root", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "", + "type": "text" + }, + { + "key": "protected", + "value": "false", + "type": "text" + }, + { + "key": "filename", + "value": "{{test-filename}}", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Public File in Root With Empty Filename", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "", + "type": "text" + }, + { + "key": "protected", + "value": "false", + "type": "text" + }, + { + "key": "filename", + "value": "", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Public File in Root With Filename Path Traversal", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Filename cannot contain path separators\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "", + "type": "text" + }, + { + "key": "protected", + "value": "false", + "type": "text" + }, + { + "key": "filename", + "value": "../../etc/passwd", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Public File in Relative Folder", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "{{test-main-folder}}", + "type": "text" + }, + { + "key": "protected", + "value": "false", + "type": "text" + }, + { + "key": "filename", + "value": "{{test-filename}}", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Public File in Relative Subfolder", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "{{test-main-subfolder}}", + "type": "text" + }, + { + "key": "protected", + "value": "false", + "type": "text" + }, + { + "key": "filename", + "value": "{{test-filename}}", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Public File in Absolute Folder", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "/{{test-absolute-folder}}", + "type": "text" + }, + { + "key": "protected", + "value": "false", + "type": "text" + }, + { + "key": "filename", + "value": "{{test-filename}}", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Public File in Absolute Subfolder", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "/{{test-absolute-subfolder}}", + "type": "text" + }, + { + "key": "protected", + "value": "false", + "type": "text" + }, + { + "key": "filename", + "value": "{{test-filename}}", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Protected Directory Relative", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "{{test-main-folder}}", + "type": "text" + }, + { + "key": "protected", + "value": "true", + "type": "text" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Protected Subdirectory Relative", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "{{test-main-subfolder}}", + "type": "text" + }, + { + "key": "protected", + "value": "true", + "type": "text" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Protected Directory Absolute", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "/{{test-absolute-folder}}", + "type": "text" + }, + { + "key": "protected", + "value": "true", + "type": "text" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Protected Subdirectory Absolute", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "/{{test-absolute-subfolder}}", + "type": "text" + }, + { + "key": "protected", + "value": "true", + "type": "text" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Protected File in Root", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "", + "type": "text" + }, + { + "key": "protected", + "value": "true", + "type": "text" + }, + { + "key": "filename", + "value": "{{test-filename}}", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Protected File in Root With Empty Filename", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "", + "type": "text" + }, + { + "key": "protected", + "value": "true", + "type": "text" + }, + { + "key": "filename", + "value": "", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Protected File in Root With Filename Path Traversal", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Filename cannot contain path separators\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "", + "type": "text" + }, + { + "key": "protected", + "value": "true", + "type": "text" + }, + { + "key": "filename", + "value": "../../etc/passwd", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Protected File in Relative Folder", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "{{test-main-folder}}", + "type": "text" + }, + { + "key": "protected", + "value": "true", + "type": "text" + }, + { + "key": "filename", + "value": "{{test-filename}}", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Protected File in Relative Subfolder", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "{{test-main-subfolder}}", + "type": "text" + }, + { + "key": "protected", + "value": "true", + "type": "text" + }, + { + "key": "filename", + "value": "{{test-filename}}", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Protected File in Absolute Folder", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "/{{test-absolute-folder}}", + "type": "text" + }, + { + "key": "protected", + "value": "true", + "type": "text" + }, + { + "key": "filename", + "value": "{{test-filename}}", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Create Protected File in Absolute Subfolder", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json()[0].status).to.equal(\"Ok\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "/{{test-absolute-subfolder}}", + "type": "text" + }, + { + "key": "protected", + "value": "true", + "type": "text" + }, + { + "key": "filename", + "value": "{{test-filename}}", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Resource Retrieval", + "item": [ + { + "name": "Get Existing Public Resource - As User", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{cds-public-url}}/public/{{test-main-subfolder}}/{{test-filename}}", + "host": [ + "{{cds-public-url}}" + ], + "path": [ + "public", + "{{test-main-subfolder}}", + "{{test-filename}}" + ] + } + }, + "response": [] + }, + { + "name": "Get Existing Public Resource - As Admin", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/public/{{test-main-subfolder}}/{{test-filename}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "public", + "{{test-main-subfolder}}", + "{{test-filename}}" + ] + } + }, + "response": [] + }, + { + "name": "Get Public Resource - Not Found", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(404);", + " pm.expect(pm.response.text()).to.equal(\"File not found. Or tried to list content of a directory.\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{cds-public-url}}/public/{{test-main-subfolder}}/{{test-filename-notfound}}", + "host": [ + "{{cds-public-url}}" + ], + "path": [ + "public", + "{{test-main-subfolder}}", + "{{test-filename-notfound}}" + ] + } + }, + "response": [] + }, + { + "name": "Get Public Resource - As Admin - Not Found", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(404);", + " pm.expect(pm.response.text()).to.equal(\"File not found. Or tried to list content of a directory.\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/public/{{test-main-subfolder}}/{{test-filename-notfound}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "public", + "{{test-main-subfolder}}", + "{{test-filename-notfound}}" + ] + } + }, + "response": [] + }, + { + "name": "Get Existing Protected Resource - As Admin", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/protected/{{test-main-subfolder}}/{{test-filename}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "protected", + "{{test-main-subfolder}}", + "{{test-filename}}" + ] + } + }, + "response": [] + }, + { + "name": "Get Protected Resource - As Admin - Not Found", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(404);", + " pm.expect(pm.response.text()).to.equal(\"File not found. Or tried to list content of a directory.\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/protected/{{test-main-subfolder}}/{{test-filename-notfound}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "protected", + "{{test-main-subfolder}}", + "{{test-filename-notfound}}" + ] + } + }, + "response": [] + }, + { + "name": "List Resources - protected", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/list/protected", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "list", + "protected" + ] + } + }, + "response": [] + }, + { + "name": "List Resources - public", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/list/public", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "list", + "public" + ] + } + }, + "response": [] + }, + { + "name": "List Resources - protected/temp/subfolder", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/list/protected/{{test-main-subfolder}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "list", + "protected", + "{{test-main-subfolder}}" + ] + } + }, + "response": [] + }, + { + "name": "List Resources - public/temp/subfolder", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/list/public/{{test-main-subfolder}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "list", + "public", + "{{test-main-subfolder}}" + ] + } + }, + "response": [] + }, + { + "name": "List Resources - public/../../entando-data/public/", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/list/public/../../entando-data/public/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "list", + "public", + "..", + "..", + "entando-data", + "public", + "" + ] + } + }, + "response": [] + }, + { + "name": "Compress Resources", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/utils/compress/public/{{test-main-folder}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "utils", + "compress", + "public", + "{{test-main-folder}}" + ] + } + }, + "response": [] + }, + { + "name": "List Resources - archives", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/list/archives", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "list", + "archives" + ] + } + }, + "response": [] + }, + { + "name": "Get Archive", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/archives/entando-data.tar.gz", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "archives", + "entando-data.tar.gz" + ] + } + }, + "response": [] + }, + { + "name": "Decompress Archive", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/utils/decompress/entando-data.tar.gz", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "utils", + "decompress", + "entando-data.tar.gz" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Path Traversal Attacks", + "item": [ + { + "name": "Path Traversal Error - As User - 1", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(404);", + " pm.expect(pm.response.text()).to.equal(\"File not found. Or tried to list content of a directory.\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{cds-public-url}}/public/cms/../etc/passwd", + "host": [ + "{{cds-public-url}}" + ], + "path": [ + "public", + "cms", + "..", + "etc", + "passwd" + ] + } + }, + "response": [] + }, + { + "name": "Path Traversal Error - As User - 2", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(404);", + " pm.expect(pm.response.text()).to.equal(\"File not found. Or tried to list content of a directory.\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{cds-public-url}}/public/cms/../../etc/passwd", + "host": [ + "{{cds-public-url}}" + ], + "path": [ + "public", + "cms", + "..", + "..", + "etc", + "passwd" + ] + } + }, + "response": [] + }, + { + "name": "Path Traversal Error - As User - 3", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{cds-public-url}}/public/cms/../../../etc/passwd", + "host": [ + "{{cds-public-url}}" + ], + "path": [ + "public", + "cms", + "..", + "..", + "..", + "etc", + "passwd" + ] + } + }, + "response": [] + }, + { + "name": "Path Traversal Error - As Admin - 1", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(404);", + " pm.expect(pm.response.text()).to.equal(\"File not found. Or tried to list content of a directory.\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/protected/cms/../etc/passwd", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "protected", + "cms", + "..", + "etc", + "passwd" + ] + } + }, + "response": [] + }, + { + "name": "Path Traversal Error - As Admin - 2", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(404);", + " pm.expect(pm.response.text()).to.equal(\"File not found. Or tried to list content of a directory.\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/protected/cms/../../etc/passwd", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "protected", + "cms", + "..", + "..", + "etc", + "passwd" + ] + } + }, + "response": [] + }, + { + "name": "Path Traversal Error - As Admin - 3", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/protected/cms/../../../etc/passwd", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "protected", + "cms", + "..", + "..", + "..", + "etc", + "passwd" + ] + } + }, + "response": [] + }, + { + "name": "List Resources - Path Traversal - 1", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/list/protected/../../tmp", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "list", + "protected", + "..", + "..", + "tmp" + ] + } + }, + "response": [] + }, + { + "name": "List Resources - Path Traversal - 2", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/list/public/../../tmp", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "list", + "public", + "..", + "..", + "tmp" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Path Traversal CRUD", + "item": [ + { + "name": "Create public file - Path Traversal Upload", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "temp/../../../tmp", + "type": "text" + }, + { + "key": "protected", + "value": "false", + "type": "text" + }, + { + "key": "filename", + "value": "public.jpg", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Get Public Resource - Uploaded by Path Traversal", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{cds-public-url}}/public/temp/../../../tmp/public.jpg", + "host": [ + "{{cds-public-url}}" + ], + "path": [ + "public", + "temp", + "..", + "..", + "..", + "tmp", + "public.jpg" + ] + } + }, + "response": [] + }, + { + "name": "Get Public Resource By Admin - Uploaded by Path Traversal", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}", + "type": "text" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/public/temp/../../../tmp/public.jpg", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "public", + "temp", + "..", + "..", + "..", + "tmp", + "public.jpg" + ] + } + }, + "response": [] + }, + { + "name": "Delete public file - Uploaded by Path Traversal", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/public/temp/../../../tmp/public.jpg", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "public", + "temp", + "..", + "..", + "..", + "tmp", + "public.jpg" + ] + } + }, + "response": [] + }, + { + "name": "Get Public Resource By Admin - Uploaded by Path Traversal - Not Found", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}", + "type": "text" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/public/temp/../../../tmp/public.jpg", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "public", + "temp", + "..", + "..", + "..", + "tmp", + "public.jpg" + ] + } + }, + "response": [] + }, + { + "name": "Create protected file - Path Traversal Upload", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "path", + "value": "temp/../../../tmp", + "type": "text" + }, + { + "key": "protected", + "value": "true", + "type": "text" + }, + { + "key": "filename", + "value": "protected.jpg", + "type": "text" + }, + { + "key": "file", + "type": "text", + "src": "{{file-to-upload}}" + } + ] + }, + "url": { + "raw": "{{cds-private-url}}/api/v1/upload/", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "upload", + "" + ] + } + }, + "response": [] + }, + { + "name": "Get Protected Resource By Admin - Uploaded by Path Traversal", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}", + "type": "text" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/protected/temp/../../../tmp/protected.jpg", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "protected", + "temp", + "..", + "..", + "..", + "tmp", + "protected.jpg" + ] + } + }, + "response": [] + }, + { + "name": "Delete protected Resource - Uploaded by Path Traversal", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/protected/temp/../../../tmp/protected.jpg", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "protected", + "temp", + "..", + "..", + "..", + "tmp", + "protected.jpg" + ] + } + }, + "response": [] + }, + { + "name": "Get Protected Resource By Admin - Uploaded by Path Traversal - Not Found", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(400);", + " pm.expect(pm.response.text()).to.equal(\"Path traversal attempt detected\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}", + "type": "text" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/protected/temp/../../../tmp/protected.jpg", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "protected", + "temp", + "..", + "..", + "..", + "tmp", + "protected.jpg" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Directory and File Cleanup", + "item": [ + { + "name": "Delete Public File", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json().status).to.equal(\"OK\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/public/{{test-main-subfolder}}/{{test-filename}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "public", + "{{test-main-subfolder}}", + "{{test-filename}}" + ] + } + }, + "response": [] + }, + { + "name": "Delete Public File - Not Found", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json().status).to.equal(\"KO\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/public/{{test-main-subfolder}}/{{test-filename-notfound}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "public", + "{{test-main-subfolder}}", + "{{test-filename-notfound}}" + ] + } + }, + "response": [] + }, + { + "name": "Delete Public Directory", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json().status).to.equal(\"OK\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/public/{{test-main-folder}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "public", + "{{test-main-folder}}" + ] + } + }, + "response": [] + }, + { + "name": "Delete Public Subdirectory", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json().status).to.equal(\"OK\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/public/{{test-absolute-subfolder}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "public", + "{{test-absolute-subfolder}}" + ] + } + }, + "response": [] + }, + { + "name": "Delete Public Directory Not Found", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json().status).to.equal(\"KO\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/public/{{test-absolute-folder}}/notfound", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "public", + "{{test-absolute-folder}}", + "notfound" + ] + } + }, + "response": [] + }, + { + "name": "Delete Public Directory Absolute", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json().status).to.equal(\"OK\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/public/{{test-absolute-folder}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "public", + "{{test-absolute-folder}}" + ] + } + }, + "response": [] + }, + { + "name": "Delete Protected File", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json().status).to.equal(\"OK\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/protected/{{test-main-subfolder}}/{{test-filename}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "protected", + "{{test-main-subfolder}}", + "{{test-filename}}" + ] + } + }, + "response": [] + }, + { + "name": "Delete Protected File - Not Found", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json().status).to.equal(\"KO\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/protected/{{test-main-subfolder}}/{{test-filename-notfound}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "protected", + "{{test-main-subfolder}}", + "{{test-filename-notfound}}" + ] + } + }, + "response": [] + }, + { + "name": "Delete Protected Directory", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json().status).to.equal(\"OK\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/protected/{{test-main-folder}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "protected", + "{{test-main-folder}}" + ] + } + }, + "response": [] + }, + { + "name": "Delete Protected Subdirectory", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json().status).to.equal(\"OK\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/protected/{{test-absolute-subfolder}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "protected", + "{{test-absolute-subfolder}}" + ] + } + }, + "response": [] + }, + { + "name": "Delete Protected Directory Not Found", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json().status).to.equal(\"KO\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/protected/{{test-absolute-folder}}/{{test-filename-notfound}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "protected", + "{{test-absolute-folder}}", + "{{test-filename-notfound}}" + ] + } + }, + "response": [] + }, + { + "name": "Delete Protected Directory Absolute", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('Request executed successfully', function () {", + " pm.expect(pm.response.code).to.equal(200);", + " pm.expect(pm.response.json().status).to.equal(\"OK\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Bearer {{accessToken}}" + } + ], + "url": { + "raw": "{{cds-private-url}}/api/v1/delete/protected/{{test-absolute-folder}}", + "host": [ + "{{cds-private-url}}" + ], + "path": [ + "api", + "v1", + "delete", + "protected", + "{{test-absolute-folder}}" + ] + } + }, + "response": [] + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "packages": {}, + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "packages": {}, + "exec": [ + "" + ] + } + } + ], + "variable": [ + { + "key": "cds-private-url", + "value": "http://localhost:50080" + }, + { + "key": "cds-public-url", + "value": "http://localhost:50081/cds" + }, + { + "key": "keycloak-url", + "value": "http://localhost:50090/auth" + }, + { + "key": "keycloak-realm", + "value": "entando-dev" + }, + { + "key": "keycloak-client-id", + "value": "external" + }, + { + "key": "keycloak-client-secret", + "value": "external" + }, + { + "key": "keycloak-username", + "value": "admin" + }, + { + "key": "keycloak-password", + "value": "admin" + }, + { + "key": "test-main-folder", + "value": "test", + "type": "string" + }, + { + "key": "test-main-subfolder", + "value": "test/subfolder", + "type": "string" + }, + { + "key": "test-filename", + "value": "logo.jpg", + "type": "string" + }, + { + "key": "test-filename-notfound", + "value": "pippo.txt", + "type": "string" + }, + { + "key": "test-absolute-folder", + "value": "absolute", + "type": "string" + }, + { + "key": "test-absolute-subfolder", + "value": "absolute/subfolder", + "type": "string" + }, + { + "key": "accessToken", + "value": "" + }, + { + "key": "refreshToken", + "value": "" + }, + { + "key": "file-to-upload", + "value": "/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAAAAAAAP/sABFEdWNreQABAAQAAABkAAD/7gAOQWRvYmUAZMAAAAAB/9sAhAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAgICAgICAgICAgIDAwMDAwMDAwMDAQEBAQEBAQIBAQICAgECAgMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwP/wAARCABnAIYDAREAAhEBAxEB/8QApgABAAEEAwEAAAAAAAAAAAAAAAgDBgcJBAUKAgEBAAEFAQEBAAAAAAAAAAAAAAcCAwUGCAkEARAAAAYBBAEEAQMCBAcAAAAAAQIDBAUGBwAREggTIRQVCTEiMhZBJGFCIzN1tTZ2thc3EQACAQMDAwMDAgMFBgYDAAABAgMRBAUAEgYhEwcxIghBURRhMnEjFYFCUnIzYrKzJHQWkYJDczU2JXUX/9oADAMBAAIRAxEAPwD38aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaawHnPs5hTrnGtXuVbo0hXkiiotD1xmg4l7PMkSExBUYQkems7K08pBTF0v4WhVP0mVKPprdOH+PeW87naHjdo00UZAeViEhjr9GkYhd1OuxdzkdQpGo18i+XfH/iu1S45nfpbzyqTFAoaW4lA6VSJAW21FO4+2IN0Lg6jdj37P8AqfkGxs6yNistJdSKyLZhIXuvpxEG4drn8abZaYjpGYZxe4/lV6Zs3D+qgD6a33OfHjyVhLB8h2Le7jjBLLbyb5Ao6khGVGf/ACx7m/2dRRxf5f8Ahbk2VjxBurvHzSsFR7yERwsxNAplR5Vj/wA0pjQfVtZxv/cLr9i/KDDEN8vCdYtr6OSljrS8bIx9aYRy8ZIyrZ2+tL1s3giIuko4Uk/GuoJnKpEv38gJp+F8W825Fx1+T4azNxjEcpRHVpWYOqFVhUmSoLVNVHtBb0pWROS+dPGXD+YR8H5JkRZ5uSISEyxukCIY3kVnuGVYQGCFRtdquyp+6oWOc99rnUiGmFoppK3uyN0VvCM5A05X4c+x+B1URmpCGk1kSDuPIrUQMAbk5bhvvdl8bPJt3ai5kis4HIr25JxvH6Htq6A/pv6fWmoryXzQ8I2F81nDNkbuJWp3obU9o9aEjuvFIQPuI+o9K9NSXQ7ZYPkMGznYeDtSlixrWypknHUPHOlJqLfHdxrI8S+gnZWb9nKILS7cxklSk3SVKqUTJmIc2gP405fBzCHg15bCDP3Fe2HYCN12u29ZF3KyEI1CK+4FTRgQJaj81ePLrx3ceUcdem64naACZokYyxuWjQxvCwV1kBkQlWA9rBwShVjoYrPdKkJ/YBMdmrMNwVxqopPtIaNbsm7qbaRqtDJTYYSwykskwarLe0SUcARx6CJh3MP57NyHibLt4Ti8fY/8UZ8CNpGLERs4uO/J/MCFiBuIWq/YdBrzcxHn7jyfJmfy5l/zjxMmZYo1QNKsZsxaxfyjIEUnapcB/qTUnW+brh2mxv2jiLNOY1ZWxtHVSSYxUiraIllFCs9ftVXhE2RWctKeYEEEwFQTcOPkLtvuO3GXPPHOf8dXVvZ597Zp7mNnUQuz0VSFq25EpUnpSvofTXpH4p8x8U8xWN3keJx3qWtlKkbm4jSOrupYBNsklaAe6tKVFK9aYyzb9hnWbBVge1GwWaVtVsilVEJiv0GKTn3EO5TKImZyMk6fRUAhIEUL41G3vDOEFPRUifrrYeI+DvIHMbFMnY28VtjJACkly5jDg/3lQK8hWnUNs2sOqltah5B+UHiPxzk5MJk7ya9zUJIlhs4xM0TD+48jPHCrg9GTul0PR1XVn0b7Reot0eoR7u22KiOXJikQNeaw7YshUMAG4LysItYIpiUPXdRwskkAh+71DfKZj47eTsTCZ4raC9jX1/HlDNT9EkEbt/BVY/p66wfHfmF4Qz9wtrPfXWNlc0H5duyJX9ZIjNGn8XdV/X0rn7L3bDCmC7zTMfZMsTuvTl6+PUhnS8S8/jzdnISq8MEjMWM5E4eJYMXqH90dVUPbJHKqcAS3OGlcY8a8t5jh7vN8fgWezs9wcB17pZUD7Ui6u7Mp9gVfcQVFW6akvnHmrx/465FYcY5bdPa5HI7DExjbsKryGLfLOQIo0Rx/MLMNikOwCVYRruP2sdS6pMrRDCUvF4K3XK3Wl6dVU1YYD8uCx0XVjla2s8QQNvuogkqmoAbpCoUQEd+xXxu8mZK1F1NHZ2ZZahJ5iH/SoiSUKT9mII9GCmo1E+e+Z3hPC37WNtNkciFbaZbW3Bir6Ehp5ICwX/EisG9ULChMs8EdjcSdkK06s2KrIEujGOEmc5EPWq0XYIB2umKrdGVinQAqmk6TKYUXCQqtVhIcqapjJqAWNOZcE5NwK/XH8kt+00ilo3Uh45FBoSjjoSDTcpo61BZQGUma/HHlThPlbEvluGXffSFgs0TqY5oWIqokjbqAwrtdS0b0YK5KsBj7PXdrrz1zki16/wBuXdW0UEnJ6fVI9SfsDVsuUFEVZMiSiEbDiskYp003jlBVVMwHIQxB5azfDPEfOOd2/wCdhLULjKkd+ZhHGSOhCVqz0PQlEZQQQSD01rHkn5B+L/Fd2MZya+Z83tDG1tkM0yqeoMgBEcVRQqssiMykMqlTXWnrvr31xf2SxdVarig2R69LxF6CXmEp9gzgkX8KnDTTAvFeEscum6IZ64RUKkrxEAEDCAGKIB1J4Y8Mci4DyO5yXJfwJ7WWz2IY2aQrIZI29JIkI9oYVFftWh68LfJP5J8P8scOssNws5W1voMj3ZRMiwh4hFKnrDPKGG9lYK1PoaAggbgestvq9C6Y4Rt90n4usVmDw7THcrNzLxJjHskfiGaZPIssYoGWXWUKmkmXkosqcqZCmOYpR5d8gYvI5ryvl8XiYZLjITZWdUjjUszHex6AfQAEsT0VQWJABOu5vEecw/GvAnHs5n7mGzxFvgrVpJZWCIg7agVJ+pJCqoqzMQqgsQDH+Z+2rqbFypo5mfJVialXOj85DU5slFGIQihgclTnp2EmBQOYgFD+08m5gESgXcQ3a0+M/ku5tu/KMfBJtr25JyX+nSscciVHr++nQ9a0BjO/+bPhWzvTawHLXUIYjvRWqiOgB91JpopaGlB/LrUjpSpElIvuZ13m8M2bPMTfE39BpnxyNqM3i5Q9hgZCXfMouKi5Kte0CXbu5GTkUkETin7ZQRE5VRSIdQug3HinnNpyu34Zc2RTNXe4w1dO1IqKzu6y7thVUVmYV3joCu4hTLFn568XZDgV35IsskJeNWGwXG2OQzwvK6RxxyQbe6rPI6oh29tqlg5RWYaS+s6+KO1naPLeee1NyqEdUYNZOZhK1kK2Q1dg3x5aSds6hXjlm5Bmm/rtRg44SqNiHEqq3g84nKooVXrjyAnJfG3jrGcM8cWl0+UmBjkltoZJZFCIrTyjtqxWWaRqhyKhd+yhVSvn14kk4X5n8w5vyR5lv7GLB27CWKC9uYoInMkjLbQESuoeC2hQhowaM/b7hYM4e5/sZtnUq/sscUbrVCU+eywjbiNlXWIaqwQiXdfkWb1gWuqPq9HNmlmmH9gFkZgk2F0KJSrepBWKCmO8E4zyZhJr/Mc/muoeNG1qBezMXWRWVu6FlYmJFj7gkZ9m4lPXYduY+VGa8Jcmt8Vx3xNb2NzzVb4KWxlugiaF0dOwXgRVuJXm7RhWPubQJOq9wBsY92aJKRGben9AyEUH0+TrjgGr3viscFXkkjcLbATKCr9uqCzldJJuLcXQHBRXxgpuAj6bD4jzNvdcR5Rm8H7LI57JTW/ToqGCGSMhSKAEndspQV29RrUPkFxu8sfIPBeM8o/mZMcVw1vedTVpBdXMMoLqasQF2dwGrbd3QnW+OydPOt87jqWxw1w5jmFjX8E7h2MlGVGFbz0Q4VbHSaTLOfK0Cb+XZODFWBwZwZZQ4D5DGAxt+M7Dylz2zzsWekyt/NcJMHZHmkMbgGrRtHXt7GHt2hdoH7QKCnpDlfBXinI8Wn4rDgcVb2kls0SSR20SzRMVIWVZgvd7qtRt5csxHuJqa6lvpnlHLi0Z2qDrg7gJCt1CcXjnRQcNPkI6VlGSaxWyvNADqoSIgoPHc/jT334F26Y+VltGmOw2Ujqt6lxPGGHRtrIjEVHXoV6delW+51xP8CryWXMcjwc1HxktpbSmNvcu9JJEB2moqQ53dOu1a/tGugwHGxy321X+PVYMlWBL1nAhGKjVA7MpUoWxikUrYyYolKmJQ4gBdg29NfbzS4nX4zWU6u4mNnj/AHAnd1kir1rXrrGeNbS1f5s5O1eKM2wyOWohUFRSKentpTp9OnTW3buHkZfAfWDLd8pqLOFn2cMzi4FZgi1ZKtZy2TMXU2ks1TICRFn0MEv7wnoYf7bcQEoCGuYvFuCTmnkPGYbKlpbJ5WeQMSwMcKPMyE9aLJs2H0/d6gnXcHnXlMnjXxBm+SYFY7fJRwLHCUCoVmuZY7ZZFAoC8Xd7o9f9OtCBTWub6petOPrbQrZnfI9Wh7vY5S5Pa9Vv5ZGoTrWIZQzRk7k5xo3lCOGqsxMS8odI7g6Z1kSsw8ZyiqqAzt8kuf5vGZm24bgbmWzsI7RZZuy5jLtIzKkbFKEIiICFBCsZPcDtWnK/ww8S8YzfG73yRyuzgyGVmv3gt/yYxMsaRKjSTKsgZTLLLIVLkFlEXtYb3BwV9vdMp9QyfiganU61Vxl6XNupYa7BRcIMo6SngIk5kRjWrb3q6ZDiBTqcjAAiAD663L4v5bKZTj2SGTubi4EV3GE7sjybAY6kLvJ2g/UCg1HXzjwGCwfL8KcLZWlmZ7CZpOxDHF3GE1Az9tV3kAkAtUgayB90iSQWzAS4JpgspXr6kosBCgqdJGSrB0UzqAHMyaR1ziUBHYonMIfkdYT4nMxxuaQk7BPbED6VKzVNPuaCv8B9tbL8/EQZrjUgA7htbwE06kCS3IBPrQEmg+lT9zrbFSerXXRhi6LpiGF8dngJWtx6Mok5rMa8kpIzmNICjx7POkVp1xKAK5jJuzORconHkmcpgAQ5py/kbnc3IpMs+Wvhex3DFCJXVUo3RVjBEYToAUC7GHRgQTrtTj/hzxZbcOhwEeAxZxs1ogkDW6M7lo+rPMwMzSe4lZDJ3FPVWBAI0i9CZ7/0J2i7OsGCyz+tY9xXm9Zw1eLeH5Jri+zxz2NdOBKqk3Te+3jFCeQ25SEcK7bctw6680WX/enjrj08wCX99kseAVFdpu4WVwOhJWrg0HUlV+1Nee/xsyf/APNfMPL7a2ZpMTi8Nliysab1x9wjxs3UKH2xsNx6AO/pWouj6ycQQPZLL2Zc0ZsjWeQ3lcUiHxWtqZklIyVuV6kJuQczbxk5IowfHiGsCoQiCpDop+8IYpAFMglx/wAg+UXvAeMYrifEZGsYpw61hbY6QW6xqI1YUZd5kBLKQx2EE+5q5j4i8GxvljnGe5/5Bijyk9oYn23C9yOS6u3ldpWRqo/aWEgIwKr3VIWqqRnv7ecf0KsYbxjL1qkVGvSquSk4pWTg61DRMgpGBVLAv8cd6wZN3J2HnQIfwibx8yFHbcA1pfxgzeayPKsha5C8up7YY8uEklkdQ/eiG7azEbqEjdStCRXrqSfnFxjjeH4JiL3E4+xtb05YRmSGCKNzH+NMe2XRFYpUA7a7agGlQNQy7i5KsDvr30fwZFuVCRTjCFPyBKRqKoE+XlpMi1XrXuyCoAeONCLf+HlsQTujCIiJC8ZW8WYCyi5vy/mFwoNyuYntkcj9iIRNLT/Pvj3fWiD7msCeduW5Obxh488dWbkWTcetr2RAad2SQG3g3CvpH25ttaCshJrtFN8OO+oXX+h4wi8ZDiqhTrEkK0YWORmqvESsraZIqAA/mZeVfM1JFy9cPDnURMKhfaAJSIAkRNMpeNc75Q5tmeQychGSvYZjKWiWOZ0SFK+2NEVgoULQMKe/qX3FmJ9IeLeDvGXG+Hw8ROGxtzbC3VJ3lt4pJLiSnvlkkdS7OzEspqO2KLHsVVA0AQWE0a73lunUeLeSSOML/fY6o2WL99ydvsbRNggMvR7EXouPSUax9cQRI839yUDKCAAZQyY9r3nLmvvD1p5OuEjPIbKyaaJ9vtW6eOSyZttP2FpWYp+w0XrRQ2vM3HePo8X8ich4Qs5Jl4fk8kltPHv9z2Mc0OTRN9f9RUgRRL/qCrUFWZT1WEcVdfMb9ksi4N7lxT6OjYx46g67aXE3O12Ni5Rk9FeKkJRaGXaCEBcoByk4QeK7oJAKJjcE1DnJ9PLuSc3z/AbHmHimRJLiRRJLCI45XdGWjqgkDfzIJAVZF9ze4CrKAfi8e8M8Y8U8sZXx356hkitIZGhguDLNBHHIjVjeQxFf5N1CyukrexfYTtV2ZdzdbkvrZ6osjXOnzuE4F+VuoZnKwVoDJ96VbOk+B04RQktcbj7V2QQKf24lQEB/WIF9dcpX9v588ky/0nKQ5eaHd7kkh/EtwVP/AKg2QQbl9Ru9326672xV38T/AAvbnP4K54/bXIU7ZIbj+oXhVhQiIiS6utrDodlEI/caa12/ZHMRdh7o9a5+EfN5OGnMZYcmIiSZqAq0kIuSyvenrB81VD0Ubu2ixFCGD8lMA6nPwLa3Fj4nz9ldo0d3DkL5HRhRldLO3VlI+hUggj7jXLfyuvrPJ+fuJ5LHyJNYXGIxcsUimqvHJkbt0dT9VZSGB+oOvRPrhfXqVrz0/TF/9OzR/wBhwH/kB9dw/K7/AOvYn/rZP+FrzA+A/wD9uz//AOth/wCMdWlTrzWMM/a3fbLkyURqNfHImUUHEzKCCUfHktsDMKV57ILgJgax8gEi22WEOCYLlOpwIBzFyeVw+R5X8bbKw4/Gbq+/BtCI06s3ZkQSqo+rLtb2+p2kLU0BweC5Fh+BfNDJZbl0y2OM/qmQDSydEQXMMphdz/dR96e49F3gttUMRta7cDUuy/U/OtWxFbankqYhYiNmfDR7BD2xVrK1Scj7b8RvCOpAqMzJMIBwgk2HZdTycSl3OG/NvjEZPx/5Kw2R5RbXOPtZZXStxG8IKTRtDv8A5gWsaNIrFv2ilSeh12h5uOE8t+FuR4fg97ZZa+t4I5aWk0VyVktpkue1/KZ6SyJC6Kn723UA6jUKPqs7Q4lqWIrFiPI19rNEnoS3ytlglbfMx9dipavTTCNFdJlLSqrSOPIR0qycHVQMqCopLEMQDFKpwlv5H+O+TZPk8HJ8DZXF5ZzWqRSCBGldJY2ehZEDNtZGUBgKVUgkEivP3w08wcJwnB7rhHKslaY7JW99JPCbmVII5IJUjqEkkKoXSRXLIW3FWVlBAbbDb7P8/wBCzjmyutMby7OzVzHlTNAuLPHH80XLz0hKupCTJDuymFGRimDcGyZHKf8AprL+XgJ0wIoeVfjxwnNcP4lPLn4nt7++ue4IW6OkaoFTePVXY7iUPVV21oxKiBvl/wCTON+RPIFrBxSeO7xWLsuy1whrHLM8jPIIm9HjRdiiRejPv2lkCs2dvuBs1euTrrZaKnNxdkrs1WMgPImbhXzeSi5BsaSqpPK1eNVFUFilUIYhth3IcolHYwCAab8XcffYqPP47JQyQX0VxbK8cilXU7JuhUgEdKEfcEEdDqRvnNl8XnpuJ5jC3EN3irizvWjlidXjde5biqspIPUEHr0IINCCNb9at/0xXP8AgMR/y9vrivI//IT/APvP/vHXpbhv/h7T/pov9xdedDqlVDXvut26o5RSA1yo/aCqFFwACgBrFa04gBWASmAUgF5+r0H039Nd2eSckMN4k4vmDWlpeYibp6/yoS/T9fb015YeF8KeSfIDnHHV21v8dyC293p/PuBF1/T3df013v1d5wqHXzI+Y8TZnmWeOnFmUhUWz22OW8PExFtoz6fjJivy8k6MRrGPHicyIlO4UI35MTE5gc5Cn+P5EcQynN8DiuTcTie+jtxISsILu8NwsbpIijq6qU6hQWpIDSgJGR+HvkPB+MOV57hPPp0xUt2Ygr3LLFHFc2jzRywyu1FjZxL0LkJWEruDMoa6vti7LYsyXEY7xRje1wV5cwVge3GzTdZkW0zBxihYteHiYlCZj1l418+cFkHKjgiRzi3BJMDCBjiUMb8avH/I+P3V9yXP201nHNAsEUcqmORxvDu5jYB1UbUCkgbqtToK6zXzU8tcN5bY4rhfFL22yM1tdPdXEtu6ywxntmKOMSoTG7tvkZwpOzaoJBagjL2rroS+BOmmb6bIx87E17Etew5bJOEdNpH+IXqp+Szx9fsHgMsEbKrJTzlQjdcCqAVATCXicgmkHxvffi805XxDKxvDcz5OW+hSQFe/bzfymkjrTegMaAstR7qA1BpEfmbF/neNeBeQsDLFc2NrhIcXcyRMr/jXltW4SGahPbkImkYI4BohJFGWu+Ogd5ustyxrGZCkMw0CqqHh0Xs/WLBZY2LtUJJptgUkooay6clnpFVByVRNAWqC5XgF3QFQBDXGmb8PeQcVn5MHBi725USlY5ooneGRCaK/dA7agihbeylK0cLr0h4z8ifEee4nDyi5zuMsmMAea3mnjjuIpAtXj/HZu85DAqhjRxLSsZeutEFVyjKWztrk7uywjJMMaYryJXrlYHhm64uC0uz3mv4uhocP9cClsj6ozSrlNrzEhhZql/2y67JyXHbbGeM8d4jmkj/7gyVjLBEtRTvw28t3I/p/pLPGEL0qO4p/cdecGG5heZrzZl/kFbQzf9pYbKQ3UzbTu/FuLuHHxRev+u9tK0gjrQ9px+0a9CWc+qWCexabZTKVHayswwR9vHWiNdPIOzMW4HE4Niy8Ws3VesyCYwlbuwcNyGOYxSAYeWuIOH+SeZcEZl47eNHauatC4WSJj99jghW9Ksm1jQAkjpr098i+F/HHlNUbmOOSa/jXalxGzQ3CLWu3uxlS6ipokm9ASSFB66jrUvq06h1eSTkndVs9xMiuLhBlbbbIOI1M25BTTUZQhIJN6giJNwTceYp+QgoBw2AN6yfyL8n5G3NvFc29qCtC0MKhz9yGk7hUn7rtI+lNRbhPhz4Pw92LueyvL8q24Jc3LtGPSgKRCEOBT0fcDUhtwoBm3IXTDrxk220q6WekGJMY8ga9WacjAzEtW4aEgqrKv5mCjWkFCO2USRswfSSvEvi28YgT9pQANRwflfnPHsZd4nH3lbW+mllnMiJLJJJMixyO0kis9WVBU7vWp9STqQeT+A/F3Ls3j8/l8eRfYu2gt7UQyyQRRQ28jywxrDEyR7UeRqDb+2i+gA1KfUc6mTUacF9R8G9cZadm8T1qRgpGyRzaKllXtjnZsq7Jo5F2gmRKXfO00DFXHfkQAMIegjtrf+Y+TeYc8tobTktwk0FvIXQLFHHRiNpNUVSen0Ool8c+EfHfiq9uchwq0lt7q7iWOQvPNLVFbcABI7AdfqKHVv506Q9d+w9iRuGQqi7C2kbN2TmxVyZfQMhKMmiZkmjeXI1OZjImapCBE1lERclTIRMFPGUpA+3h3l3nPBrE4vB3S/0wsWEUsayKjMasUr7lqepUNtJJbbuJOsZ5G+PXi3yjlVzvKLF/62EVGngleF5EUUVZQp2PtFArMu8KFXdsAXV5YA6vYg6zR9hYYohpWN/la0YvYHUtYpibWkDwxX5IzZB87PHMRbFk1wEzZBE6wHAFROCafDF828ico8gTwT8kljk/GDiIJEkYXft39VG5q7F6OzBaHaBuaue8Z+H+DeJLW6tuFwTRfmtGZmknllLmLeI+jsUTb3H6xopao3ltqbcKZE+tzqbkizv7bIUV/XZWWWUdSiVNn39fiXr1U3JV78KkK8YxXVH1ODVJumocROYoqGMYdtwXnvyXgcemMgvEntogAhnjWR1Uei9w0dgPpvLEDoCAABH/ACn4o+FOV5eXN3WNktb2di0gtZnhjdz6v2hWNCfr21QE1YgsSTebvof1TeY2Y4qVxLFJ1WNlTzzVZvJTjayhOLNiNHMovbEZMlidrOmyZSKJquTtzEIQvjAqaYFxMXmXyRFn35IuTlOSki7ZBSMxdsHcEEJTtKASSCFDVJO6rMTnp/jh4Yn4nHwx8JCMNFMZlKyTLP3ioVpDciQTsWUAFWcoQFGyiqBxLZ0J6xXSp49o83SJVSs4uYz0dS49G7XIh4xrZZUJuZTVfqzi0i/BzJ7qEBdVQECj40gImBSBdxnmfyFicnfZizvIxkMi8bTsbeD3mJO2hCiMKtE6HaBuPuarEk2c38a/EOfwuL49kMfMcRh45ktUF3dVjWeTuyguZS77pOo3sQg9qbUAUS/ZtUWLRqybFEjdm3QaoEExjiVFukVFIonMImMJSEANxHcdRdLI80jTSdXZiT/Emp1OUEMdtAlvEKRRoFUevRRQdf4DUccc9R8G4pyjYsx0mtSMdfbV/IfmpRxY52RbOP5RKpTMz44x8+Xj2/uJBApy8Ey+MA4l2D01vme8m8w5Jx2DiuXuEkwtt2u2gijUjsoY46uqhjRSQanr6nrqKuK+EPHfC+YXXO+P2ksXJbzv92Rp5nVvyJBLLSN3KLucAiijb6Cg1bGbei/W7P1jG43uluELasVJORsVYl31ffzKSCBW6BZlNoczCRWRRIQpV1ERcgQhSeTgUC6yPEfMXPeFWH9Kw12rYwV2xSosqxkmp7ZPuUE1JUNsqSdtTXWI8g/HTxR5Lyv9e5Hj2XNsAHnt5XheUAbR3Qp2OQAAHZO5QBd20Aap1PoZ1WqFEs2PWWLI6RhLki0Rsz6ckZaSsckWPcFdsRRsR3qcrC+0dEKoQsco0IChQNsJvXX7k/M/kfKZm3zk2SeO7tSxiWNUSJNw2tWLaUk3CoPdDmnStNU4X42+GsHxy74vb4aKXH36qLh5nkknk2MGSk5cSRbWAYCBoxuFaV1fVA6p4FxrjWyYhrdBaLY8uD9aUs9bsUlM2plMSS7ZizF8qWxSEl7Rym3i23jM28HiUbpqk2VKB9YfNeSOaZ/P2/KL+9YZy1QJDLEqQsiAs20dpU3Al3qH3VDMpqpprYuM+GPG3E+J3fB8TjEbi99IZLiCeSW4SWQqi7yJ3k2sBHHtMezaUV1o43ajcv8AVd08Wk1H5Kja2zY7n3AQyF6sHxiaYm5CzTOs4Wlgbbem4uhVAP8APv6631Pkd5SS3EJurZpAtO4beLeT/iNAEr/5KfpqKZPhr4KkuzcrY3qRF93aF5P2wP8ACCWMm36f6m7/AGtSma9acEscTyWDmWNK+zxZMgiMxVWoPm6cqu3es5FB/JSyTwk8+lUHse3UI8VdHdFFBPZQAIUAjmTn/MpuSx8wmyE7cjirsmO07AVZSqIV7aoVZgUCBDub29TqY4fE3jm34XL48t8Tax8OuKd23XeokKurh5JAwmeQOiMJWkMgKLRqKKZy1p+pE1A/N2Zb1XM2Q8hWWtscYrwenEK5pcwicWarqDfStzzgXNR5IISZS4vx64bWRuVk3WFQz4oKiBQDaZeI8Vw1/wASlgyDWy8jzBcWAkL97/lq9vsBVKf83ch7VjIy0EZ21Oub/IXPeR4ryBBdYhL1uG8dERyrRCP8c/mbTN+UWcSf/j7Ix3yCJHqZgHIGuVP9k7ZGt82y6Nwwu0Xx5OT9bh8YScbMGvEMyirHX4ImUr1LJZAbLGozaJlDzrlu1r7cPiVETlkA9Tmt2XAcZO+ItXtcsyX0Mcr3aOn48jPFLJ+HbobYj8gugt1Z7lv5wYGD0AvZPyxmrSLkF9HfYBJMXcTQRY+SOX8uJI54YRkLyQXqn8RY5Ddukdkn/LGNhdDqxsnKHbLIlBlaND1uwYZyelO1iWsRbXX2EXB1W/y7G5t4QaHUn0/2CSZViYjYpYpHLr3dlOZ66QN7FFPkXWX4740weatry6v4MtjmhuEi7MjPJNbI0Bk/ImWPGlpUZwSqbLUCNHHeZqHWv8w818p41e46xxN1gMwlzZyT/kwpHDb3sqXSxfh2zzZoJbyxxkB5O7fkyyRn8dEqNdlZu0+R4aaz5XW8nhRKex9JRq1Mj38jAlik6i4vrSpuJCy251m2HhXV7Ube5InWZYtHWCSTKiR24SEyxfnx/jnA3Vphb548sbK+jcTsqybzOLZpgsUIsHkFuDsJu4TkF7RLGJGoh+vL+ZOVWF/yXFxTcfXJYuWM2qO8PbFs14tszz3LZaKJrwr3AthcjEt31CLNKlZBMPFmQYnItFpNlaTDGRfWakVu2qkRj1K+u4ZzTT9EyjV3kvOyMPESL1uv7Yp3j0gFIJSunHEVTRbyPCXOCzF3j5Injht7yWEVYSgNG3+mZlSNXdVK7yEjNTUxpXaJ04byey5TxzH5aGeOW4u8fBckBDCWWVekot2lmeKJ3V+2DLKKCgmlpvMFMpZKtVc7Dz5GN/BkWJzb1+rbapny+8ZSzqn2uOx2haIqvYLdRDqGuaEyecdeV8m7bO2YnWcE3FrxUmLjmAxt/wAHhM1lvMmIyUpm/CVkE8LXJheXIBxJAY+2lIyjo9FjP+pVec+Y8szOK8o3K22T7Yg5BhYFtjk2SRrW5SyFxHDiGiaK6Epmk3TCWOSKryrXs0a9rn2asbqh5HZRilSUt1RxJ2+sl1h4l5NNJulvsQTKtfxz8l8TZms7VzWZqr5/IKqDp6JBcR6iKaZjFxOK8fWMeZsJrgXIxd1k8JFA7rG0c63sYlutm+IxzdojbTayR1Ec6uzAHYM/5cys3G8rb2hsjnLHCcmnu4o2lWW1fGSmGx7nbuFmt++p313JJLQy2rxqpIoXXNdupUjkyIJe6nTI+Sy9kaOJfMpFlpuuVSKq+FMeWJjVIBmhdaSLGXnZOSXcMig/TQS8LpQEVVjlKavEcSxmWgx9ybO5u548Xat+PZ7I5Znmv7mJppGMFxuSNEVXPbLHdGCyqCRb5B5AzmAusvZLkrKwtpc5fILzIdyWC2jt8VZTpbQqLq02SzSSO8Q7you2ZgjuwBlbhSbUlMV4vSlZc8jaxxTjebsKcg/M8sIqTdcSKSXmSOVVJITy8lGvQBwuG7hdut+oxiH2jbltottyPItbRCPG/wBSuo4iq7YqRyn2R0AX2K8ftX9qsnQAisz+P8g15w3DpezmXNf0WxlnDvunrLAKSyhiZKyyRy+9/wB7pJ1JVqR9bWytyWdsoRuUs3SuPp6qXqoQ+MccmyMzocRMU2Sp9KkY2bbwBnbRO/Ht10lZRgqosDoU1UPZpkSUSKI7vJjL+34bjrjjuIjvrK5s53u7r8Vrh0nSedXjMm1vxuzAkMgC7Khu6SysdRlFmsTd+Rsxa8x5DNi8lZZK2isLH85bOKW1e1tXjlWHcovDc3UlxCzMJNrJ2FCOgrj9p2zyKu2l10H+JJuRd0m42ZOqwsNPmn8LTFeyZTqLGVnLxD35webeybe0uBEEUK8qL6JcERTVQ5roZuTxpgkkiR0ycMC3cERmkkj7d+ktpPcPLZf8sO2qGFf3NcjtzIXZXoj6xB5r5TJFPJHLhLi6fH3VwLeKKbvYqWC/tbOODJ1vCZXkW4f9qWTd62lWNHj3SR5CcZkzQZ//AAdpJ4vSuETeMjVqYtTmgWtxWpVhR8eVa/tlI2nJZUbSkK7kk7MDRQ6s2/IkZEVQIcDeMuDj4rxMQ/1iWPInFyWdrKkIuYRKjXFzNbEPObMpIqGLeALeMndtJFNx2mXnnPjcf9vQTYdc7Bkb6CW4ayuWgkS0sre8Ux2oyKyRNILgRktdzBSu8K1dosqK7c32cy/jymtYKnxkHbIfDMq5hJQ0c3sUpH5Rqqc9KT9esUtkyvujtqw7cHbpMmlWmTPjRzkoukFDAVLLXPjHC2fF77KyTXUl5bS3yCRNxiRrSbtpHLElpKAZVAYyPeQCMSxntuoq2vWXm/kuR5zi8DDbWMWOvYMXI0UmxZ5EyFuJpJoJ5L+FituxKLFHj7ozGCUd6NiAnDf56yVccFNskROZMJVeXHI/Xw1kgI6pSzuSxBBW3MUNWLJVMpOl8yNjqPGQuyoyqx2sIko0i5VsmRMzpJ9HXoeGYDFcxbA3OKy9xa/gZLtSNMireyQ2MksU1oBYmittLQqHuCHmtpGLCNoZ7Fz5J5bnfHKcrss9x6zvv6rhe/CltI0mMhucnFbz22QY5RSWTcEuGMdopjt72FVUzJcWuwWNkmUgVwk1k42TcxqrdlLDGroqFaSC8awliIOG6bl2owVcRsm3dJpKHE/tnKR9zEOUxoQnt5oCrSRyRxyAsm4EblDslQSAGAdGQsBTerDoQQOnLS7t7pWSGaKaaIqknbIIVzGkgDKGYoWjkSRVYk9t0apVgT2WrGvr0001QM1anI6TO2QOm95e8IZFMxHfNAjU3uiiUSr8myRUx577kKBfwABqsSSAqwZgyft6n29a9Pt1JPT6mvrq0YYWV1ZFKyfvFBRqgKd3+L2gL1r0AHoNU/YMAWUcAyae4WQBqsv7ZHzKtQ2AGyivDmdAAD9giJf8NVd6baE3tsDVAqaA/cD7/r66p/Gtu4Ze2ndZdpO0VK/4SaVK/p6apliowpGiRY5gVNgp5WKZWbcCMldxN5GhAT4tlOQ77k4jvr9NzcEsxkfc4ox3H3D7N16j+OqRZ2YVEEUYSI1QbVoh+6intP6imqijBgqDoqrJoqV/w98VRsicHnjIVJP3QGIIOOCZAKHPfYoAAega/FmmUqVdgU/bQn216mn269emqmtrZw4eNCJKb6qDuoKDd091AABWvQU1WKiiVTylSSKqKRERUKmQFPCmYxk0uYBy8RDHMIF32ARHb86oLsV2knbWtPpU+p/jq4I41beFAegFaCtB6Cv2FTQenXXGGMjRehJDHsRkShsWQFo3F6AeMUdgdePzgHhESfu/aO341c/IuO1+Pvfsf4dx2+tfStPXr6eurX4dobj8sxR/lD+/tXf6U/dSvp09fTpqsZm0ODoDtW5wek8b0DIJGB2n4vDwdAJR9wTw/o2PuHH0/GqBLKNpDMNhqvU+01r0+3Xr0+vXVbQQMHDIpEgo9QPcKUo3+IU6da9OnpqmtHR7lNRJwxZuElVyuVU1myCqajghSFI4UIchinXKUhQA4gJgAA9fTVSTzxkMjsrAUBBIoPsP0/TVMlrbSqUljjZGbcQVBBYUoxBHU9B19eg1yASSBU64JpgsommkosBCgqdJEyp0UzqAHMyaR1ziUBHYonMIfkdUbmKhCTsBJA+lTSpp9zQV/gPtq6EQOZAB3CACadSBUgE+tASaD6VP3OqR2TNVyg9UaNlHjYpyNnZ0EjuW5VCmIoVBcxBVSKoU4gYCiACAjvqoSyrGYlZhE3qtTQ09Kj0NNW2t4HmW4dEM6A7WIBZa9DQ0qK/Wh66+Ajo8oujAxZgZ6cijwQaoALtRMd0zuhAm65yD+BPuIf01+9+c7QXeiCi9T7QfWn2/s1+C1tgXIjjrIQW9o9xHoW6dSPpWuqns2nMVfat/IY6igqeBLmKiqZEVTifjyE6qKZSGH8mKUAH0DVPdlpt3NtoBSp9Aaj/wJqP11V2IN27Yu4kmtBWpABP8SAAfuABr4BgwKq2XKyaAuzRFu0WBsiCrVAS8BQbKATmgiJPTiUQLt6baq70xVkLtsY1YVNCfuR9T+p1SLa2DpII07ka7VO0VUelFNKgU+g6a+TRscYrshmDIxH5ub4hmqAlem2AOTsop7OTbBtufkOgnnBUh3qn7ep9v+X7f2a/DaWpDqYoysp942j3/AObp7v7a65CaKKIqCkkkkKxyqKimmQgqqFSSQKdQSgHM5UESEAR3ECEKH4ANUM7NTcSaCgr9BUnp/aSf4knV1I446lFCljU0AFSAFqfuaAD+AA9ANVdU6r0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001/9k=", + "type": "string" + } + ] +} \ No newline at end of file diff --git a/opt/volumes/cds/placeholder b/opt/volumes/cds/placeholder new file mode 100644 index 0000000..b3a4252 --- /dev/null +++ b/opt/volumes/cds/placeholder @@ -0,0 +1 @@ +placeholder \ No newline at end of file diff --git a/opt/volumes/keycloak/placeholder b/opt/volumes/keycloak/placeholder new file mode 100644 index 0000000..b3a4252 --- /dev/null +++ b/opt/volumes/keycloak/placeholder @@ -0,0 +1 @@ +placeholder \ No newline at end of file diff --git a/opt/volumes/placeholder b/opt/volumes/placeholder new file mode 100644 index 0000000..b3a4252 --- /dev/null +++ b/opt/volumes/placeholder @@ -0,0 +1 @@ +placeholder \ No newline at end of file diff --git a/src/utils.rs b/src/utils.rs index d10d5f8..2ec91d1 100644 --- a/src/utils.rs +++ b/src/utils.rs @@ -50,14 +50,9 @@ pub fn take_validated_and_sanitized_full_path(user_path: &str, base_path: &str) /// Returns a secure PathBuf relative to the base path, or an error if the path is invalid. pub fn validate_and_sanitize_path(user_path: &str, base_path: &str) -> Result { // Remove any leading/trailing whitespace - let user_path = user_path.trim() + let user_path = remove_leading_slashes(remove_leading_backslashes(user_path.trim())) .replace("\\", "/"); - // Reject empty paths - if user_path.is_empty() { - return Err(ErrorBadRequest("Path cannot be empty")); - } - // Reject absolute paths if user_path.starts_with('/') || user_path.starts_with('\\') { return Err(ErrorBadRequest("Absolute paths are not allowed")); @@ -128,6 +123,15 @@ fn normalize_path(path: &Path) -> PathBuf { result } +fn remove_leading_slashes(s: &str) -> &str { + s.trim_start_matches('/') +} + +fn remove_leading_backslashes(s: &str) -> &str { + // Note: the backslash must be escaped in the string literal + s.trim_start_matches('\\') +} + /// Check if a normalized path starts with a normalized base path fn path_starts_with_base(path: &Path, base: &Path) -> bool { let path_components: Vec<_> = path.components().collect(); @@ -322,6 +326,7 @@ mod tests { assert!(validate_and_sanitize_path("archives/data.tar.gz", "entando-data").is_ok()); assert!(validate_and_sanitize_path("public", "entando-data").is_ok()); assert!(validate_and_sanitize_path("public/nested/deep/file.txt", "entando-data").is_ok()); + assert!(validate_and_sanitize_path("/public/nested/deep/file.txt", "entando-data").is_ok()); } #[test] @@ -353,10 +358,12 @@ mod tests { #[test] fn test_validate_and_sanitize_path_absolute_paths() { // Test absolute paths (should be rejected) - assert!(validate_and_sanitize_path("/etc/passwd", "entando-data").is_err()); - assert!(validate_and_sanitize_path("/root/.ssh/id_rsa", "entando-data").is_err()); - assert!(validate_and_sanitize_path("\\windows\\system32\\drivers\\etc\\hosts", "entando-data").is_err()); - assert!(validate_and_sanitize_path("/home/user/.bashrc", "entando-data").is_err()); + assert!(validate_and_sanitize_path("/etc/passwd", "entando-data").is_ok()); + assert!(validate_and_sanitize_path("////etc/passwd", "entando-data").is_ok()); + assert!(validate_and_sanitize_path("/root/.ssh/id_rsa", "entando-data").is_ok()); + assert!(validate_and_sanitize_path("\\windows\\system32\\drivers\\etc\\hosts", "entando-data").is_ok()); + assert!(validate_and_sanitize_path("\\\\windows\\system32\\drivers\\etc\\hosts", "entando-data").is_ok()); + assert!(validate_and_sanitize_path("/home/user/.bashrc", "entando-data").is_ok()); } #[test] @@ -369,14 +376,23 @@ mod tests { } #[test] - fn test_validate_and_sanitize_path_edge_cases() { + fn test_validate_and_sanitize_path_root_cases() { // Test empty and whitespace paths - assert!(validate_and_sanitize_path("", "entando-data").is_err()); - assert!(validate_and_sanitize_path(" ", "entando-data").is_err()); - assert!(validate_and_sanitize_path("\t\n", "entando-data").is_err()); - - // Test current directory references + assert!(validate_and_sanitize_path("", "entando-data").is_ok()); + assert!(validate_and_sanitize_path(" ", "entando-data").is_ok()); + assert!(validate_and_sanitize_path("\t\n", "entando-data").is_ok()); + + // Test root folder + assert!(validate_and_sanitize_path("/", "entando-data").is_ok()); + assert!(validate_and_sanitize_path("\\", "entando-data").is_ok()); + + // Test base folder assert!(validate_and_sanitize_path(".", "entando-data").is_ok()); + } + + #[test] + fn test_validate_and_sanitize_path_edge_cases() { + // Test current directory references assert!(validate_and_sanitize_path("./public/test.txt", "entando-data").is_ok()); assert!(validate_and_sanitize_path("public/./test.txt", "entando-data").is_ok()); @@ -444,21 +460,32 @@ mod tests { #[test] fn test_take_validated_and_sanitized_full_path_absolute_paths() { // Test absolute paths (should be rejected) - assert!(take_validated_and_sanitized_full_path("/etc/passwd", "entando-data").is_err()); - assert!(take_validated_and_sanitized_full_path("/root/.ssh/id_rsa", "entando-data").is_err()); - assert!(take_validated_and_sanitized_full_path("\\windows\\system32\\drivers\\etc\\hosts", "entando-data").is_err()); - assert!(take_validated_and_sanitized_full_path("/home/user/.bashrc", "entando-data").is_err()); + assert!(take_validated_and_sanitized_full_path("/etc/passwd", "entando-data").is_ok()); + assert!(take_validated_and_sanitized_full_path("////etc/passwd", "entando-data").is_ok()); + assert!(take_validated_and_sanitized_full_path("/root/.ssh/id_rsa", "entando-data").is_ok()); + assert!(take_validated_and_sanitized_full_path("\\windows\\system32\\drivers\\etc\\hosts", "entando-data").is_ok()); + assert!(take_validated_and_sanitized_full_path("\\\\windows\\system32\\drivers\\etc\\hosts", "entando-data").is_ok()); + assert!(take_validated_and_sanitized_full_path("/home/user/.bashrc", "entando-data").is_ok()); } #[test] - fn test_take_validated_and_sanitized_full_path_edge_cases() { + fn test_take_validated_and_sanitized_full_path_root_cases() { // Test empty and whitespace paths - assert!(take_validated_and_sanitized_full_path("", "entando-data").is_err()); - assert!(take_validated_and_sanitized_full_path(" ", "entando-data").is_err()); - assert!(take_validated_and_sanitized_full_path("\t\n", "entando-data").is_err()); + assert!(take_validated_and_sanitized_full_path("", "entando-data").is_ok()); + assert!(take_validated_and_sanitized_full_path(" ", "entando-data").is_ok()); + assert!(take_validated_and_sanitized_full_path("\t\n", "entando-data").is_ok()); - // Test current directory references + // Test root folder + assert!(take_validated_and_sanitized_full_path("/", "entando-data").is_ok()); + assert!(take_validated_and_sanitized_full_path("\\", "entando-data").is_ok()); + + // Test base folder assert!(take_validated_and_sanitized_full_path(".", "entando-data").is_ok()); + } + + #[test] + fn test_take_validated_and_sanitized_full_path_edge_cases() { + // Test current directory references assert!(take_validated_and_sanitized_full_path("./public/test.txt", "entando-data").is_ok()); assert!(take_validated_and_sanitized_full_path("public/./test.txt", "entando-data").is_ok()); @@ -577,11 +604,8 @@ mod tests { assert!(error_msg.contains("Path traversal attempt detected")); let result = validate_and_sanitize_path("/etc/passwd", "entando-data"); - assert!(result.is_err()); - let error = result.unwrap_err(); - let error_msg = format!("{}", error); - assert!(error_msg.contains("Absolute paths are not allowed")); - + assert!(result.is_ok()); + let result = validate_filename("../test.txt"); assert!(result.is_err()); let error = result.unwrap_err();