prosody
7ca5645f46cd
spec/util_xml_spec.lua
Software / code / prosody
File
spec/util_xml_spec.lua @ 12658:7ca5645f46cd
usermanager: Remove concept of global authz provider
Rationale:
- Removes a bunch of code!
- We don't have many cases where an actor is not bound to one of our hosts
- A notable exception is the admin shell, but if we ever attempt to lock those
sessions down, there is a load of other work that also has to be done. And
it's not clear if we would need a global authz provider for that anyway.
- Removes an extra edge case from the necessary mental model for operators
- Sessions that aren't bound to a host generally are anonymous or have an
alternative auth model (such as by IP addres).
- With the encapsulation now provided by util.roles, ad-hoc "detached roles"
can still be created anyway by code that needs them.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 12 Aug 2022 16:21:57 +0100 |
| parent | 12270:c78639ee6ccb |
line wrap: on
line source
local xml = require "util.xml"; describe("util.xml", function() describe("#parse()", function() it("should work", function() local x = [[<x xmlns:a="b"> <y xmlns:a="c"> <!-- this overwrites 'a' --> <a:z/> </y> <a:z/> <!-- prefix 'a' is nil here, but should be 'b' --> </x> ]] local stanza = xml.parse(x, {allow_comments = true}); assert.are.equal(stanza.tags[2].attr.xmlns, "b"); assert.are.equal(stanza.tags[2].namespaces["a"], "b"); end); it("should reject doctypes", function() local x = "<!DOCTYPE foo []><foo/>"; local ok = xml.parse(x); assert.falsy(ok); end); it("should reject comments by default", function() local x = "<foo><!-- foo --></foo>"; local ok = xml.parse(x); assert.falsy(ok); end); it("should allow comments if asked nicely", function() local x = "<foo><!-- foo --></foo>"; local stanza = xml.parse(x, {allow_comments = true}); assert.are.equal(stanza.name, "foo"); assert.are.equal(#stanza, 0); end); it("should reject processing instructions", function() local x = "<foo><?php die(); ?></foo>"; local ok = xml.parse(x); assert.falsy(ok); end); it("should allow processing instructions if asked nicely", function() local x = "<?xml-stylesheet href='make-fancy.xsl'?><foo/>"; local stanza = xml.parse(x, {allow_processing_instructions = true}); assert.truthy(stanza); assert.are.equal(stanza.name, "foo"); end); it("should allow an xml declaration", function() local x = "<?xml version='1.0'?><foo/>"; local stanza = xml.parse(x); assert.truthy(stanza); assert.are.equal(stanza.name, "foo"); end); end); end);
