Software /
code /
prosody
File
spec/util_http_spec.lua @ 12938:055b03d3059b
util.sasl.oauthbearer: Return username from callback instead using authzid (BC)
RFC 6120 states that
> If the initiating entity does not wish to act on behalf of another
> entity, it MUST NOT provide an authorization identity.
Thus it seems weird to require it here. We can instead expect an
username from the token data passed back from the profile.
This follows the practice of util.sasl.external where the profile
callback returns the selected username, making the authentication module
responsible for extracting the username from the token.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 16 Mar 2023 12:18:23 +0100 |
parent | 10711:d2e4584ba7b3 |
child | 13124:f15e23840780 |
line wrap: on
line source
local http = require "util.http"; describe("util.http", function() describe("#urlencode()", function() it("should not change normal characters", function() assert.are.equal(http.urlencode("helloworld123"), "helloworld123"); end); it("should escape spaces", function() assert.are.equal(http.urlencode("hello world"), "hello%20world"); end); it("should escape important URL characters", function() assert.are.equal(http.urlencode("This & that = something"), "This%20%26%20that%20%3d%20something"); end); end); describe("#urldecode()", function() it("should not change normal characters", function() assert.are.equal("helloworld123", http.urldecode("helloworld123"), "Normal characters not escaped"); end); it("should decode spaces", function() assert.are.equal("hello world", http.urldecode("hello%20world"), "Spaces escaped"); end); it("should decode important URL characters", function() assert.are.equal("This & that = something", http.urldecode("This%20%26%20that%20%3d%20something"), "Important URL chars escaped"); end); it("should decode both lower and uppercase", function () assert.are.equal("This & that = {something}.", http.urldecode("This%20%26%20that%20%3D%20%7Bsomething%7D%2E"), "Important URL chars escaped"); end); end); describe("#formencode()", function() it("should encode basic data", function() assert.are.equal(http.formencode({ { name = "one", value = "1"}, { name = "two", value = "2" } }), "one=1&two=2", "Form encoded"); end); it("should encode special characters with escaping", function() assert.are.equal(http.formencode({ { name = "one two", value = "1"}, { name = "two one&", value = "2" } }), "one+two=1&two+one%26=2", "Form encoded"); end); end); describe("#formdecode()", function() it("should decode basic data", function() local t = http.formdecode("one=1&two=2"); assert.are.same(t, { { name = "one", value = "1" }; { name = "two", value = "2" }; one = "1"; two = "2"; }); end); it("should decode special characters", function() local t = http.formdecode("one+two=1&two+one%26=2"); assert.are.same(t, { { name = "one two", value = "1" }; { name = "two one&", value = "2" }; ["one two"] = "1"; ["two one&"] = "2"; }); end); end); describe("normalize_path", function () it("root path is always '/'", function () assert.equal("/", http.normalize_path("/")); assert.equal("/", http.normalize_path("")); assert.equal("/", http.normalize_path("/", true)); assert.equal("/", http.normalize_path("", true)); end); it("works", function () assert.equal("/foo", http.normalize_path("foo")); assert.equal("/foo", http.normalize_path("/foo")); assert.equal("/foo", http.normalize_path("foo/")); assert.equal("/foo", http.normalize_path("/foo/")); end); it("is_dir works", function () assert.equal("/foo/", http.normalize_path("foo", true)); assert.equal("/foo/", http.normalize_path("/foo", true)); assert.equal("/foo/", http.normalize_path("foo/", true)); assert.equal("/foo/", http.normalize_path("/foo/", true)); end); end); describe("contains_token", function () it("is present in field", function () assert.is_true(http.contains_token("foo", "foo")); assert.is_true(http.contains_token("foo, bar", "foo")); assert.is_true(http.contains_token("foo,bar", "foo")); assert.is_true(http.contains_token("bar, foo,baz", "foo")); end); it("is absent from field", function () assert.is_false(http.contains_token("bar", "foo")); assert.is_false(http.contains_token("fooo", "foo")); assert.is_false(http.contains_token("foo o,bar", "foo")); end); it("is weird", function () assert.is_(http.contains_token("fo o", "foo")); end); end); end);