Software / code / prosody
Annotate
spec/util_sasl_spec.lua @ 13792:4ea7bd7325be 13.0
core.portmanager: Restore use of per-host 'ssl' for SNI hosts. Fixes #1915.
This was an unintentional regression, as per-host 'ssl' options became valid
in 0.12 when SNI support was added for direct TLS ports. While we encourage
most people to use the simpler automatic certificate selection (and it seems
most do, given the overlooking of this bug), there are likely always going to
be use cases for manually-configured certificates.
The issue was introduced in commit 7e9ebdc75ce4 which inadvertently removed
the per-host option checking for SNI.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 29 Mar 2025 22:25:19 +0100 |
| parent | 13113:191fe4866e3e |
| rev | line source |
|---|---|
| 10502 | 1 local sasl = require "util.sasl"; |
| 2 | |
| 3 -- profile * mechanism | |
| 4 -- callbacks could use spies instead | |
| 5 | |
| 6 describe("util.sasl", function () | |
| 7 describe("plain_test profile", function () | |
| 8 local profile = { | |
| 9 plain_test = function (_, username, password, realm) | |
| 10 assert.equals("user", username) | |
| 11 assert.equals("pencil", password) | |
| 12 assert.equals("sasl.test", realm) | |
| 13 return true, true; | |
| 14 end; | |
| 15 }; | |
| 16 it("works with PLAIN", function () | |
| 17 local plain = sasl.new("sasl.test", profile); | |
| 18 assert.truthy(plain:select("PLAIN")); | |
| 19 assert.truthy(plain:process("\000user\000pencil")); | |
| 20 assert.equals("user", plain.username); | |
| 21 end); | |
| 22 end); | |
| 23 | |
| 24 describe("plain profile", function () | |
| 25 local profile = { | |
| 26 plain = function (_, username, realm) | |
| 27 assert.equals("user", username) | |
| 28 assert.equals("sasl.test", realm) | |
| 29 return "pencil", true; | |
| 30 end; | |
| 31 }; | |
| 32 | |
| 33 it("works with PLAIN", function () | |
| 34 local plain = sasl.new("sasl.test", profile); | |
| 35 assert.truthy(plain:select("PLAIN")); | |
| 36 assert.truthy(plain:process("\000user\000pencil")); | |
| 37 assert.equals("user", plain.username); | |
| 38 end); | |
| 39 | |
| 40 -- TODO SCRAM | |
| 41 end); | |
|
13113
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
42 |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
43 describe("oauthbearer profile", function() |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
44 local profile = { |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
45 oauthbearer = function(_, token, _realm, _authzid) |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
46 if token == "example-bearer-token" then |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
47 return "user", true, {}; |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
48 else |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
49 return nil, nil, {} |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
50 end |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
51 end; |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
52 } |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
53 |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
54 it("works with OAUTHBEARER", function() |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
55 local bearer = sasl.new("sasl.test", profile); |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
56 |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
57 assert.truthy(bearer:select("OAUTHBEARER")); |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
58 assert.equals("success", bearer:process("n,,\1auth=Bearer example-bearer-token\1\1")); |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
59 assert.equals("user", bearer.username); |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
60 end) |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
61 |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
62 |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
63 it("returns extras with OAUTHBEARER", function() |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
64 local bearer = sasl.new("sasl.test", profile); |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
65 |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
66 assert.truthy(bearer:select("OAUTHBEARER")); |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
67 local status, extra = bearer:process("n,,\1auth=Bearer unknown\1\1"); |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
68 assert.equals("challenge", status); |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
69 assert.equals("{\"status\":\"invalid_token\"}", extra); |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
70 assert.equals("failure", bearer:process("\1")); |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
71 end) |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
72 |
|
191fe4866e3e
util.sasl: Add basic tests for OAUTHBEARER
Kim Alvefur <zash@zash.se>
parents:
10502
diff
changeset
|
73 end) |
| 10502 | 74 end); |
| 75 |
