You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by be...@apache.org on 2012/01/07 11:09:48 UTC
git commit: fix user_db_security tests.
Updated Branches:
refs/heads/1.2.x 4f2a0794a -> 157db510b
fix user_db_security tests.
spotted by Jason Smith, thanks!
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/157db510
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/157db510
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/157db510
Branch: refs/heads/1.2.x
Commit: 157db510b7832a2fc6c262b6072cc2915950959b
Parents: 4f2a079
Author: benoitc <be...@apache.org>
Authored: Sat Jan 7 11:09:14 2012 +0100
Committer: benoitc <be...@apache.org>
Committed: Sat Jan 7 11:09:14 2012 +0100
----------------------------------------------------------------------
share/www/script/test/users_db_security.js | 170 +----------------------
1 files changed, 5 insertions(+), 165 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/157db510/share/www/script/test/users_db_security.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/users_db_security.js b/share/www/script/test/users_db_security.js
index 811ea7f..b3968b1 100644
--- a/share/www/script/test/users_db_security.js
+++ b/share/www/script/test/users_db_security.js
@@ -63,52 +63,6 @@ couchTests.users_db_security = function(debug) {
{
usersDb.deleteDb();
- if (debug) debugger;
-
- var loginUser = function(username) {
- var pws = {
- jan: "apple",
- jchris: "mp3",
- jchris1: "couch",
- fdmanana: "foobar"
- var username1 = username.replace(/[0-9]$/, "");
- var password = pws[username];
- //console.log("Logging in '" + username1 + "' with password '" + password + "'");
- T(CouchDB.login(username1, pws[username]).ok);
- };
-
- var open_as = function(db, docId, username) {
- loginUser(username);
- try {
- return db.open(docId, {"anti-cache": Math.round(Math.random() * 100000)});
- } finally {
- CouchDB.logout();
- }
- };
-
- var view_as = function(db, viewname, username) {
- loginUser(username);
- try {
- return db.view(viewname);
- } finally {
- CouchDB.logout();
- }
- };
-
- var save_as = function(db, doc, username)
- {
- loginUser(username);
- try {
- return db.save(doc);
- } catch (ex) {
- return ex;
- } finally {
- CouchDB.logout();
- }
- };
-
- var testFun = function()
- {
// _users db
// a doc with a field 'password' should be hashed to 'password_sha'
// with salt and salt stored in 'salt', 'password' is set to null.
@@ -181,7 +135,7 @@ couchTests.users_db_security = function(debug) {
"should not_found opening another user's user doc");
- // save a db admin
+ // save a db amin
var benoitcDoc = {
_id: "org.couchdb.user:benoitc",
type: "user",
@@ -228,6 +182,7 @@ couchTests.users_db_security = function(debug) {
var result = view_as(usersDb, "user_db_auth/test", "benoitc");
TEquals(3, result.total_rows, "should allow access and list two users to db admin");
+
// non-admins can't read design docs
try {
open_as(usersDb, "_design/user_db_auth", "jchris1");
@@ -236,12 +191,14 @@ couchTests.users_db_security = function(debug) {
TEquals("forbidden", e.error, "non-admins can't read design docs");
}
+ console.log(fdmananaDoc);
// admin should be able to read and edit any user doc
fdmananaDoc.password = "mobile";
var result = save_as(usersDb, fdmananaDoc, "jan");
TEquals(true, result.ok, "admin should be able to update any user doc");
- // db admin should be able to read and edit any user doc
+ console.log(fdmananaDoc);
+ // admin should be able to read and edit any user doc
fdmananaDoc.password = "mobile1";
var result = save_as(usersDb, fdmananaDoc, "benoitc");
TEquals(true, result.ok, "db admin by role should be able to update any user doc");
@@ -268,123 +225,6 @@ couchTests.users_db_security = function(debug) {
// log in one last time so run_on_modified_server can clean up the admin account
TEquals(true, CouchDB.login("jan", "apple").ok);
});
-
- userDoc = usersDb.open("org.couchdb.user:jchris");
- TEquals(undefined, userDoc.password, "password field should be null 1");
- TEquals(40, userDoc.password_sha.length, "password_sha should exist");
- TEquals(32, userDoc.salt.length, "salt should exist");
-
- // create server admin
- run_on_modified_server([
- {
- section: "admins",
- key: "jan",
- value: "apple"
- }
- ], function() {
-
- // anonymous should not be able to read an existing user's user document
- var res = usersDb.open("org.couchdb.user:jchris");
- TEquals(null, res, "anonymous user doc read should be not found");
-
- // user should be able to read their own document
-
- var jchrisDoc = open_as(usersDb, "org.couchdb.user:jchris", "jchris");
- TEquals("org.couchdb.user:jchris", jchrisDoc._id);
-
- // user should bt able to update their own document
- // new 'password' fields should trigger new hashing routine
- jchrisDoc.password = "couch";
-
- TEquals(true, save_as(usersDb, jchrisDoc, "jchris").ok);
- var jchrisDoc = open_as(usersDb, "org.couchdb.user:jchris", "jchris1");
-
- TEquals(undefined, jchrisDoc.password, "password field should be null 2");
- TEquals(40, jchrisDoc.password_sha.length, "password_sha should exist");
- TEquals(32, jchrisDoc.salt.length, "salt should exist");
-
- TEquals(true, userDoc.salt != jchrisDoc.salt, "should have new salt");
- TEquals(true, userDoc.password_sha != jchrisDoc.password_sha,
- "should have new password_sha");
-
- // user should not be able to read another user's user document
- var fdmananaDoc = {
- _id: "org.couchdb.user:fdmanana",
- type: "user",
- name: "fdmanana",
- password: "foobar",
- roles: []
- };
-
- usersDb.save(fdmananaDoc);
-
- var fdmananaDocAsReadByjchris =
- open_as(usersDb, "org.couchdb.user:fdmanana", "jchris1");
- TEquals(null, fdmananaDocAsReadByjchris,
- "should not_found opening another user's user doc");
-
- // user should not be able to read from any view
- var ddoc = {
- _id: "_design/user_db_auth",
- views: {
- test: {
- map: "function(doc) { emit(doc._id, null); }"
- }
- }
- };
-
- save_as(usersDb, ddoc, "jan");
-
- try {
- usersDb.view("user_db_auth/test");
- T(false, "user had access to view in admin db");
- } catch(e) {
- TEquals("forbidden", e.error,
- "non-admins should not be able to read a view");
- }
-
- // admin should be able to read from any view
- var result = view_as(usersDb, "user_db_auth/test", "jan");
- TEquals(3, result.total_rows, "should allow access and list two users");
-
- // db admin should be able to read from any view
- var result = view_as(usersDb, "user_db_auth/test", "benoitc");
- TEquals(3, result.total_rows, "should allow access and list two users to db admin");
-
-
- // non-admins can't read design docs
- try {
- open_as(usersDb, "_design/user_db_auth", "jchris1");
- T(false, "non-admin read design doc, should not happen");
- } catch(e) {
- TEquals("forbidden", e.error, "non-admins can't read design docs");
- }
-
- console.log(fdmananaDoc);
- // admin should be able to read and edit any user doc
- fdmananaDoc.password = "mobile";
- var result = save_as(usersDb, fdmananaDoc, "jan");
- TEquals(true, result.ok, "admin should be able to update any user doc");
-
- console.log(fdmananaDoc);
- // admin should be able to read and edit any user doc
- fdmananaDoc.password = "mobile1";
- var result = save_as(usersDb, fdmananaDoc, "benoitc");
- TEquals(true, result.ok, "db admin should be able to update any user doc");
-
- // ensure creation of old-style docs still works
- var robertDoc = CouchDB.prepareUserDoc({ name: "robert" }, "anchovy");
- var result = usersDb.save(robertDoc);
- TEquals(true, result.ok, "old-style user docs should still be accepted");
-
- // ensure creation of old-style docs still works
- var robertDoc = CouchDB.prepareUserDoc({ name: "robert" }, "anchovy");
- var result = userDb.save(robertDoc);
- TEquals(true, result.ok, "old-style user docs should still be accepted");
-
- // log in one last time so run_on_modified_server can clean up the admin account
- TEquals(true, CouchDB.login("jan", "apple").ok);
- });
};
usersDb.deleteDb();