summaryrefslogtreecommitdiff
path: root/test/javascript/tests/cookie_auth.js
diff options
context:
space:
mode:
Diffstat (limited to 'test/javascript/tests/cookie_auth.js')
-rw-r--r--test/javascript/tests/cookie_auth.js303
1 files changed, 0 insertions, 303 deletions
diff --git a/test/javascript/tests/cookie_auth.js b/test/javascript/tests/cookie_auth.js
deleted file mode 100644
index 2d49ebe1c..000000000
--- a/test/javascript/tests/cookie_auth.js
+++ /dev/null
@@ -1,303 +0,0 @@
-// Licensed under the Apache License, Version 2.0 (the "License"); you may not
-// use this file except in compliance with the License. You may obtain a copy
-// of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations under
-// the License.
-
-couchTests.elixir = true;
-couchTests.cookie_auth = function(debug) {
- // This tests cookie-based authentication.
-
- var db_name = get_random_db_name();
- var db = new CouchDB(db_name, {"X-Couch-Full-Commit":"false"});
- db.createDb();
-
- // used later, needs to be global here
- var users_db_name = '_users';
- var usersDb = new CouchDB(users_db_name, {"X-Couch-Full-Commit":"false"});
- try { usersDb.createDb(); } catch (e) { /* ignore if exists*/ }
-
- if (debug) debugger;
-
- var password = "3.141592653589";
-
- var loginUser = function(username) {
- var pws = {
- jan: "apple",
- "Jason Davies": password,
- jchris: "funnybone"
- };
- var username1 = username.replace(/[0-9]$/, "");
- var password = pws[username];
- //console.log("Logging in '" + username1 + "' with password '" + password + "'");
- T(CouchDB.login(username1, pws[username]).ok);
- };
-
- var open_as = function(db, docId, username) {
- loginUser(username);
- try {
- return db.open(docId, {"anti-cache": Math.round(Math.random() * 100000)});
- } finally {
- CouchDB.logout();
- }
- };
-
- var save_as = function(db, doc, username)
- {
- loginUser(username);
- try {
- return db.save(doc);
- } catch (ex) {
- return ex;
- } finally {
- CouchDB.logout();
- }
- };
-
- // Simple secret key generator
- function generateSecret(length) {
- var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
- var secret = '';
- for (var i=0; i<length; i++) {
- secret += tab.charAt(Math.floor(Math.random() * 64));
- }
- return secret;
- }
-
- // this function will be called on the modified server
- var testFun = function () {
- try {
-
- // test that the users db is born with the auth ddoc
- var ddoc = open_as(usersDb, "_design/_auth", "jan");
- T(ddoc && ddoc.validate_doc_update);
-
- // TODO test that changing the config so an existing db becomes the users db installs the ddoc also
-
- // Create a user
- var jasonUserDoc = CouchDB.prepareUserDoc({
- name: "Jason Davies"
- }, password);
- T(usersDb.save(jasonUserDoc).ok);
-
- var checkDoc = open_as(usersDb, jasonUserDoc._id, "jan");
- TEquals("Jason Davies", checkDoc.name);
-
- var jchrisUserDoc = CouchDB.prepareUserDoc({
- name: "jchris"
- }, "funnybone");
- T(usersDb.save(jchrisUserDoc).ok);
-
- // make sure we cant create duplicate users
- var duplicateJchrisDoc = CouchDB.prepareUserDoc({
- name: "jchris"
- }, "eh, Boo-Boo?");
-
- try {
- usersDb.save(duplicateJchrisDoc);
- T(false && "Can't create duplicate user names. Should have thrown an error.");
- } catch (e) {
- TEquals("conflict", e.error);
- TEquals(409, usersDb.last_req.status);
- }
-
- // we can't create _names
- var underscoreUserDoc = CouchDB.prepareUserDoc({
- name: "_why"
- }, "copperfield");
-
- try {
- usersDb.save(underscoreUserDoc);
- T(false && "Can't create underscore user names. Should have thrown an error.");
- } catch (e) {
- TEquals("forbidden", e.error);
- TEquals(403, usersDb.last_req.status);
- }
-
- // we can't create docs with malformed ids
- var badIdDoc = CouchDB.prepareUserDoc({
- name: "w00x"
- }, "bar");
-
- badIdDoc._id = "org.apache.couchdb:w00x";
-
- try {
- usersDb.save(badIdDoc);
- T(false && "Can't create malformed docids. Should have thrown an error.");
- } catch (e) {
- TEquals("forbidden", e.error);
- TEquals(403, usersDb.last_req.status);
- }
-
- // login works
- T(CouchDB.login('Jason Davies', password).ok);
- TEquals('Jason Davies', CouchDB.session().userCtx.name);
-
- // JSON login works
- var xhr = CouchDB.request("POST", "/_session", {
- headers: {"Content-Type": "application/json"},
- body: JSON.stringify({
- name: 'Jason Davies',
- password: password
- })
- });
-
- T(JSON.parse(xhr.responseText).ok);
- TEquals('Jason Davies', CouchDB.session().userCtx.name);
-
- // update one's own credentials document
- jasonUserDoc.foo=2;
- T(usersDb.save(jasonUserDoc).ok);
- T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1);
- // can't delete another users doc unless you are admin
- try {
- usersDb.deleteDoc(jchrisUserDoc);
- T(false && "Can't delete other users docs. Should have thrown an error.");
- } catch (e) {
- TEquals("not_found", e.error);
- TEquals(404, usersDb.last_req.status);
- }
-
- // TODO should login() throw an exception here?
- T(!CouchDB.login('Jason Davies', "2.71828").ok);
- T(!CouchDB.login('Robert Allen Zimmerman', 'd00d').ok);
-
- // a failed login attempt should log you out
- T(CouchDB.session().userCtx.name != 'Jason Davies');
-
- // test redirect on success
- xhr = CouchDB.request("POST", "/_session?next=/", {
- headers: {"Content-Type": "application/x-www-form-urlencoded"},
- body: "name=Jason%20Davies&password="+encodeURIComponent(password)
- });
- // the browser should transparently follow the redirect and GET the server root (/)
- // see http://dev.w3.org/2006/webapi/XMLHttpRequest/#infrastructure-for-the-send-method
- if (xhr.status == 200) {
- T(/Welcome/.test(xhr.responseText))
- }
-
- // test redirect on fail
- xhr = CouchDB.request("POST", "/_session?fail=/", {
- headers: {"Content-Type": "application/x-www-form-urlencoded"},
- body: "name=Jason%20Davies&password=foobar"
- });
- if (xhr.status == 200) {
- T(/Welcome/.test(xhr.responseText));
- }
-
- // test users db validations
- //
- // test that you can't update docs unless you are logged in as the user (or are admin)
- T(CouchDB.login("jchris", "funnybone").ok);
- T(CouchDB.session().userCtx.name == "jchris");
- T(CouchDB.session().userCtx.roles.length == 0);
-
- jasonUserDoc.foo=3;
-
- try {
- usersDb.save(jasonUserDoc);
- T(false && "Can't update someone else's user doc. Should have thrown an error.");
- } catch (e) {
- T(e.error == "not_found");
- T(usersDb.last_req.status == 404);
- }
-
- // test that you can't edit roles unless you are admin
- jchrisUserDoc.roles = ["foo"];
-
- try {
- usersDb.save(jchrisUserDoc);
- T(false && "Can't set roles unless you are admin. Should have thrown an error.");
- } catch (e) {
- T(e.error == "forbidden");
- T(usersDb.last_req.status == 403);
- }
-
- T(CouchDB.logout().ok);
-
- jchrisUserDoc.foo = ["foo"];
- T(save_as(usersDb, jchrisUserDoc, "jan"));
- wait(5000) // wait for auth cache invalidation
-
- // test that you can't save system (underscore) roles even if you are admin
- jchrisUserDoc.roles = ["_bar"];
-
- var res = save_as(usersDb, jchrisUserDoc, "jan");
- T(res.error == "forbidden");
- T(usersDb.last_req.status == 403);
-
- // make sure the foo role has been applied
- T(CouchDB.login("jchris", "funnybone").ok);
- T(CouchDB.session().userCtx.name == "jchris");
- T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1);
- T(CouchDB.session().userCtx.roles.indexOf("foo") != -1);
-
- // now let's make jchris a server admin
- T(CouchDB.logout().ok);
-
- // set the -hashed- password so the salt matches
- // todo ask on the ML about this
-
- TEquals(true, CouchDB.login("jan", "apple").ok);
- run_on_modified_server([{section: "admins",
- key: "jchris", value: "funnybone"}], function() {
- T(CouchDB.login("jchris", "funnybone").ok);
- T(CouchDB.session().userCtx.name == "jchris");
- T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1);
- // test that jchris still has the foo role
- T(CouchDB.session().userCtx.roles.indexOf("foo") != -1);
-
- // should work even when user doc has no password
- jchrisUserDoc = usersDb.open(jchrisUserDoc._id);
- delete jchrisUserDoc.salt;
- delete jchrisUserDoc.password_sha;
- T(usersDb.save(jchrisUserDoc).ok);
- T(CouchDB.logout().ok);
- T(CouchDB.login("jchris", "funnybone").ok);
- var s = CouchDB.session();
- T(s.userCtx.name == "jchris");
- T(s.userCtx.roles.indexOf("_admin") != -1);
- // test session info
- T(s.info.authenticated == "cookie");
- T(s.info.authentication_db == users_db_name);
- // test that jchris still has the foo role
- T(CouchDB.session().userCtx.roles.indexOf("foo") != -1);
- });
-
- } finally {
- // Make sure we erase any auth cookies so we don't affect other tests
- T(CouchDB.logout().ok);
- }
- // log in one last time so run_on_modified_server can clean up the admin account
- TEquals(true, CouchDB.login("jan", "apple").ok);
- };
-
- // per se, _users is born with a ddoc
- // problem is: the birth seems async and it takes some time till it is there. We do know, however, that it WILL. So: use _changes 2 our advantage
- var users_db_chg = CouchDB.request("GET", users_db_name + "/_changes?feed=longpoll&timeout=5000&filter=_design");
- T(users_db_chg.responseText);
- // now we should be safe
- run_on_modified_server(
- [
- {section: "couch_httpd_auth",
- key: "authentication_db", value: users_db_name},
- {section: "chttpd_auth",
- key: "authentication_db", value: users_db_name},
- {section: "couch_httpd_auth",
- key: "iterations", value: "1"},
- {section: "admins",
- key: "jan", value: "apple"}
- ],
- testFun
- );
-
- // cleanup
- db.deleteDb();
- usersDb.deleteDb();
-};
View Lorry Controller Status