mirror of
https://github.com/jech/galene.git
synced 2024-11-10 02:35:58 +01:00
d887a216f0
The "users" entry is now a dictionary mapping user names to passwords and permissions. In order to allow for wildcards, there is a new type of password, the wildcard password, and an extra array called "fallback-users". The field "allow-anonymous" no longer exists, this is now the default behaviour. The field "allow-subgroups" has been renamed to "auto-subgroups". We provide backwards compatibility for group definition files, but not for the config.json file, where the old "admin" array is simply ignored.
260 lines
5.5 KiB
Go
260 lines
5.5 KiB
Go
package webserver
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"encoding/json"
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/pion/webrtc/v3"
|
|
|
|
"github.com/jech/galene/group"
|
|
)
|
|
|
|
func TestParseGroupName(t *testing.T) {
|
|
a := []struct{ p, g string }{
|
|
{"", ""},
|
|
{"/foo", ""},
|
|
{"foo", ""},
|
|
{"group/foo", ""},
|
|
{"/group", ""},
|
|
{"/group/..", ""},
|
|
{"/group/foo/../bar", "bar"},
|
|
{"/group/foo", "foo"},
|
|
{"/group/foo/", "foo"},
|
|
{"/group/foo/bar", "foo/bar"},
|
|
{"/group/foo/bar/", "foo/bar"},
|
|
}
|
|
|
|
for _, pg := range a {
|
|
g := parseGroupName("/group/", pg.p)
|
|
if g != pg.g {
|
|
t.Errorf("Path %v, got %v, expected %v",
|
|
pg.p, g, pg.g)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestBase(t *testing.T) {
|
|
a := []struct {
|
|
p string
|
|
t bool
|
|
h, res string
|
|
}{
|
|
{"", true, "a.org", "https://a.org"},
|
|
{"", false, "a.org", "http://a.org"},
|
|
{"/base", true, "a.org", "https://a.org/base"},
|
|
{"/base", false, "a.org", "http://a.org/base"},
|
|
{"http:", true, "a.org", "http://a.org"},
|
|
{"https:", false, "a.org", "https://a.org"},
|
|
{"http:/base", true, "a.org", "http://a.org/base"},
|
|
{"https:/base", false, "a.org", "https://a.org/base"},
|
|
{"https://b.org", true, "a.org", "https://b.org"},
|
|
{"https://b.org", false, "a.org", "https://b.org"},
|
|
{"http://b.org", true, "a.org", "http://b.org"},
|
|
{"http://b.org", false, "a.org", "http://b.org"},
|
|
}
|
|
|
|
dir := t.TempDir()
|
|
group.DataDirectory = dir
|
|
|
|
for _, v := range a {
|
|
conf := group.Configuration{
|
|
ProxyURL: v.p,
|
|
}
|
|
c, err := json.Marshal(conf)
|
|
if err != nil {
|
|
t.Errorf("Marshal: %v", err)
|
|
continue
|
|
}
|
|
err = os.WriteFile(
|
|
filepath.Join(dir, "config.json"),
|
|
c,
|
|
0600,
|
|
)
|
|
if err != nil {
|
|
t.Errorf("Write: %v", err)
|
|
continue
|
|
}
|
|
var tcs *tls.ConnectionState
|
|
if v.t {
|
|
tcs = &tls.ConnectionState{}
|
|
}
|
|
base, err := baseURL(&http.Request{
|
|
TLS: tcs,
|
|
Host: v.h,
|
|
})
|
|
if err != nil || base.String() != v.res {
|
|
t.Errorf("Expected %v, got %v (%v)",
|
|
v.res, base.String(), err,
|
|
)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestParseSplit(t *testing.T) {
|
|
a := []struct{ p, a, b, c string }{
|
|
{"", "", "", ""},
|
|
{"/a", "/a", "", ""},
|
|
{"/a/.b", "/a", ".b", ""},
|
|
{"/a/.b/", "/a", ".b", "/"},
|
|
{"/a/.b/c", "/a", ".b", "/c"},
|
|
{"/a/.b/c/", "/a", ".b", "/c/"},
|
|
{"/a/.b/c/d", "/a", ".b", "/c/d"},
|
|
{"/a/.b/c/d/", "/a", ".b", "/c/d/"},
|
|
{"/a/.b/c/d./", "/a", ".b", "/c/d./"},
|
|
}
|
|
|
|
for _, pabc := range a {
|
|
a, b, c := splitPath(pabc.p)
|
|
if pabc.a != a || pabc.b != b || pabc.c != c {
|
|
t.Errorf("Path %v, got %v, %v, %v, expected %v, %v, %v",
|
|
pabc.p, a, b, c, pabc.a, pabc.b, pabc.c,
|
|
)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestParseBearerToken(t *testing.T) {
|
|
a := []struct{ a, b string }{
|
|
{"", ""},
|
|
{"foo", ""},
|
|
{"foo bar", ""},
|
|
{" foo bar", ""},
|
|
{"foo bar ", ""},
|
|
{"Bearer", ""},
|
|
{"Bearer ", ""},
|
|
{"Bearer foo", "foo"},
|
|
{"bearer foo", "foo"},
|
|
{" Bearer foo", "foo"},
|
|
{"Bearer foo ", "foo"},
|
|
{" Bearer foo ", "foo"},
|
|
{"Bearer foo bar", ""},
|
|
}
|
|
|
|
for _, ab := range a {
|
|
b := parseBearerToken(ab.a)
|
|
if b != ab.b {
|
|
t.Errorf("Bearer token %v, got %v, expected %v",
|
|
ab.a, b, ab.b,
|
|
)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestFormatICEServer(t *testing.T) {
|
|
a := []struct {
|
|
s webrtc.ICEServer
|
|
v string
|
|
}{
|
|
{
|
|
webrtc.ICEServer{
|
|
URLs: []string{"stun:stun.example.org:3478"},
|
|
}, "<stun:stun.example.org:3478>; rel=\"ice-server\"",
|
|
},
|
|
{
|
|
webrtc.ICEServer{
|
|
URLs: []string{"turn:turn.example.org:3478"},
|
|
Username: "toto",
|
|
Credential: "titi",
|
|
CredentialType: webrtc.ICECredentialTypePassword,
|
|
}, "<turn:turn.example.org:3478>; rel=\"ice-server\"; " +
|
|
"username=\"toto\"; credential=\"titi\"; " +
|
|
"credential-type=\"password\"",
|
|
},
|
|
{
|
|
webrtc.ICEServer{
|
|
URLs: []string{"turns:turn.example.org:5349"},
|
|
Username: "toto",
|
|
Credential: "titi",
|
|
CredentialType: webrtc.ICECredentialTypePassword,
|
|
}, "<turns:turn.example.org:5349>; rel=\"ice-server\"; " +
|
|
"username=\"toto\"; credential=\"titi\"; " +
|
|
"credential-type=\"password\"",
|
|
},
|
|
{
|
|
webrtc.ICEServer{
|
|
URLs: []string{"https://stun.example.org"},
|
|
}, "",
|
|
},
|
|
}
|
|
|
|
for _, sv := range a {
|
|
t.Run(sv.s.URLs[0], func(t *testing.T) {
|
|
v := formatICEServer(sv.s, sv.s.URLs[0])
|
|
if v != sv.v {
|
|
t.Errorf("Got %v, expected %v", v, sv.v)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestMatchAdmin(t *testing.T) {
|
|
d := t.TempDir()
|
|
group.DataDirectory = d
|
|
|
|
filename := filepath.Join(d, "config.json")
|
|
f, err := os.Create(filename)
|
|
if err != nil {
|
|
t.Fatalf("Create %v: %v", filename, err)
|
|
}
|
|
f.Write([]byte(`{
|
|
"users": {
|
|
"root": {"password": "pwd", "permissions": "admin"},
|
|
"notroot": {"password": "pwd"}
|
|
}
|
|
}`))
|
|
f.Close()
|
|
|
|
ok, err := adminMatch("jch", "pwd")
|
|
if ok || err != nil {
|
|
t.Errorf("jch: %v %v", ok, err)
|
|
}
|
|
|
|
ok, err = adminMatch("root", "pwd")
|
|
if !ok || err != nil {
|
|
t.Errorf("root: %v %v", ok, err)
|
|
}
|
|
|
|
ok, err = adminMatch("root", "notpwd")
|
|
if ok || err != nil {
|
|
t.Errorf("root: %v %v", ok, err)
|
|
}
|
|
|
|
ok, err = adminMatch("root", "")
|
|
if ok || err != nil {
|
|
t.Errorf("root: %v %v", ok, err)
|
|
}
|
|
|
|
ok, err = adminMatch("notroot", "pwd")
|
|
if ok || err != nil {
|
|
t.Errorf("notroot: %v %v", ok, err)
|
|
}
|
|
|
|
ok, err = adminMatch("notroot", "notpwd")
|
|
if ok || err != nil {
|
|
t.Errorf("notroot: %v %v", ok, err)
|
|
}
|
|
}
|
|
|
|
func TestObfuscate(t *testing.T) {
|
|
id := newId()
|
|
obfuscated, err := obfuscate(id)
|
|
if err != nil {
|
|
t.Fatalf("obfuscate: %v", err)
|
|
}
|
|
id2, err := deobfuscate(obfuscated)
|
|
if err != nil {
|
|
t.Fatalf("deobfuscate: %v", err)
|
|
}
|
|
if id != id2 {
|
|
t.Errorf("not equal: %v, %v", id, id2)
|
|
}
|
|
|
|
_, err = obfuscate("toto")
|
|
if err == nil {
|
|
t.Errorf("obfuscate: no errror")
|
|
}
|
|
}
|