Software / code / prosody
Annotate
spec/net_websocket_frames_spec.lua @ 13843:87dd8639f08f 13.0
mod_invites_register: Stricter validation of registration events
This fixes two problems:
1) Account invites that were created with a specific username were not
in fact restricted to that username.
2) Password reset invites were not restricted to resetting passwords,
but could be used to create an arbitrary new account if the client
or registration frontend (e.g. mod_invites_register_web) doesn't
handle/enforce the username.
This new validation ensures that registrations and resets are always for the
username specified in the invitation.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 10 Apr 2025 16:07:32 +0100 |
| parent | 11166:51e5149ed0ad |
| rev | line source |
|---|---|
|
9660
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 describe("net.websocket.frames", function () |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 local nwf = require "net.websocket.frames"; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local test_frames = { |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 simple_empty = { |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 ["opcode"] = 0; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 ["length"] = 0; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 ["data"] = ""; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 ["FIN"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 ["MASK"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 ["RSV1"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 ["RSV2"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 ["RSV3"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 }; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 simple_data = { |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 ["opcode"] = 0; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 ["length"] = 5; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 ["data"] = "hello"; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 ["FIN"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 ["MASK"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 ["RSV1"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 ["RSV2"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 ["RSV3"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 }; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 simple_fin = { |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 ["opcode"] = 0; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 ["length"] = 0; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 ["data"] = ""; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 ["FIN"] = true; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 ["MASK"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 ["RSV1"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 ["RSV2"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 ["RSV3"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 }; |
|
11162
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
35 with_mask = { |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
36 ["opcode"] = 0; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
37 ["length"] = 5; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
38 ["data"] = "hello"; |
|
11164
4e5a2af9dd19
net.websocket.frames: Use C string XOR implementation
Kim Alvefur <zash@zash.se>
parents:
11162
diff
changeset
|
39 ["key"] = " \0 \0"; |
|
11162
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
40 ["FIN"] = true; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
41 ["MASK"] = true; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
42 ["RSV1"] = false; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
43 ["RSV2"] = false; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
44 ["RSV3"] = false; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
45 }; |
|
11165
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
46 empty_with_mask = { |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
47 ["opcode"] = 0; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
48 ["key"] = " \0 \0"; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
49 ["FIN"] = true; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
50 ["MASK"] = true; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
51 ["RSV1"] = false; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
52 ["RSV2"] = false; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
53 ["RSV3"] = false; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
54 }; |
|
10584
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
55 ping = { |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
56 ["opcode"] = 0x9; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
57 ["length"] = 4; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
58 ["data"] = "ping"; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
59 ["FIN"] = true; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
60 ["MASK"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
61 ["RSV1"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
62 ["RSV2"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
63 ["RSV3"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
64 }; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
65 pong = { |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
66 ["opcode"] = 0xa; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
67 ["length"] = 4; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
68 ["data"] = "pong"; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
69 ["FIN"] = true; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
70 ["MASK"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
71 ["RSV1"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
72 ["RSV2"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
73 ["RSV3"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
74 }; |
|
9660
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 } |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 describe("build", function () |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 local build = nwf.build; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 it("works", function () |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 assert.equal("\0\0", build(test_frames.simple_empty)); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 assert.equal("\0\5hello", build(test_frames.simple_data)); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 assert.equal("\128\0", build(test_frames.simple_fin)); |
|
11162
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
83 assert.equal("\128\133 \0 \0HeLlO", build(test_frames.with_mask)) |
|
11165
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
84 assert.equal("\128\128 \0 \0", build(test_frames.empty_with_mask)) |
|
10584
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
85 assert.equal("\137\4ping", build(test_frames.ping)); |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
86 assert.equal("\138\4pong", build(test_frames.pong)); |
|
9660
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 end); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 end); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 describe("parse", function () |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 local parse = nwf.parse; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 it("works", function () |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 assert.same(test_frames.simple_empty, parse("\0\0")); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 assert.same(test_frames.simple_data, parse("\0\5hello")); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 assert.same(test_frames.simple_fin, parse("\128\0")); |
|
11162
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
96 assert.same(test_frames.with_mask, parse("\128\133 \0 \0HeLlO")); |
|
10584
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
97 assert.same(test_frames.ping, parse("\137\4ping")); |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
98 assert.same(test_frames.pong, parse("\138\4pong")); |
|
9660
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 end); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 end); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
102 end); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 |
