1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
defmodule ConfigTest do
use CouchTestCase
@moduletag :config
@moduledoc """
Test CouchDB config API
This is a port of the config.js suite
"""
setup do
# TODO: switch this to _local when that's landed
config_url = "/_node/node1@127.0.0.1/_config"
resp = Couch.get(config_url)
assert resp.status_code == 200
{:ok, config: resp.body, config_url: config_url}
end
def set_config(context, section, key, val) do
set_config(context, section, key, val, 200)
end
def set_config(context, section, key, val, status_assert) do
url = "#{context[:config_url]}/#{section}/#{key}"
headers = ["X-Couch-Persist": "false"]
resp = Couch.put(url, headers: headers, body: :jiffy.encode(val))
if status_assert do
assert resp.status_code == status_assert
end
resp.body
end
def get_config(context, section) do
get_config(context, section, nil, 200)
end
def get_config(context, section, key) do
get_config(context, section, key, 200)
end
def get_config(context, section, key, status_assert) do
url =
if key do
"#{context[:config_url]}/#{section}/#{key}"
else
"#{context[:config_url]}/#{section}"
end
resp = Couch.get(url)
if status_assert do
assert resp.status_code == status_assert
end
resp.body
end
def delete_config(context, section, key) do
delete_config(context, section, key, 200)
end
def delete_config(context, section, key, status_assert) do
url = "#{context[:config_url]}/#{section}/#{key}"
resp = Couch.delete(url)
if status_assert do
assert resp.status_code == status_assert
end
end
# TODO: port sever_port tests from config.js
@tag :pending
test "CouchDB respects configured protocols"
test "Standard config options are present", context do
assert context[:config]["couchdb"]["database_dir"]
assert context[:config]["log"]["level"]
end
test "Settings can be altered with undefined whitelist allowing any change", context do
refute context["config"]["httpd"]["config_whitelist"], "Default whitelist is empty"
set_config(context, "test", "foo", "bar")
assert get_config(context, "test")["foo"] == "bar"
assert get_config(context, "test", "foo") == "bar"
end
test "Server-side password hashing, and raw updates disabling that", context do
plain_pass = "s3cret"
set_config(context, "admins", "administrator", plain_pass)
assert Couch.login("administrator", plain_pass)
hash_pass = get_config(context, "admins", "administrator")
assert Regex.match?(~r/^-pbkdf2-/, hash_pass) or
Regex.match?(~r/^-hashed-/, hash_pass)
delete_config(context, "admins", "administrator")
assert Couch.delete("/_session").body["ok"]
end
@tag :pending
test "PORT `BUGGED` ?raw tests from config.js"
test "Non-term whitelist values allow further modification of the whitelist", context do
val = "!This is an invalid Erlang term!"
set_config(context, "httpd", "config_whitelist", val)
assert val == get_config(context, "httpd", "config_whitelist")
delete_config(context, "httpd", "config_whitelist")
end
test "Non-list whitelist values allow further modification of the whitelist", context do
val = "{[yes, a_valid_erlang_term, but_unfortunately, not_a_list]}"
set_config(context, "httpd", "config_whitelist", val)
assert val == get_config(context, "httpd", "config_whitelist")
delete_config(context, "httpd", "config_whitelist")
end
test "Keys not in the whitelist may not be modified", context do
val = "[{httpd,config_whitelist}, {test,foo}]"
set_config(context, "httpd", "config_whitelist", val)
assert val == get_config(context, "httpd", "config_whitelist")
set_config(context, "test", "foo", "PUT to whitelisted config variable")
delete_config(context, "test", "foo")
end
test "Non-2-tuples in the whitelist are ignored", context do
val =
"[{httpd,config_whitelist}, these, {are}, {nOt, 2, tuples}, [so], [they, will], [all, become, noops], {test,foo}]"
set_config(context, "httpd", "config_whitelist", val)
assert val == get_config(context, "httpd", "config_whitelist")
set_config(context, "test", "foo", "PUT to whitelisted config variable")
delete_config(context, "test", "foo")
end
test "Atoms, binaries, and strings suffice as whitelist sections and keys.", context do
vals = ["{test,foo}", "{\"test\",\"foo\"}", "{<<\"test\">>,<<\"foo\">>}"]
Enum.each(vals, fn pair ->
set_config(
context,
"httpd",
"config_whitelist",
"[{httpd,config_whitelist}, #{pair}"
)
pair_format =
case String.at(pair, 1) do
"t" -> "tuple"
"\"" -> "string"
"<" -> "binary"
end
set_config(context, "test", "foo", "PUT with #{pair_format}")
delete_config(context, "test", "foo")
end)
delete_config(context, "httpd", "config_whitelist")
end
test "Blacklist is functional", context do
sections = [
"daemons",
"external",
"httpd_design_handlers",
"httpd_db_handlers",
"native_query_servers",
"os_daemons",
"query_servers"
]
Enum.each(sections, fn section ->
set_config(context, section, "wohali", "rules", 403)
end)
end
end
|