Software /
code /
prosody
Annotate
spec/util_http_spec.lua @ 12659:c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Goal: Introduce role-auth with minimal disruption
is_admin() is unsafe in a system with per-session permissions, so it has been
deprecated.
Roll-out approach:
1) First, log a warning when is_admin() is used. It should continue to
function normally, backed by the new role API. Nothing is really using
per-session authz yet, so there is minimal security concern.
The 'strict_deprecate_is_admin' global setting can be set to 'true' to
force a hard failure of is_admin() attempts (it will log an error and
always return false).
2) In some time (at least 1 week), but possibly longer depending on the number
of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by
default. It can still be disabled for systems that need it.
3) Further in the future, before the next release, the option will be removed
and is_admin() will be permanently disabled.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 15 Aug 2022 15:25:07 +0100 |
parent | 10711:d2e4584ba7b3 |
child | 13124:f15e23840780 |
rev | line source |
---|---|
8236
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
1 |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
2 local http = require "util.http"; |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
3 |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
4 describe("util.http", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
5 describe("#urlencode()", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
6 it("should not change normal characters", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
7 assert.are.equal(http.urlencode("helloworld123"), "helloworld123"); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
8 end); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
9 |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
10 it("should escape spaces", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
11 assert.are.equal(http.urlencode("hello world"), "hello%20world"); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
12 end); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
13 |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
14 it("should escape important URL characters", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
15 assert.are.equal(http.urlencode("This & that = something"), "This%20%26%20that%20%3d%20something"); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
16 end); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
17 end); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
18 |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
19 describe("#urldecode()", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
20 it("should not change normal characters", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
21 assert.are.equal("helloworld123", http.urldecode("helloworld123"), "Normal characters not escaped"); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
22 end); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
23 |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
24 it("should decode spaces", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
25 assert.are.equal("hello world", http.urldecode("hello%20world"), "Spaces escaped"); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
26 end); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
27 |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
28 it("should decode important URL characters", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
29 assert.are.equal("This & that = something", http.urldecode("This%20%26%20that%20%3d%20something"), "Important URL chars escaped"); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
30 end); |
9785
ff88b03c343f
util.http: Fix decoding of uppercase URL encoded chars
Kim Alvefur <zash@zash.se>
parents:
9505
diff
changeset
|
31 |
ff88b03c343f
util.http: Fix decoding of uppercase URL encoded chars
Kim Alvefur <zash@zash.se>
parents:
9505
diff
changeset
|
32 it("should decode both lower and uppercase", function () |
ff88b03c343f
util.http: Fix decoding of uppercase URL encoded chars
Kim Alvefur <zash@zash.se>
parents:
9505
diff
changeset
|
33 assert.are.equal("This & that = {something}.", http.urldecode("This%20%26%20that%20%3D%20%7Bsomething%7D%2E"), "Important URL chars escaped"); |
ff88b03c343f
util.http: Fix decoding of uppercase URL encoded chars
Kim Alvefur <zash@zash.se>
parents:
9505
diff
changeset
|
34 end); |
ff88b03c343f
util.http: Fix decoding of uppercase URL encoded chars
Kim Alvefur <zash@zash.se>
parents:
9505
diff
changeset
|
35 |
8236
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
36 end); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
37 |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
38 describe("#formencode()", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
39 it("should encode basic data", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
40 assert.are.equal(http.formencode({ { name = "one", value = "1"}, { name = "two", value = "2" } }), "one=1&two=2", "Form encoded"); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
41 end); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
42 |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
43 it("should encode special characters with escaping", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
44 assert.are.equal(http.formencode({ { name = "one two", value = "1"}, { name = "two one&", value = "2" } }), "one+two=1&two+one%26=2", "Form encoded"); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
45 end); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
46 end); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
47 |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
48 describe("#formdecode()", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
49 it("should decode basic data", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
50 local t = http.formdecode("one=1&two=2"); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
51 assert.are.same(t, { |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
52 { name = "one", value = "1" }; |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
53 { name = "two", value = "2" }; |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
54 one = "1"; |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
55 two = "2"; |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
56 }); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
57 end); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
58 |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
59 it("should decode special characters", function() |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
60 local t = http.formdecode("one+two=1&two+one%26=2"); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
61 assert.are.same(t, { |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
62 { name = "one two", value = "1" }; |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
63 { name = "two one&", value = "2" }; |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
64 ["one two"] = "1"; |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
65 ["two one&"] = "2"; |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
66 }); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
67 end); |
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
68 end); |
9505
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
69 |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
70 describe("normalize_path", function () |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
71 it("root path is always '/'", function () |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
72 assert.equal("/", http.normalize_path("/")); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
73 assert.equal("/", http.normalize_path("")); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
74 assert.equal("/", http.normalize_path("/", true)); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
75 assert.equal("/", http.normalize_path("", true)); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
76 end); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
77 |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
78 it("works", function () |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
79 assert.equal("/foo", http.normalize_path("foo")); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
80 assert.equal("/foo", http.normalize_path("/foo")); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
81 assert.equal("/foo", http.normalize_path("foo/")); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
82 assert.equal("/foo", http.normalize_path("/foo/")); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
83 end); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
84 |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
85 it("is_dir works", function () |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
86 assert.equal("/foo/", http.normalize_path("foo", true)); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
87 assert.equal("/foo/", http.normalize_path("/foo", true)); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
88 assert.equal("/foo/", http.normalize_path("foo/", true)); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
89 assert.equal("/foo/", http.normalize_path("/foo/", true)); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
90 end); |
5203b6fd34d4
util.http: Add tests for normalize_path
Kim Alvefur <zash@zash.se>
parents:
8236
diff
changeset
|
91 end); |
10711
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
92 |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
93 describe("contains_token", function () |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
94 it("is present in field", function () |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
95 assert.is_true(http.contains_token("foo", "foo")); |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
96 assert.is_true(http.contains_token("foo, bar", "foo")); |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
97 assert.is_true(http.contains_token("foo,bar", "foo")); |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
98 assert.is_true(http.contains_token("bar, foo,baz", "foo")); |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
99 end); |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
100 |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
101 it("is absent from field", function () |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
102 assert.is_false(http.contains_token("bar", "foo")); |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
103 assert.is_false(http.contains_token("fooo", "foo")); |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
104 assert.is_false(http.contains_token("foo o,bar", "foo")); |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
105 end); |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
106 |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
107 it("is weird", function () |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
108 assert.is_(http.contains_token("fo o", "foo")); |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
109 end); |
d2e4584ba7b3
spec: Add test cases for util.http.contains_token
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
9785
diff
changeset
|
110 end); |
8236
4878e4159e12
Port tests to the `busted` test runner
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
111 end); |