[CalendarServer-changes] [4141] CalDAVTester/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Sat May 2 12:02:02 PDT 2009
Revision: 4141
http://trac.macosforge.org/projects/calendarserver/changeset/4141
Author: cdaboo at apple.com
Date: 2009-05-02 12:02:02 -0700 (Sat, 02 May 2009)
Log Message:
-----------
Additional tests for invalid ORGANIZER changes.
Modified Paths:
--------------
CalDAVTester/trunk/scripts/tests/implicitsecurity.xml
Added Paths:
-----------
CalDAVTester/trunk/Resource/implicit/security/attendeeswitchorganizer/6.ics
CalDAVTester/trunk/Resource/implicit/security/attendeeswitchorganizer/7.ics
Added: CalDAVTester/trunk/Resource/implicit/security/attendeeswitchorganizer/6.ics
===================================================================
--- CalDAVTester/trunk/Resource/implicit/security/attendeeswitchorganizer/6.ics (rev 0)
+++ CalDAVTester/trunk/Resource/implicit/security/attendeeswitchorganizer/6.ics 2009-05-02 19:02:02 UTC (rev 4141)
@@ -0,0 +1,35 @@
+BEGIN:VCALENDAR
+CALSCALE:GREGORIAN
+PRODID:-//Example Inc.//Example Calendar//EN
+VERSION:2.0
+BEGIN:VTIMEZONE
+LAST-MODIFIED:20040110T032845Z
+TZID:US/Eastern
+BEGIN:DAYLIGHT
+DTSTART:20000404T020000
+RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
+TZNAME:EDT
+TZOFFSETFROM:-0500
+TZOFFSETTO:-0400
+END:DAYLIGHT
+BEGIN:STANDARD
+DTSTART:20001026T020000
+RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
+TZNAME:EST
+TZOFFSETFROM:-0400
+TZOFFSETTO:-0500
+END:STANDARD
+END:VTIMEZONE
+BEGIN:VEVENT
+DTSTAMP:20051222T205953Z
+CREATED:20060101T150000Z
+DTSTART;TZID=US/Eastern:20060101T100000
+DURATION:PT1H
+SUMMARY:event 3
+UID:event3 at ninevah.local
+ORGANIZER;CN=$username2::$cuaddr2:
+ATTENDEE;CN=$username1:;PARTSTAT=ACCEPTED:$cuaddr1:
+ATTENDEE;CN=$username2:;RSVP=TRUE;PARTSTAT=NEEDS-ACTION:$cuaddr2:
+ATTENDEE;CN=$username3:;PARTSTAT=ACCEPTED:$cuaddr3:
+END:VEVENT
+END:VCALENDAR
Added: CalDAVTester/trunk/Resource/implicit/security/attendeeswitchorganizer/7.ics
===================================================================
--- CalDAVTester/trunk/Resource/implicit/security/attendeeswitchorganizer/7.ics (rev 0)
+++ CalDAVTester/trunk/Resource/implicit/security/attendeeswitchorganizer/7.ics 2009-05-02 19:02:02 UTC (rev 4141)
@@ -0,0 +1,35 @@
+BEGIN:VCALENDAR
+CALSCALE:GREGORIAN
+PRODID:-//Example Inc.//Example Calendar//EN
+VERSION:2.0
+BEGIN:VTIMEZONE
+LAST-MODIFIED:20040110T032845Z
+TZID:US/Eastern
+BEGIN:DAYLIGHT
+DTSTART:20000404T020000
+RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
+TZNAME:EDT
+TZOFFSETFROM:-0500
+TZOFFSETTO:-0400
+END:DAYLIGHT
+BEGIN:STANDARD
+DTSTART:20001026T020000
+RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
+TZNAME:EST
+TZOFFSETFROM:-0400
+TZOFFSETTO:-0500
+END:STANDARD
+END:VTIMEZONE
+BEGIN:VEVENT
+DTSTAMP:20051222T205953Z
+CREATED:20060101T150000Z
+DTSTART;TZID=US/Eastern:20060101T100000
+DURATION:PT1H
+SUMMARY:event 3
+UID:event3 at ninevah.local
+ORGANIZER;CN=$username4::$cuaddr4:
+ATTENDEE;CN=$username1:;PARTSTAT=ACCEPTED:$cuaddr1:
+ATTENDEE;CN=$username2:;RSVP=TRUE;PARTSTAT=NEEDS-ACTION:$cuaddr2:
+ATTENDEE;CN=$username3:;PARTSTAT=ACCEPTED:$cuaddr3:
+END:VEVENT
+END:VCALENDAR
Modified: CalDAVTester/trunk/scripts/tests/implicitsecurity.xml
===================================================================
--- CalDAVTester/trunk/scripts/tests/implicitsecurity.xml 2009-05-02 17:53:28 UTC (rev 4140)
+++ CalDAVTester/trunk/scripts/tests/implicitsecurity.xml 2009-05-02 19:02:02 UTC (rev 4141)
@@ -346,7 +346,7 @@
</test>
</test-suite>
- <test-suite name='Prevent ATTENDEE switching ORGANIZER' ignore='no'>
+ <test-suite name='Prevent ATTENDEE switching ORGANIZER via new event' ignore='no'>
<test name='1'>
<description>Organizer invites Attendees</description>
<request print-response='no'>
@@ -569,6 +569,675 @@
</test>
</test-suite>
+ <test-suite name='Prevent ATTENDEE switching ORGANIZER via overwrite' ignore='no'>
+ <test name='1'>
+ <description>Organizer invites Attendees</description>
+ <request print-response='no'>
+ <method>PUT</method>
+ <ruri>$calendarpath1:/1.ics</ruri>
+ <data>
+ <content-type>text/calendar; charset=utf-8</content-type>
+ <filepath>Resource/implicit/security/attendeeswitchorganizer/1.ics</filepath>
+ </data>
+ <verify>
+ <callback>statusCode</callback>
+ </verify>
+ </request>
+ </test>
+ <test name='2'>
+ <description>Organizer checks data</description>
+ <request print-response='no'>
+ <method>GET</method>
+ <ruri>$calendarpath1:/1.ics</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/2.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='3'>
+ <description>Attendee Inbox Item</description>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>PROPFIND</method>
+ <ruri>$inboxpath2:/</ruri>
+ <header>
+ <name>Depth</name>
+ <value>1</value>
+ </header>
+ <data>
+ <content-type>application/xml; charset=utf-8</content-type>
+ <filepath>Resource/implicit/security/attendeeswitchorganizer/3.xml</filepath>
+ </data>
+ <verify>
+ <callback>multistatusItems</callback>
+ <arg>
+ <name>count</name>
+ <value>1</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='4'>
+ <description>Attendee has data</description>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$calendarpath2:/</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/4.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='5'>
+ <description>Attendee deletes Inbox Item</description>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$inboxpath2:/</ruri>
+ <verify>
+ <callback>statusCode</callback>
+ </verify>
+ </request>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>DELETE</method>
+ <ruri>$</ruri>
+ <verify>
+ <callback>statusCode</callback>
+ <arg>
+ <name>status</name>
+ <value>204</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='6'>
+ <description>Attendee Inbox Item</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>PROPFIND</method>
+ <ruri>$inboxpath3:/</ruri>
+ <header>
+ <name>Depth</name>
+ <value>1</value>
+ </header>
+ <data>
+ <content-type>application/xml; charset=utf-8</content-type>
+ <filepath>Resource/implicit/security/attendeeswitchorganizer/3.xml</filepath>
+ </data>
+ <verify>
+ <callback>multistatusItems</callback>
+ <arg>
+ <name>count</name>
+ <value>1</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='7'>
+ <description>Attendee deletes Inbox Item</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$inboxpath3:/</ruri>
+ <verify>
+ <callback>statusCode</callback>
+ </verify>
+ </request>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>DELETE</method>
+ <ruri>$</ruri>
+ <verify>
+ <callback>statusCode</callback>
+ <arg>
+ <name>status</name>
+ <value>204</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='8'>
+ <description>Attendee has data</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$calendarpath3:/</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/4.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='9'>
+ <description>Malicious user tries to change ORGANIZER</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>PUT</method>
+ <ruri>$</ruri>
+ <data>
+ <content-type>text/calendar; charset=utf-8</content-type>
+ <filepath>Resource/implicit/security/attendeeswitchorganizer/5.ics</filepath>
+ </data>
+ <verify>
+ <callback>statusCode</callback>
+ <arg>
+ <name>status</name>
+ <value>403</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='10'>
+ <description>Organizer checks same data</description>
+ <request print-response='no'>
+ <method>GET</method>
+ <ruri>$calendarpath1:/1.ics</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/2.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='11'>
+ <description>Attendee has same data</description>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$calendarpath2:/</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/4.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='12'>
+ <description>Attendee has same data</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$calendarpath3:/</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/4.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='13'>
+ <description>Clean-up</description>
+ <request user="$userid1:" pswd="$pswd1:">
+ <method>DELETEALL</method>
+ <ruri>$calendarpath1:/</ruri>
+ <ruri>$inboxpath1:/</ruri>
+ </request>
+ <request user="$userid2:" pswd="$pswd2:">
+ <method>DELETEALL</method>
+ <ruri>$calendarpath2:/</ruri>
+ <ruri>$inboxpath2:/</ruri>
+ </request>
+ <request user="$userid3:" pswd="$pswd3:">
+ <method>DELETEALL</method>
+ <ruri>$calendarpath3:/</ruri>
+ <ruri>$inboxpath3:/</ruri>
+ </request>
+ </test>
+ </test-suite>
+
+ <test-suite name='Prevent ATTENDEE switching ORGANIZER (someone else - an attendee) via overwrite' ignore='no'>
+ <test name='1'>
+ <description>Organizer invites Attendees</description>
+ <request print-response='no'>
+ <method>PUT</method>
+ <ruri>$calendarpath1:/1.ics</ruri>
+ <data>
+ <content-type>text/calendar; charset=utf-8</content-type>
+ <filepath>Resource/implicit/security/attendeeswitchorganizer/1.ics</filepath>
+ </data>
+ <verify>
+ <callback>statusCode</callback>
+ </verify>
+ </request>
+ </test>
+ <test name='2'>
+ <description>Organizer checks data</description>
+ <request print-response='no'>
+ <method>GET</method>
+ <ruri>$calendarpath1:/1.ics</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/2.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='3'>
+ <description>Attendee Inbox Item</description>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>PROPFIND</method>
+ <ruri>$inboxpath2:/</ruri>
+ <header>
+ <name>Depth</name>
+ <value>1</value>
+ </header>
+ <data>
+ <content-type>application/xml; charset=utf-8</content-type>
+ <filepath>Resource/implicit/security/attendeeswitchorganizer/3.xml</filepath>
+ </data>
+ <verify>
+ <callback>multistatusItems</callback>
+ <arg>
+ <name>count</name>
+ <value>1</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='4'>
+ <description>Attendee has data</description>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$calendarpath2:/</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/4.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='5'>
+ <description>Attendee deletes Inbox Item</description>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$inboxpath2:/</ruri>
+ <verify>
+ <callback>statusCode</callback>
+ </verify>
+ </request>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>DELETE</method>
+ <ruri>$</ruri>
+ <verify>
+ <callback>statusCode</callback>
+ <arg>
+ <name>status</name>
+ <value>204</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='6'>
+ <description>Attendee Inbox Item</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>PROPFIND</method>
+ <ruri>$inboxpath3:/</ruri>
+ <header>
+ <name>Depth</name>
+ <value>1</value>
+ </header>
+ <data>
+ <content-type>application/xml; charset=utf-8</content-type>
+ <filepath>Resource/implicit/security/attendeeswitchorganizer/3.xml</filepath>
+ </data>
+ <verify>
+ <callback>multistatusItems</callback>
+ <arg>
+ <name>count</name>
+ <value>1</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='7'>
+ <description>Attendee deletes Inbox Item</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$inboxpath3:/</ruri>
+ <verify>
+ <callback>statusCode</callback>
+ </verify>
+ </request>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>DELETE</method>
+ <ruri>$</ruri>
+ <verify>
+ <callback>statusCode</callback>
+ <arg>
+ <name>status</name>
+ <value>204</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='8'>
+ <description>Attendee has data</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$calendarpath3:/</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/4.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='9'>
+ <description>Malicious user tries to change ORGANIZER</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>PUT</method>
+ <ruri>$</ruri>
+ <data>
+ <content-type>text/calendar; charset=utf-8</content-type>
+ <filepath>Resource/implicit/security/attendeeswitchorganizer/6.ics</filepath>
+ </data>
+ <verify>
+ <callback>statusCode</callback>
+ <arg>
+ <name>status</name>
+ <value>403</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='10'>
+ <description>Organizer checks same data</description>
+ <request print-response='no'>
+ <method>GET</method>
+ <ruri>$calendarpath1:/1.ics</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/2.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='11'>
+ <description>Attendee has same data</description>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$calendarpath2:/</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/4.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='12'>
+ <description>Attendee has same data</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$calendarpath3:/</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/4.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='13'>
+ <description>Clean-up</description>
+ <request user="$userid1:" pswd="$pswd1:">
+ <method>DELETEALL</method>
+ <ruri>$calendarpath1:/</ruri>
+ <ruri>$inboxpath1:/</ruri>
+ </request>
+ <request user="$userid2:" pswd="$pswd2:">
+ <method>DELETEALL</method>
+ <ruri>$calendarpath2:/</ruri>
+ <ruri>$inboxpath2:/</ruri>
+ </request>
+ <request user="$userid3:" pswd="$pswd3:">
+ <method>DELETEALL</method>
+ <ruri>$calendarpath3:/</ruri>
+ <ruri>$inboxpath3:/</ruri>
+ </request>
+ </test>
+ </test-suite>
+
+ <test-suite name='Prevent ATTENDEE switching ORGANIZER (someone else - not an attendee) via overwrite' ignore='no'>
+ <test name='1'>
+ <description>Organizer invites Attendees</description>
+ <request print-response='no'>
+ <method>PUT</method>
+ <ruri>$calendarpath1:/1.ics</ruri>
+ <data>
+ <content-type>text/calendar; charset=utf-8</content-type>
+ <filepath>Resource/implicit/security/attendeeswitchorganizer/1.ics</filepath>
+ </data>
+ <verify>
+ <callback>statusCode</callback>
+ </verify>
+ </request>
+ </test>
+ <test name='2'>
+ <description>Organizer checks data</description>
+ <request print-response='no'>
+ <method>GET</method>
+ <ruri>$calendarpath1:/1.ics</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/2.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='3'>
+ <description>Attendee Inbox Item</description>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>PROPFIND</method>
+ <ruri>$inboxpath2:/</ruri>
+ <header>
+ <name>Depth</name>
+ <value>1</value>
+ </header>
+ <data>
+ <content-type>application/xml; charset=utf-8</content-type>
+ <filepath>Resource/implicit/security/attendeeswitchorganizer/3.xml</filepath>
+ </data>
+ <verify>
+ <callback>multistatusItems</callback>
+ <arg>
+ <name>count</name>
+ <value>1</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='4'>
+ <description>Attendee has data</description>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$calendarpath2:/</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/4.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='5'>
+ <description>Attendee deletes Inbox Item</description>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$inboxpath2:/</ruri>
+ <verify>
+ <callback>statusCode</callback>
+ </verify>
+ </request>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>DELETE</method>
+ <ruri>$</ruri>
+ <verify>
+ <callback>statusCode</callback>
+ <arg>
+ <name>status</name>
+ <value>204</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='6'>
+ <description>Attendee Inbox Item</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>PROPFIND</method>
+ <ruri>$inboxpath3:/</ruri>
+ <header>
+ <name>Depth</name>
+ <value>1</value>
+ </header>
+ <data>
+ <content-type>application/xml; charset=utf-8</content-type>
+ <filepath>Resource/implicit/security/attendeeswitchorganizer/3.xml</filepath>
+ </data>
+ <verify>
+ <callback>multistatusItems</callback>
+ <arg>
+ <name>count</name>
+ <value>1</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='7'>
+ <description>Attendee deletes Inbox Item</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$inboxpath3:/</ruri>
+ <verify>
+ <callback>statusCode</callback>
+ </verify>
+ </request>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>DELETE</method>
+ <ruri>$</ruri>
+ <verify>
+ <callback>statusCode</callback>
+ <arg>
+ <name>status</name>
+ <value>204</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='8'>
+ <description>Attendee has data</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$calendarpath3:/</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/4.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='9'>
+ <description>Malicious user tries to change ORGANIZER</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>PUT</method>
+ <ruri>$</ruri>
+ <data>
+ <content-type>text/calendar; charset=utf-8</content-type>
+ <filepath>Resource/implicit/security/attendeeswitchorganizer/7.ics</filepath>
+ </data>
+ <verify>
+ <callback>statusCode</callback>
+ <arg>
+ <name>status</name>
+ <value>403</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='10'>
+ <description>Organizer checks same data</description>
+ <request print-response='no'>
+ <method>GET</method>
+ <ruri>$calendarpath1:/1.ics</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/2.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='11'>
+ <description>Attendee has same data</description>
+ <request user="$userid2:" pswd="$pswd2:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$calendarpath2:/</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/4.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='12'>
+ <description>Attendee has same data</description>
+ <request user="$userid3:" pswd="$pswd3:" print-response='no'>
+ <method>GETNEW</method>
+ <ruri>$calendarpath3:/</ruri>
+ <verify>
+ <callback>calendarDataMatch</callback>
+ <arg>
+ <name>filepath</name>
+ <value>Resource/implicit/security/attendeeswitchorganizer/4.ics</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
+ <test name='13'>
+ <description>Clean-up</description>
+ <request user="$userid1:" pswd="$pswd1:">
+ <method>DELETEALL</method>
+ <ruri>$calendarpath1:/</ruri>
+ <ruri>$inboxpath1:/</ruri>
+ </request>
+ <request user="$userid2:" pswd="$pswd2:">
+ <method>DELETEALL</method>
+ <ruri>$calendarpath2:/</ruri>
+ <ruri>$inboxpath2:/</ruri>
+ </request>
+ <request user="$userid3:" pswd="$pswd3:">
+ <method>DELETEALL</method>
+ <ruri>$calendarpath3:/</ruri>
+ <ruri>$inboxpath3:/</ruri>
+ </request>
+ </test>
+ </test-suite>
+
<end/>
</caldavtest>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090502/3919cb6f/attachment-0001.html>
More information about the calendarserver-changes
mailing list