mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-23 00:46:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

tests: timeouts for tests (#4773)

Browse source
This commit is contained in:
John McLear 2021-02-13 19:00:06 +00:00 committed by GitHub
parent f9ec49d7ac
commit e585d321f9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
42 changed files with 368 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

47
src/tests/backend/specs/webaccess.js
View file

@ -6,6 +6,7 @@ const plugins = require('../../../static/js/pluginfw/plugin_defs');
const settings = require('../../../node/utils/Settings');
describe(__filename, function () {
this.timeout(30000);
let agent;
const backups = {};
const authHookNames = ['preAuthorize', 'authenticate', 'authorize'];
@ -42,56 +43,67 @@ describe(__filename, function () {
describe('webaccess: without plugins', function () {
it('!authn !authz anonymous / -> 200', async function () {
this.timeout(150);
settings.requireAuthentication = false;
settings.requireAuthorization = false;
await agent.get('/').expect(200);
});
it('!authn !authz anonymous /admin/ -> 401', async function () {
this.timeout(100);
settings.requireAuthentication = false;
settings.requireAuthorization = false;
await agent.get('/admin/').expect(401);
});
it('authn !authz anonymous / -> 401', async function () {
this.timeout(100);
settings.requireAuthentication = true;
settings.requireAuthorization = false;
await agent.get('/').expect(401);
});
it('authn !authz user / -> 200', async function () {
this.timeout(100);
settings.requireAuthentication = true;
settings.requireAuthorization = false;
await agent.get('/').auth('user', 'user-password').expect(200);
});
it('authn !authz user /admin/ -> 403', async function () {
this.timeout(100);
settings.requireAuthentication = true;
settings.requireAuthorization = false;
await agent.get('/admin/').auth('user', 'user-password').expect(403);
});
it('authn !authz admin / -> 200', async function () {
this.timeout(100);
settings.requireAuthentication = true;
settings.requireAuthorization = false;
await agent.get('/').auth('admin', 'admin-password').expect(200);
});
it('authn !authz admin /admin/ -> 200', async function () {
this.timeout(100);
settings.requireAuthentication = true;
settings.requireAuthorization = false;
await agent.get('/admin/').auth('admin', 'admin-password').expect(200);
});
it('authn authz user / -> 403', async function () {
this.timeout(100);
settings.requireAuthentication = true;
settings.requireAuthorization = true;
await agent.get('/').auth('user', 'user-password').expect(403);
});
it('authn authz user /admin/ -> 403', async function () {
this.timeout(100);
settings.requireAuthentication = true;
settings.requireAuthorization = true;
await agent.get('/admin/').auth('user', 'user-password').expect(403);
});
it('authn authz admin / -> 200', async function () {
this.timeout(100);
settings.requireAuthentication = true;
settings.requireAuthorization = true;
await agent.get('/').auth('admin', 'admin-password').expect(200);
});
it('authn authz admin /admin/ -> 200', async function () {
this.timeout(100);
settings.requireAuthentication = true;
settings.requireAuthorization = true;
await agent.get('/admin/').auth('admin', 'admin-password').expect(200);
@ -105,6 +117,7 @@ describe(__filename, function () {
// parsing, resulting in successful comparisons against a null or undefined password.
for (const creds of ['admin', 'admin:']) {
it(`admin password: ${adminPassword} credentials: ${creds}`, async function () {
this.timeout(100);
settings.users.admin.password = adminPassword;
const encCreds = Buffer.from(creds).toString('base64');
await agent.get('/admin/').set('Authorization', `Basic ${encCreds}`).expect(401);
@ -160,11 +173,13 @@ describe(__filename, function () {
});
it('defers if it returns []', async function () {
this.timeout(100);
await agent.get('/').expect(200);
// Note: The preAuthorize hook always runs even if requireAuthorization is false.
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1']);
});
it('bypasses authenticate and authorize hooks when true is returned', async function () {
this.timeout(100);
settings.requireAuthentication = true;
settings.requireAuthorization = true;
handlers.preAuthorize[0].innerHandle = () => [true];
@ -172,6 +187,7 @@ describe(__filename, function () {
assert.deepEqual(callOrder, ['preAuthorize_0']);
});
it('bypasses authenticate and authorize hooks when false is returned', async function () {
this.timeout(100);
settings.requireAuthentication = true;
settings.requireAuthorization = true;
handlers.preAuthorize[0].innerHandle = () => [false];
@ -179,12 +195,14 @@ describe(__filename, function () {
assert.deepEqual(callOrder, ['preAuthorize_0']);
});
it('bypasses authenticate and authorize hooks for static content, defers', async function () {
this.timeout(100);
settings.requireAuthentication = true;
settings.requireAuthorization = true;
await agent.get('/static/robots.txt').expect(200);
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1']);
});
it('cannot grant access to /admin', async function () {
this.timeout(100);
handlers.preAuthorize[0].innerHandle = () => [true];
await agent.get('/admin/').expect(401);
// Notes:
@ -198,11 +216,13 @@ describe(__filename, function () {
'authenticate_1']);
});
it('can deny access to /admin', async function () {
this.timeout(100);
handlers.preAuthorize[0].innerHandle = () => [false];
await agent.get('/admin/').auth('admin', 'admin-password').expect(403);
assert.deepEqual(callOrder, ['preAuthorize_0']);
});
it('runs preAuthzFailure hook when access is denied', async function () {
this.timeout(100);
handlers.preAuthorize[0].innerHandle = () => [false];
let called = false;
plugins.hooks.preAuthzFailure = [makeHook('preAuthzFailure', (hookName, {req, res}, cb) => {
@ -218,6 +238,7 @@ describe(__filename, function () {
assert(called);
});
it('returns 500 if an exception is thrown', async function () {
this.timeout(100);
handlers.preAuthorize[0].innerHandle = () => { throw new Error('exception test'); };
await agent.get('/').expect(500);
});
@ -230,11 +251,13 @@ describe(__filename, function () {
});
it('is not called if !requireAuthentication and not /admin/*', async function () {
this.timeout(100);
settings.requireAuthentication = false;
await agent.get('/').expect(200);
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1']);
});
it('is called if !requireAuthentication and /admin/*', async function () {
this.timeout(100);
settings.requireAuthentication = false;
await agent.get('/admin/').expect(401);
assert.deepEqual(callOrder, ['preAuthorize_0',
@ -243,6 +266,7 @@ describe(__filename, function () {
'authenticate_1']);
});
it('defers if empty list returned', async function () {
this.timeout(100);
await agent.get('/').expect(401);
assert.deepEqual(callOrder, ['preAuthorize_0',
'preAuthorize_1',
@ -250,18 +274,21 @@ describe(__filename, function () {
'authenticate_1']);
});
it('does not defer if return [true], 200', async function () {
this.timeout(100);
handlers.authenticate[0].innerHandle = (req) => { req.session.user = {}; return [true]; };
await agent.get('/').expect(200);
// Note: authenticate_1 was not called because authenticate_0 handled it.
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1', 'authenticate_0']);
});
it('does not defer if return [false], 401', async function () {
this.timeout(100);
handlers.authenticate[0].innerHandle = (req) => [false];
await agent.get('/').expect(401);
// Note: authenticate_1 was not called because authenticate_0 handled it.
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1', 'authenticate_0']);
});
it('falls back to HTTP basic auth', async function () {
this.timeout(100);
await agent.get('/').auth('user', 'user-password').expect(200);
assert.deepEqual(callOrder, ['preAuthorize_0',
'preAuthorize_1',
@ -269,6 +296,7 @@ describe(__filename, function () {
'authenticate_1']);
});
it('passes settings.users in context', async function () {
this.timeout(100);
handlers.authenticate[0].checkContext = ({users}) => {
assert.equal(users, settings.users);
};
@ -279,6 +307,7 @@ describe(__filename, function () {
'authenticate_1']);
});
it('passes user, password in context if provided', async function () {
this.timeout(100);
handlers.authenticate[0].checkContext = ({username, password}) => {
assert.equal(username, 'user');
assert.equal(password, 'user-password');
@ -290,6 +319,7 @@ describe(__filename, function () {
'authenticate_1']);
});
it('does not pass user, password in context if not provided', async function () {
this.timeout(100);
handlers.authenticate[0].checkContext = ({username, password}) => {
assert(username == null);
assert(password == null);
@ -301,11 +331,13 @@ describe(__filename, function () {
'authenticate_1']);
});
it('errors if req.session.user is not created', async function () {
this.timeout(100);
handlers.authenticate[0].innerHandle = () => [true];
await agent.get('/').expect(500);
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1', 'authenticate_0']);
});
it('returns 500 if an exception is thrown', async function () {
this.timeout(100);
handlers.authenticate[0].innerHandle = () => { throw new Error('exception test'); };
await agent.get('/').expect(500);
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1', 'authenticate_0']);
@ -319,6 +351,7 @@ describe(__filename, function () {
});
it('is not called if !requireAuthorization (non-/admin)', async function () {
this.timeout(100);
settings.requireAuthorization = false;
await agent.get('/').auth('user', 'user-password').expect(200);
assert.deepEqual(callOrder, ['preAuthorize_0',
@ -327,6 +360,7 @@ describe(__filename, function () {
'authenticate_1']);
});
it('is not called if !requireAuthorization (/admin)', async function () {
this.timeout(100);
settings.requireAuthorization = false;
await agent.get('/admin/').auth('admin', 'admin-password').expect(200);
assert.deepEqual(callOrder, ['preAuthorize_0',
@ -335,6 +369,7 @@ describe(__filename, function () {
'authenticate_1']);
});
it('defers if empty list returned', async function () {
this.timeout(100);
await agent.get('/').auth('user', 'user-password').expect(403);
assert.deepEqual(callOrder, ['preAuthorize_0',
'preAuthorize_1',
@ -344,6 +379,7 @@ describe(__filename, function () {
'authorize_1']);
});
it('does not defer if return [true], 200', async function () {
this.timeout(100);
handlers.authorize[0].innerHandle = () => [true];
await agent.get('/').auth('user', 'user-password').expect(200);
// Note: authorize_1 was not called because authorize_0 handled it.
@ -354,6 +390,7 @@ describe(__filename, function () {
'authorize_0']);
});
it('does not defer if return [false], 403', async function () {
this.timeout(100);
handlers.authorize[0].innerHandle = (req) => [false];
await agent.get('/').auth('user', 'user-password').expect(403);
// Note: authorize_1 was not called because authorize_0 handled it.
@ -364,6 +401,7 @@ describe(__filename, function () {
'authorize_0']);
});
it('passes req.path in context', async function () {
this.timeout(100);
handlers.authorize[0].checkContext = ({resource}) => {
assert.equal(resource, '/');
};
@ -376,6 +414,7 @@ describe(__filename, function () {
'authorize_1']);
});
it('returns 500 if an exception is thrown', async function () {
this.timeout(100);
handlers.authorize[0].innerHandle = () => { throw new Error('exception test'); };
await agent.get('/').auth('user', 'user-password').expect(500);
assert.deepEqual(callOrder, ['preAuthorize_0',
@ -422,12 +461,14 @@ describe(__filename, function () {
// authn failure tests
it('authn fail, no hooks handle -> 401', async function () {
this.timeout(100);
await agent.get('/').expect(401);
assert(handlers.authnFailure.called);
assert(!handlers.authzFailure.called);
assert(handlers.authFailure.called);
});
it('authn fail, authnFailure handles', async function () {
this.timeout(100);
handlers.authnFailure.shouldHandle = true;
await agent.get('/').expect(200, 'authnFailure');
assert(handlers.authnFailure.called);
@ -435,6 +476,7 @@ describe(__filename, function () {
assert(!handlers.authFailure.called);
});
it('authn fail, authFailure handles', async function () {
this.timeout(100);
handlers.authFailure.shouldHandle = true;
await agent.get('/').expect(200, 'authFailure');
assert(handlers.authnFailure.called);
@ -442,6 +484,7 @@ describe(__filename, function () {
assert(handlers.authFailure.called);
});
it('authnFailure trumps authFailure', async function () {
this.timeout(100);
handlers.authnFailure.shouldHandle = true;
handlers.authFailure.shouldHandle = true;
await agent.get('/').expect(200, 'authnFailure');
@ -451,12 +494,14 @@ describe(__filename, function () {
// authz failure tests
it('authz fail, no hooks handle -> 403', async function () {
this.timeout(100);
await agent.get('/').auth('user', 'user-password').expect(403);
assert(!handlers.authnFailure.called);
assert(handlers.authzFailure.called);
assert(handlers.authFailure.called);
});
it('authz fail, authzFailure handles', async function () {
this.timeout(100);
handlers.authzFailure.shouldHandle = true;
await agent.get('/').auth('user', 'user-password').expect(200, 'authzFailure');
assert(!handlers.authnFailure.called);
@ -464,6 +509,7 @@ describe(__filename, function () {
assert(!handlers.authFailure.called);
});
it('authz fail, authFailure handles', async function () {
this.timeout(100);
handlers.authFailure.shouldHandle = true;
await agent.get('/').auth('user', 'user-password').expect(200, 'authFailure');
assert(!handlers.authnFailure.called);
@ -471,6 +517,7 @@ describe(__filename, function () {
assert(handlers.authFailure.called);
});
it('authzFailure trumps authFailure', async function () {
this.timeout(100);
handlers.authzFailure.shouldHandle = true;
handlers.authFailure.shouldHandle = true;
await agent.get('/').auth('user', 'user-password').expect(200, 'authzFailure');