diff options
Diffstat (limited to 'test/javascript/tests/cookie_auth.js')
-rw-r--r-- | test/javascript/tests/cookie_auth.js | 303 |
1 files changed, 0 insertions, 303 deletions
diff --git a/test/javascript/tests/cookie_auth.js b/test/javascript/tests/cookie_auth.js deleted file mode 100644 index 2d49ebe1c..000000000 --- a/test/javascript/tests/cookie_auth.js +++ /dev/null @@ -1,303 +0,0 @@ -// Licensed under the Apache License, Version 2.0 (the "License"); you may not -// use this file except in compliance with the License. You may obtain a copy -// of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -// License for the specific language governing permissions and limitations under -// the License. - -couchTests.elixir = true; -couchTests.cookie_auth = function(debug) { - // This tests cookie-based authentication. - - var db_name = get_random_db_name(); - var db = new CouchDB(db_name, {"X-Couch-Full-Commit":"false"}); - db.createDb(); - - // used later, needs to be global here - var users_db_name = '_users'; - var usersDb = new CouchDB(users_db_name, {"X-Couch-Full-Commit":"false"}); - try { usersDb.createDb(); } catch (e) { /* ignore if exists*/ } - - if (debug) debugger; - - var password = "3.141592653589"; - - var loginUser = function(username) { - var pws = { - jan: "apple", - "Jason Davies": password, - jchris: "funnybone" - }; - var username1 = username.replace(/[0-9]$/, ""); - var password = pws[username]; - //console.log("Logging in '" + username1 + "' with password '" + password + "'"); - T(CouchDB.login(username1, pws[username]).ok); - }; - - var open_as = function(db, docId, username) { - loginUser(username); - try { - return db.open(docId, {"anti-cache": Math.round(Math.random() * 100000)}); - } finally { - CouchDB.logout(); - } - }; - - var save_as = function(db, doc, username) - { - loginUser(username); - try { - return db.save(doc); - } catch (ex) { - return ex; - } finally { - CouchDB.logout(); - } - }; - - // Simple secret key generator - function generateSecret(length) { - var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - var secret = ''; - for (var i=0; i<length; i++) { - secret += tab.charAt(Math.floor(Math.random() * 64)); - } - return secret; - } - - // this function will be called on the modified server - var testFun = function () { - try { - - // test that the users db is born with the auth ddoc - var ddoc = open_as(usersDb, "_design/_auth", "jan"); - T(ddoc && ddoc.validate_doc_update); - - // TODO test that changing the config so an existing db becomes the users db installs the ddoc also - - // Create a user - var jasonUserDoc = CouchDB.prepareUserDoc({ - name: "Jason Davies" - }, password); - T(usersDb.save(jasonUserDoc).ok); - - var checkDoc = open_as(usersDb, jasonUserDoc._id, "jan"); - TEquals("Jason Davies", checkDoc.name); - - var jchrisUserDoc = CouchDB.prepareUserDoc({ - name: "jchris" - }, "funnybone"); - T(usersDb.save(jchrisUserDoc).ok); - - // make sure we cant create duplicate users - var duplicateJchrisDoc = CouchDB.prepareUserDoc({ - name: "jchris" - }, "eh, Boo-Boo?"); - - try { - usersDb.save(duplicateJchrisDoc); - T(false && "Can't create duplicate user names. Should have thrown an error."); - } catch (e) { - TEquals("conflict", e.error); - TEquals(409, usersDb.last_req.status); - } - - // we can't create _names - var underscoreUserDoc = CouchDB.prepareUserDoc({ - name: "_why" - }, "copperfield"); - - try { - usersDb.save(underscoreUserDoc); - T(false && "Can't create underscore user names. Should have thrown an error."); - } catch (e) { - TEquals("forbidden", e.error); - TEquals(403, usersDb.last_req.status); - } - - // we can't create docs with malformed ids - var badIdDoc = CouchDB.prepareUserDoc({ - name: "w00x" - }, "bar"); - - badIdDoc._id = "org.apache.couchdb:w00x"; - - try { - usersDb.save(badIdDoc); - T(false && "Can't create malformed docids. Should have thrown an error."); - } catch (e) { - TEquals("forbidden", e.error); - TEquals(403, usersDb.last_req.status); - } - - // login works - T(CouchDB.login('Jason Davies', password).ok); - TEquals('Jason Davies', CouchDB.session().userCtx.name); - - // JSON login works - var xhr = CouchDB.request("POST", "/_session", { - headers: {"Content-Type": "application/json"}, - body: JSON.stringify({ - name: 'Jason Davies', - password: password - }) - }); - - T(JSON.parse(xhr.responseText).ok); - TEquals('Jason Davies', CouchDB.session().userCtx.name); - - // update one's own credentials document - jasonUserDoc.foo=2; - T(usersDb.save(jasonUserDoc).ok); - T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1); - // can't delete another users doc unless you are admin - try { - usersDb.deleteDoc(jchrisUserDoc); - T(false && "Can't delete other users docs. Should have thrown an error."); - } catch (e) { - TEquals("not_found", e.error); - TEquals(404, usersDb.last_req.status); - } - - // TODO should login() throw an exception here? - T(!CouchDB.login('Jason Davies', "2.71828").ok); - T(!CouchDB.login('Robert Allen Zimmerman', 'd00d').ok); - - // a failed login attempt should log you out - T(CouchDB.session().userCtx.name != 'Jason Davies'); - - // test redirect on success - xhr = CouchDB.request("POST", "/_session?next=/", { - headers: {"Content-Type": "application/x-www-form-urlencoded"}, - body: "name=Jason%20Davies&password="+encodeURIComponent(password) - }); - // the browser should transparently follow the redirect and GET the server root (/) - // see http://dev.w3.org/2006/webapi/XMLHttpRequest/#infrastructure-for-the-send-method - if (xhr.status == 200) { - T(/Welcome/.test(xhr.responseText)) - } - - // test redirect on fail - xhr = CouchDB.request("POST", "/_session?fail=/", { - headers: {"Content-Type": "application/x-www-form-urlencoded"}, - body: "name=Jason%20Davies&password=foobar" - }); - if (xhr.status == 200) { - T(/Welcome/.test(xhr.responseText)); - } - - // test users db validations - // - // test that you can't update docs unless you are logged in as the user (or are admin) - T(CouchDB.login("jchris", "funnybone").ok); - T(CouchDB.session().userCtx.name == "jchris"); - T(CouchDB.session().userCtx.roles.length == 0); - - jasonUserDoc.foo=3; - - try { - usersDb.save(jasonUserDoc); - T(false && "Can't update someone else's user doc. Should have thrown an error."); - } catch (e) { - T(e.error == "not_found"); - T(usersDb.last_req.status == 404); - } - - // test that you can't edit roles unless you are admin - jchrisUserDoc.roles = ["foo"]; - - try { - usersDb.save(jchrisUserDoc); - T(false && "Can't set roles unless you are admin. Should have thrown an error."); - } catch (e) { - T(e.error == "forbidden"); - T(usersDb.last_req.status == 403); - } - - T(CouchDB.logout().ok); - - jchrisUserDoc.foo = ["foo"]; - T(save_as(usersDb, jchrisUserDoc, "jan")); - wait(5000) // wait for auth cache invalidation - - // test that you can't save system (underscore) roles even if you are admin - jchrisUserDoc.roles = ["_bar"]; - - var res = save_as(usersDb, jchrisUserDoc, "jan"); - T(res.error == "forbidden"); - T(usersDb.last_req.status == 403); - - // make sure the foo role has been applied - T(CouchDB.login("jchris", "funnybone").ok); - T(CouchDB.session().userCtx.name == "jchris"); - T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1); - T(CouchDB.session().userCtx.roles.indexOf("foo") != -1); - - // now let's make jchris a server admin - T(CouchDB.logout().ok); - - // set the -hashed- password so the salt matches - // todo ask on the ML about this - - TEquals(true, CouchDB.login("jan", "apple").ok); - run_on_modified_server([{section: "admins", - key: "jchris", value: "funnybone"}], function() { - T(CouchDB.login("jchris", "funnybone").ok); - T(CouchDB.session().userCtx.name == "jchris"); - T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1); - // test that jchris still has the foo role - T(CouchDB.session().userCtx.roles.indexOf("foo") != -1); - - // should work even when user doc has no password - jchrisUserDoc = usersDb.open(jchrisUserDoc._id); - delete jchrisUserDoc.salt; - delete jchrisUserDoc.password_sha; - T(usersDb.save(jchrisUserDoc).ok); - T(CouchDB.logout().ok); - T(CouchDB.login("jchris", "funnybone").ok); - var s = CouchDB.session(); - T(s.userCtx.name == "jchris"); - T(s.userCtx.roles.indexOf("_admin") != -1); - // test session info - T(s.info.authenticated == "cookie"); - T(s.info.authentication_db == users_db_name); - // test that jchris still has the foo role - T(CouchDB.session().userCtx.roles.indexOf("foo") != -1); - }); - - } finally { - // Make sure we erase any auth cookies so we don't affect other tests - T(CouchDB.logout().ok); - } - // log in one last time so run_on_modified_server can clean up the admin account - TEquals(true, CouchDB.login("jan", "apple").ok); - }; - - // per se, _users is born with a ddoc - // problem is: the birth seems async and it takes some time till it is there. We do know, however, that it WILL. So: use _changes 2 our advantage - var users_db_chg = CouchDB.request("GET", users_db_name + "/_changes?feed=longpoll&timeout=5000&filter=_design"); - T(users_db_chg.responseText); - // now we should be safe - run_on_modified_server( - [ - {section: "couch_httpd_auth", - key: "authentication_db", value: users_db_name}, - {section: "chttpd_auth", - key: "authentication_db", value: users_db_name}, - {section: "couch_httpd_auth", - key: "iterations", value: "1"}, - {section: "admins", - key: "jan", value: "apple"} - ], - testFun - ); - - // cleanup - db.deleteDb(); - usersDb.deleteDb(); -}; |