File

usermanager: Add back temporary is_admin to warn about deprecated API usage Goal: Introduce role-auth with minimal disruption is_admin() is unsafe in a system with per-session permissions, so it has been deprecated. Roll-out approach: 1) First, log a warning when is_admin() is used. It should continue to function normally, backed by the new role API. Nothing is really using per-session authz yet, so there is minimal security concern. The 'strict_deprecate_is_admin' global setting can be set to 'true' to force a hard failure of is_admin() attempts (it will log an error and always return false). 2) In some time (at least 1 week), but possibly longer depending on the number of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by default. It can still be disabled for systems that need it. 3) Further in the future, before the next release, the option will be removed and is_admin() will be permanently disabled.

-- This tests the format, not the randomness

local uuid = require "util.uuid";

describe("util.uuid", function()
	describe("#generate()", function()
		it("should work follow the UUID pattern", function()
			-- https://www.rfc-editor.org/rfc/rfc4122.html#section-4.4

			local pattern = "^" .. table.concat({
				string.rep("%x", 8),
				string.rep("%x", 4),
				"4" .. -- version
				string.rep("%x", 3),
				"[89ab]" .. -- reserved bits of 1 and 0
				string.rep("%x", 3),
				string.rep("%x", 12),
			}, "%-") .. "$";

			for _ = 1, 100 do
				assert.is_string(uuid.generate():match(pattern));
			end
		end);
	end);
end);