prosody
c0eea4f6c739
spec/util_http_spec.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

spec/util_http_spec.lua @ 12659:c0eea4f6c739

usermanager: Add back temporary is_admin to warn about deprecated API usage Goal: Introduce role-auth with minimal disruption is_admin() is unsafe in a system with per-session permissions, so it has been deprecated. Roll-out approach: 1) First, log a warning when is_admin() is used. It should continue to function normally, backed by the new role API. Nothing is really using per-session authz yet, so there is minimal security concern. The 'strict_deprecate_is_admin' global setting can be set to 'true' to force a hard failure of is_admin() attempts (it will log an error and always return false). 2) In some time (at least 1 week), but possibly longer depending on the number of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by default. It can still be disabled for systems that need it. 3) Further in the future, before the next release, the option will be removed and is_admin() will be permanently disabled.
author Matthew Wild <mwild1@gmail.com>
date Mon, 15 Aug 2022 15:25:07 +0100
parent 10711:d2e4584ba7b3
child 13124:f15e23840780
line wrap: on
line source


local http = require "util.http";

describe("util.http", function()
	describe("#urlencode()", function()
		it("should not change normal characters", function()
			assert.are.equal(http.urlencode("helloworld123"), "helloworld123");
		end);

		it("should escape spaces", function()
			assert.are.equal(http.urlencode("hello world"), "hello%20world");
		end);

		it("should escape important URL characters", function()
			assert.are.equal(http.urlencode("This & that = something"), "This%20%26%20that%20%3d%20something");
		end);
	end);

	describe("#urldecode()", function()
		it("should not change normal characters", function()
			assert.are.equal("helloworld123", http.urldecode("helloworld123"), "Normal characters not escaped");
		end);

		it("should decode spaces", function()
			assert.are.equal("hello world", http.urldecode("hello%20world"), "Spaces escaped");
		end);

		it("should decode important URL characters", function()
			assert.are.equal("This & that = something", http.urldecode("This%20%26%20that%20%3d%20something"), "Important URL chars escaped");
		end);

		it("should decode both lower and uppercase", function ()
			assert.are.equal("This & that = {something}.", http.urldecode("This%20%26%20that%20%3D%20%7Bsomething%7D%2E"), "Important URL chars escaped");
		end);

	end);

	describe("#formencode()", function()
		it("should encode basic data", function()
			assert.are.equal(http.formencode({ { name = "one", value = "1"}, { name = "two", value = "2" } }), "one=1&two=2", "Form encoded");
		end);

		it("should encode special characters with escaping", function()
			assert.are.equal(http.formencode({ { name = "one two", value = "1"}, { name = "two one&", value = "2" } }), "one+two=1&two+one%26=2", "Form encoded");
		end);
	end);

	describe("#formdecode()", function()
		it("should decode basic data", function()
			local t = http.formdecode("one=1&two=2");
			assert.are.same(t, {
				{ name = "one", value = "1" };
				{ name = "two", value = "2" };
				one = "1";
				two = "2";
			});
		end);

		it("should decode special characters", function()
			local t = http.formdecode("one+two=1&two+one%26=2");
			assert.are.same(t, {
				{ name = "one two", value = "1" };
				{ name = "two one&", value = "2" };
				["one two"] = "1";
				["two one&"] = "2";
			});
		end);
	end);

	describe("normalize_path", function ()
		it("root path is always '/'", function ()
			assert.equal("/", http.normalize_path("/"));
			assert.equal("/", http.normalize_path(""));
			assert.equal("/", http.normalize_path("/", true));
			assert.equal("/", http.normalize_path("", true));
		end);

		it("works", function ()
			assert.equal("/foo", http.normalize_path("foo"));
			assert.equal("/foo", http.normalize_path("/foo"));
			assert.equal("/foo", http.normalize_path("foo/"));
			assert.equal("/foo", http.normalize_path("/foo/"));
		end);

		it("is_dir works", function ()
			assert.equal("/foo/", http.normalize_path("foo", true));
			assert.equal("/foo/", http.normalize_path("/foo", true));
			assert.equal("/foo/", http.normalize_path("foo/", true));
			assert.equal("/foo/", http.normalize_path("/foo/", true));
		end);
	end);

	describe("contains_token", function ()
		it("is present in field", function ()
			assert.is_true(http.contains_token("foo", "foo"));
			assert.is_true(http.contains_token("foo, bar", "foo"));
			assert.is_true(http.contains_token("foo,bar", "foo"));
			assert.is_true(http.contains_token("bar,  foo,baz", "foo"));
		end);

		it("is absent from field", function ()
			assert.is_false(http.contains_token("bar", "foo"));
			assert.is_false(http.contains_token("fooo", "foo"));
			assert.is_false(http.contains_token("foo o,bar", "foo"));
		end);

		it("is weird", function ()
			assert.is_(http.contains_token("fo o", "foo"));
		end);
	end);
end);