couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From beno...@apache.org
Subject git commit: fix user_db_security tests.
Date Sat, 07 Jan 2012 10:09:48 GMT
Updated Branches:
  refs/heads/1.2.x 4f2a0794a -> 157db510b


fix user_db_security tests.

spotted by Jason Smith, thanks!


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/157db510
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/157db510
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/157db510

Branch: refs/heads/1.2.x
Commit: 157db510b7832a2fc6c262b6072cc2915950959b
Parents: 4f2a079
Author: benoitc <benoitc@apache.org>
Authored: Sat Jan 7 11:09:14 2012 +0100
Committer: benoitc <benoitc@apache.org>
Committed: Sat Jan 7 11:09:14 2012 +0100

----------------------------------------------------------------------
 share/www/script/test/users_db_security.js |  170 +----------------------
 1 files changed, 5 insertions(+), 165 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/157db510/share/www/script/test/users_db_security.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/users_db_security.js b/share/www/script/test/users_db_security.js
index 811ea7f..b3968b1 100644
--- a/share/www/script/test/users_db_security.js
+++ b/share/www/script/test/users_db_security.js
@@ -63,52 +63,6 @@ couchTests.users_db_security = function(debug) {
   {
     usersDb.deleteDb();
 
-	if (debug) debugger;
-
-    var loginUser = function(username) {
-    var pws = {
-      jan: "apple",
-      jchris: "mp3",
-      jchris1: "couch",
-      fdmanana: "foobar"
-    var username1 = username.replace(/[0-9]$/, "");
-    var password = pws[username];
-    //console.log("Logging in '" + username1 + "' with password '" + password + "'");
-    T(CouchDB.login(username1, pws[username]).ok);
-  };
-
-  var open_as = function(db, docId, username) {
-    loginUser(username);
-    try {
-      return db.open(docId, {"anti-cache": Math.round(Math.random() * 100000)});
-    } finally {
-      CouchDB.logout();
-    }
-  };
-
-  var view_as = function(db, viewname, username) {
-    loginUser(username);
-    try {
-      return db.view(viewname);
-    } finally {
-      CouchDB.logout();
-    }
-  };
-
-  var save_as = function(db, doc, username)
-  {
-    loginUser(username);
-    try {
-      return db.save(doc);
-    } catch (ex) {
-      return ex;
-    } finally {
-      CouchDB.logout();
-    }
-  };
-
-  var testFun = function()
-  {
     // _users db
     // a doc with a field 'password' should be hashed to 'password_sha'
     //  with salt and salt stored in 'salt', 'password' is set to null.
@@ -181,7 +135,7 @@ couchTests.users_db_security = function(debug) {
         "should not_found opening another user's user doc");
 
 
-      // save a db admin
+      // save a db amin 
       var benoitcDoc = {
         _id: "org.couchdb.user:benoitc",
         type: "user",
@@ -228,6 +182,7 @@ couchTests.users_db_security = function(debug) {
       var result = view_as(usersDb, "user_db_auth/test", "benoitc");
       TEquals(3, result.total_rows, "should allow access and list two users to db admin");
 
+
       // non-admins can't read design docs
       try {
         open_as(usersDb, "_design/user_db_auth", "jchris1");
@@ -236,12 +191,14 @@ couchTests.users_db_security = function(debug) {
         TEquals("forbidden", e.error, "non-admins can't read design docs");
       }
 
+      console.log(fdmananaDoc);
       // admin should be able to read and edit any user doc
       fdmananaDoc.password = "mobile";
       var result = save_as(usersDb, fdmananaDoc, "jan");
       TEquals(true, result.ok, "admin should be able to update any user doc");
 
-      // db admin should be able to read and edit any user doc
+      console.log(fdmananaDoc);
+      // admin should be able to read and edit any user doc
       fdmananaDoc.password = "mobile1";
       var result = save_as(usersDb, fdmananaDoc, "benoitc");
       TEquals(true, result.ok, "db admin by role should be able to update any user doc");
@@ -268,123 +225,6 @@ couchTests.users_db_security = function(debug) {
       // log in one last time so run_on_modified_server can clean up the admin account
       TEquals(true, CouchDB.login("jan", "apple").ok);
     });
-
-    userDoc = usersDb.open("org.couchdb.user:jchris");
-    TEquals(undefined, userDoc.password, "password field should be null 1");
-    TEquals(40, userDoc.password_sha.length, "password_sha should exist");
-    TEquals(32, userDoc.salt.length, "salt should exist");
-
-    // create server admin
-    run_on_modified_server([
-        {
-          section: "admins",
-          key: "jan",
-          value: "apple"
-        }
-      ], function() {
-
-      // anonymous should not be able to read an existing user's user document
-      var res = usersDb.open("org.couchdb.user:jchris");
-      TEquals(null, res, "anonymous user doc read should be not found");
-
-      // user should be able to read their own document
-
-      var jchrisDoc = open_as(usersDb, "org.couchdb.user:jchris", "jchris");
-      TEquals("org.couchdb.user:jchris", jchrisDoc._id);
-
-      // user should bt able to update their own document
-      // new 'password' fields should trigger new hashing routine
-      jchrisDoc.password = "couch";
-
-      TEquals(true, save_as(usersDb, jchrisDoc, "jchris").ok);
-      var jchrisDoc = open_as(usersDb, "org.couchdb.user:jchris", "jchris1");
-
-      TEquals(undefined, jchrisDoc.password, "password field should be null 2");
-      TEquals(40, jchrisDoc.password_sha.length, "password_sha should exist");
-      TEquals(32, jchrisDoc.salt.length, "salt should exist");
-
-      TEquals(true, userDoc.salt != jchrisDoc.salt, "should have new salt");
-      TEquals(true, userDoc.password_sha != jchrisDoc.password_sha,
-        "should have new password_sha");
-
-      // user should not be able to read another user's user document
-      var fdmananaDoc = {
-        _id: "org.couchdb.user:fdmanana",
-        type: "user",
-        name: "fdmanana",
-        password: "foobar",
-        roles: []
-      };
-
-      usersDb.save(fdmananaDoc);
-
-      var fdmananaDocAsReadByjchris =
-        open_as(usersDb, "org.couchdb.user:fdmanana", "jchris1");
-      TEquals(null, fdmananaDocAsReadByjchris,
-        "should not_found opening another user's user doc");
-
-      // user should not be able to read from any view
-      var ddoc = {
-        _id: "_design/user_db_auth",
-        views: {
-          test: {
-            map: "function(doc) { emit(doc._id, null); }"
-          }
-        }
-      };
-
-      save_as(usersDb, ddoc, "jan");
-
-      try {
-        usersDb.view("user_db_auth/test");
-        T(false, "user had access to view in admin db");
-      } catch(e) {
-        TEquals("forbidden", e.error,
-        "non-admins should not be able to read a view");
-      }
-
-      // admin should be able to read from any view
-      var result = view_as(usersDb, "user_db_auth/test", "jan");
-      TEquals(3, result.total_rows, "should allow access and list two users");
-
-      // db admin should be able to read from any view
-      var result = view_as(usersDb, "user_db_auth/test", "benoitc");
-      TEquals(3, result.total_rows, "should allow access and list two users to db admin");
-
-
-      // non-admins can't read design docs
-      try {
-        open_as(usersDb, "_design/user_db_auth", "jchris1");
-        T(false, "non-admin read design doc, should not happen");
-      } catch(e) {
-        TEquals("forbidden", e.error, "non-admins can't read design docs");
-      }
-
-      console.log(fdmananaDoc);
-      // admin should be able to read and edit any user doc
-      fdmananaDoc.password = "mobile";
-      var result = save_as(usersDb, fdmananaDoc, "jan");
-      TEquals(true, result.ok, "admin should be able to update any user doc");
-
-      console.log(fdmananaDoc);
-      // admin should be able to read and edit any user doc
-      fdmananaDoc.password = "mobile1";
-      var result = save_as(usersDb, fdmananaDoc, "benoitc");
-      TEquals(true, result.ok, "db admin should be able to update any user doc");
-
-      // ensure creation of old-style docs still works
-      var robertDoc = CouchDB.prepareUserDoc({ name: "robert" }, "anchovy");
-      var result = usersDb.save(robertDoc);
-      TEquals(true, result.ok, "old-style user docs should still be accepted");
-
-	  // ensure creation of old-style docs still works
-      var robertDoc = CouchDB.prepareUserDoc({ name: "robert" }, "anchovy");
-      var result = userDb.save(robertDoc);
-      TEquals(true, result.ok, "old-style user docs should still be accepted");
-
-      // log in one last time so run_on_modified_server can clean up the admin account
-      TEquals(true, CouchDB.login("jan", "apple").ok);
-    });
   };
 
   usersDb.deleteDb(); 


Mime
View raw message