Annotate

spec/util_http_spec.lua @ 12659:c0eea4f6c739

usermanager: Add back temporary is_admin to warn about deprecated API usage Goal: Introduce role-auth with minimal disruption is_admin() is unsafe in a system with per-session permissions, so it has been deprecated. Roll-out approach: 1) First, log a warning when is_admin() is used. It should continue to function normally, backed by the new role API. Nothing is really using per-session authz yet, so there is minimal security concern. The 'strict_deprecate_is_admin' global setting can be set to 'true' to force a hard failure of is_admin() attempts (it will log an error and always return false). 2) In some time (at least 1 week), but possibly longer depending on the number of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by default. It can still be disabled for systems that need it. 3) Further in the future, before the next release, the option will be removed and is_admin() will be permanently disabled.
author Matthew Wild <mwild1@gmail.com>
date Mon, 15 Aug 2022 15:25:07 +0100
parent 10711:d2e4584ba7b3
child 13124:f15e23840780
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8236
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
2 local http = require "util.http";
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
3
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
4 describe("util.http", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
5 describe("#urlencode()", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6 it("should not change normal characters", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7 assert.are.equal(http.urlencode("helloworld123"), "helloworld123");
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8 end);
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
9
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
10 it("should escape spaces", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
11 assert.are.equal(http.urlencode("hello world"), "hello%20world");
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
12 end);
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
13
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
14 it("should escape important URL characters", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
15 assert.are.equal(http.urlencode("This & that = something"), "This%20%26%20that%20%3d%20something");
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
16 end);
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17 end);
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19 describe("#urldecode()", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 it("should not change normal characters", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
21 assert.are.equal("helloworld123", http.urldecode("helloworld123"), "Normal characters not escaped");
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 end);
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
24 it("should decode spaces", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
25 assert.are.equal("hello world", http.urldecode("hello%20world"), "Spaces escaped");
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
26 end);
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
27
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
28 it("should decode important URL characters", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
29 assert.are.equal("This & that = something", http.urldecode("This%20%26%20that%20%3d%20something"), "Important URL chars escaped");
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
30 end);
9785
ff88b03c343f util.http: Fix decoding of uppercase URL encoded chars
Kim Alvefur <zash@zash.se>
parents: 9505
diff changeset
31
ff88b03c343f util.http: Fix decoding of uppercase URL encoded chars
Kim Alvefur <zash@zash.se>
parents: 9505
diff changeset
32 it("should decode both lower and uppercase", function ()
ff88b03c343f util.http: Fix decoding of uppercase URL encoded chars
Kim Alvefur <zash@zash.se>
parents: 9505
diff changeset
33 assert.are.equal("This & that = {something}.", http.urldecode("This%20%26%20that%20%3D%20%7Bsomething%7D%2E"), "Important URL chars escaped");
ff88b03c343f util.http: Fix decoding of uppercase URL encoded chars
Kim Alvefur <zash@zash.se>
parents: 9505
diff changeset
34 end);
ff88b03c343f util.http: Fix decoding of uppercase URL encoded chars
Kim Alvefur <zash@zash.se>
parents: 9505
diff changeset
35
8236
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
36 end);
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
37
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
38 describe("#formencode()", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
39 it("should encode basic data", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
40 assert.are.equal(http.formencode({ { name = "one", value = "1"}, { name = "two", value = "2" } }), "one=1&two=2", "Form encoded");
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
41 end);
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
42
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
43 it("should encode special characters with escaping", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
44 assert.are.equal(http.formencode({ { name = "one two", value = "1"}, { name = "two one&", value = "2" } }), "one+two=1&two+one%26=2", "Form encoded");
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
45 end);
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
46 end);
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
47
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
48 describe("#formdecode()", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
49 it("should decode basic data", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
50 local t = http.formdecode("one=1&two=2");
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
51 assert.are.same(t, {
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
52 { name = "one", value = "1" };
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
53 { name = "two", value = "2" };
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
54 one = "1";
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
55 two = "2";
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
56 });
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
57 end);
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
58
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
59 it("should decode special characters", function()
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
60 local t = http.formdecode("one+two=1&two+one%26=2");
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
61 assert.are.same(t, {
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
62 { name = "one two", value = "1" };
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
63 { name = "two one&", value = "2" };
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
64 ["one two"] = "1";
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
65 ["two one&"] = "2";
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
66 });
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
67 end);
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
68 end);
9505
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
69
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
70 describe("normalize_path", function ()
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
71 it("root path is always '/'", function ()
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
72 assert.equal("/", http.normalize_path("/"));
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
73 assert.equal("/", http.normalize_path(""));
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
74 assert.equal("/", http.normalize_path("/", true));
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
75 assert.equal("/", http.normalize_path("", true));
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
76 end);
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
77
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
78 it("works", function ()
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
79 assert.equal("/foo", http.normalize_path("foo"));
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
80 assert.equal("/foo", http.normalize_path("/foo"));
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
81 assert.equal("/foo", http.normalize_path("foo/"));
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
82 assert.equal("/foo", http.normalize_path("/foo/"));
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
83 end);
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
84
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
85 it("is_dir works", function ()
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
86 assert.equal("/foo/", http.normalize_path("foo", true));
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
87 assert.equal("/foo/", http.normalize_path("/foo", true));
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
88 assert.equal("/foo/", http.normalize_path("foo/", true));
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
89 assert.equal("/foo/", http.normalize_path("/foo/", true));
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
90 end);
5203b6fd34d4 util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents: 8236
diff changeset
91 end);
10711
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
92
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
93 describe("contains_token", function ()
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
94 it("is present in field", function ()
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
95 assert.is_true(http.contains_token("foo", "foo"));
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
96 assert.is_true(http.contains_token("foo, bar", "foo"));
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
97 assert.is_true(http.contains_token("foo,bar", "foo"));
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
98 assert.is_true(http.contains_token("bar, foo,baz", "foo"));
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
99 end);
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
100
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
101 it("is absent from field", function ()
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
102 assert.is_false(http.contains_token("bar", "foo"));
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
103 assert.is_false(http.contains_token("fooo", "foo"));
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
104 assert.is_false(http.contains_token("foo o,bar", "foo"));
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
105 end);
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
106
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
107 it("is weird", function ()
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
108 assert.is_(http.contains_token("fo o", "foo"));
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
109 end);
d2e4584ba7b3 spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9785
diff changeset
110 end);
8236
4878e4159e12 Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
111 end);