summaryrefslogtreecommitdiff
path: root/rt/t
diff options
context:
space:
mode:
Diffstat (limited to 'rt/t')
-rw-r--r--rt/t/api/date.t10
-rw-r--r--rt/t/api/password-types.t11
-rw-r--r--rt/t/fts/indexed_mysql.t2
-rw-r--r--rt/t/pod.t2
-rw-r--r--rt/t/validator/group_members.t116
-rw-r--r--rt/t/web/path-traversal.t11
6 files changed, 69 insertions, 83 deletions
diff --git a/rt/t/api/date.t b/rt/t/api/date.t
index cc1c694cc..22c6f1b58 100644
--- a/rt/t/api/date.t
+++ b/rt/t/api/date.t
@@ -4,7 +4,7 @@ use DateTime;
use warnings;
use strict;
-use RT::Test tests => 173;
+use RT::Test tests => 175;
use RT::User;
use Test::Warn;
@@ -440,6 +440,14 @@ my $year = (localtime(time))[5] + 1900;
$date->Unix(0);
$date->AddDays(31);
is($date->ISO, '1970-02-01 00:00:00', "added one month");
+
+ $date->Unix(0);
+ $date->AddDays(0);
+ is($date->ISO, '1970-01-01 00:00:00', "added no days");
+
+ $date->Unix(0);
+ $date->AddDays();
+ is($date->ISO, '1970-01-02 00:00:00', "added one day with no argument");
}
{
diff --git a/rt/t/api/password-types.t b/rt/t/api/password-types.t
index e5155e35b..10a874a3d 100644
--- a/rt/t/api/password-types.t
+++ b/rt/t/api/password-types.t
@@ -3,6 +3,8 @@ use warnings;
use RT::Test;
use Digest::MD5;
+use Encode 'encode_utf8';
+use utf8;
my $default = "sha512";
@@ -38,3 +40,12 @@ my $trunc = MIME::Base64::encode_base64(
$root->_Set( Field => "Password", Value => $trunc);
ok($root->IsPassword("secret"), "Unsalted MD5 base64 works");
like($root->__Value("Password"), qr/^\!$default\!/, "And is now upgraded to salted $default");
+
+# Non-ASCII salted truncated SHA-256
+my $non_ascii_trunc = MIME::Base64::encode_base64(
+ "salt" . substr(Digest::SHA::sha256("salt".Digest::MD5::md5(encode_utf8("áěšý"))),0,26),
+ ""
+);
+$root->_Set( Field => "Password", Value => $non_ascii_trunc);
+ok($root->IsPassword("áěšý"), "Unsalted MD5 base64 works");
+like($root->__Value("Password"), qr/^\!$default\!/, "And is now upgraded to salted $default");
diff --git a/rt/t/fts/indexed_mysql.t b/rt/t/fts/indexed_mysql.t
index a54382ff8..0a4f02626 100644
--- a/rt/t/fts/indexed_mysql.t
+++ b/rt/t/fts/indexed_mysql.t
@@ -32,7 +32,7 @@ sub setup_indexing {
command => $RT::SbinPath .'/rt-setup-fulltext-index',
dba => $ENV{'RT_DBA_USER'},
'dba-password' => $ENV{'RT_DBA_PASSWORD'},
- url => "sphinx://localhost:$port/rt",
+ url => "sphinx://127.0.0.1:$port/rt",
);
ok(!$exit_code, "setted up index");
diag "output: $output" if $ENV{'TEST_VERBOSE'};
diff --git a/rt/t/pod.t b/rt/t/pod.t
index d11a497eb..697a30b44 100644
--- a/rt/t/pod.t
+++ b/rt/t/pod.t
@@ -4,4 +4,4 @@ use warnings;
use Test::More;
eval "use Test::Pod 1.14";
plan skip_all => "Test::Pod 1.14 required for testing POD" if $@;
-all_pod_files_ok();
+all_pod_files_ok( all_pod_files("lib","docs","etc","bin","sbin"));
diff --git a/rt/t/validator/group_members.t b/rt/t/validator/group_members.t
index fbe758017..af93c518e 100644
--- a/rt/t/validator/group_members.t
+++ b/rt/t/validator/group_members.t
@@ -2,104 +2,45 @@
use strict;
use warnings;
-use RT::Test tests => 60;
-
-sub load_or_create_group {
- my $name = shift;
- my %args = (@_);
-
- my $group = RT::Group->new( RT->SystemUser );
- $group->LoadUserDefinedGroup( $name );
- unless ( $group->id ) {
- my ($id, $msg) = $group->CreateUserDefinedGroup(
- Name => $name,
- );
- die "$msg" unless $id;
- }
-
- if ( $args{Members} ) {
- my $cur = $group->MembersObj;
- while ( my $entry = $cur->Next ) {
- my ($status, $msg) = $entry->Delete;
- die "$msg" unless $status;
- }
-
- foreach my $new ( @{ $args{Members} } ) {
- my ($status, $msg) = $group->AddMember(
- ref($new)? $new->id : $new,
- );
- die "$msg" unless $status;
- }
- }
-
- return $group;
-}
-
-my $validator_path = "$RT::SbinPath/rt-validator";
-sub run_validator {
- my %args = (check => 1, resolve => 0, force => 1, @_ );
-
- my $cmd = $validator_path;
- die "Couldn't find $cmd command" unless -f $cmd;
-
- while( my ($k,$v) = each %args ) {
- next unless $v;
- $cmd .= " --$k '$v'";
- }
- $cmd .= ' 2>&1';
-
- require IPC::Open2;
- my ($child_out, $child_in);
- my $pid = IPC::Open2::open2($child_out, $child_in, $cmd);
- close $child_in;
-
- my $result = do { local $/; <$child_out> };
- close $child_out;
- waitpid $pid, 0;
-
- DBIx::SearchBuilder::Record::Cachable->FlushCache
- if $args{'resolve'};
-
- return ($?, $result);
-}
+use RT::Test tests => 63;
{
- my ($ecode, $res) = run_validator();
+ my ($ecode, $res) = RT::Test->run_validator();
is $res, '', 'empty result';
}
{
- my $group = load_or_create_group('test', Members => [] );
+ my $group = RT::Test->load_or_create_group('test', Members => [] );
ok $group, "loaded or created a group";
- my ($ecode, $res) = run_validator();
+ my ($ecode, $res) = RT::Test->run_validator();
is $res, '', 'empty result';
}
# G1 -> G2
{
- my $group1 = load_or_create_group( 'test1', Members => [] );
+ my $group1 = RT::Test->load_or_create_group( 'test1', Members => [] );
ok $group1, "loaded or created a group";
- my $group2 = load_or_create_group( 'test2', Members => [ $group1 ]);
+ my $group2 = RT::Test->load_or_create_group( 'test2', Members => [ $group1 ]);
ok $group2, "loaded or created a group";
ok $group2->HasMember( $group1->id ), "has member";
ok $group2->HasMemberRecursively( $group1->id ), "has member";
- my ($ecode, $res) = run_validator();
+ my ($ecode, $res) = RT::Test->run_validator();
is $res, '', 'empty result';
$RT::Handle->dbh->do("DELETE FROM CachedGroupMembers");
DBIx::SearchBuilder::Record::Cachable->FlushCache;
ok !$group2->HasMemberRecursively( $group1->id ), "has no member, broken DB";
- ($ecode, $res) = run_validator(resolve => 1);
+ ($ecode, $res) = RT::Test->run_validator(resolve => 1);
ok $group2->HasMember( $group1->id ), "has member";
ok $group2->HasMemberRecursively( $group1->id ), "has member";
- ($ecode, $res) = run_validator();
+ ($ecode, $res) = RT::Test->run_validator();
is $res, '', 'empty result';
}
@@ -109,7 +50,7 @@ sub run_validator {
for (1..5) {
my $child = @groups? $groups[-1]: undef;
- my $group = load_or_create_group( 'test'. $_, Members => [ $child? ($child): () ] );
+ my $group = RT::Test->load_or_create_group( 'test'. $_, Members => [ $child? ($child): () ] );
ok $group, "loaded or created a group";
ok $group->HasMember( $child->id ), "has member"
@@ -120,7 +61,7 @@ sub run_validator {
push @groups, $group;
}
- my ($ecode, $res) = run_validator();
+ my ($ecode, $res) = RT::Test->run_validator();
is $res, '', 'empty result';
$RT::Handle->dbh->do("DELETE FROM CachedGroupMembers");
@@ -128,7 +69,7 @@ sub run_validator {
ok !$groups[1]->HasMemberRecursively( $groups[0]->id ), "has no member, broken DB";
- ($ecode, $res) = run_validator(resolve => 1);
+ ($ecode, $res) = RT::Test->run_validator(resolve => 1);
for ( my $i = 1; $i < @groups; $i++ ) {
ok $groups[$i]->HasMember( $groups[$i-1]->id ), "has member";
@@ -136,7 +77,7 @@ sub run_validator {
foreach 0..$i-1;
}
- ($ecode, $res) = run_validator();
+ ($ecode, $res) = RT::Test->run_validator();
is $res, '', 'empty result';
}
@@ -144,34 +85,51 @@ sub run_validator {
{
my @groups;
for (2..5) {
- my $group = load_or_create_group( 'test'. $_, Members => [] );
+ my $group = RT::Test->load_or_create_group( 'test'. $_, Members => [] );
ok $group, "loaded or created a group";
push @groups, $group;
}
- my $parent = load_or_create_group( 'test1', Members => \@groups );
+ my $parent = RT::Test->load_or_create_group( 'test1', Members => \@groups );
ok $parent, "loaded or created a group";
- my ($ecode, $res) = run_validator();
+ my ($ecode, $res) = RT::Test->run_validator();
is $res, '', 'empty result';
}
# G1 <- (G2, G3, G4) <- G5
{
- my $gchild = load_or_create_group( 'test5', Members => [] );
+ my $gchild = RT::Test->load_or_create_group( 'test5', Members => [] );
ok $gchild, "loaded or created a group";
my @groups;
for (2..4) {
- my $group = load_or_create_group( 'test'. $_, Members => [ $gchild ] );
+ my $group = RT::Test->load_or_create_group( 'test'. $_, Members => [ $gchild ] );
ok $group, "loaded or created a group";
push @groups, $group;
}
- my $parent = load_or_create_group( 'test1', Members => \@groups );
+ my $parent = RT::Test->load_or_create_group( 'test1', Members => \@groups );
ok $parent, "loaded or created a group";
- my ($ecode, $res) = run_validator();
+ my ($ecode, $res) = RT::Test->run_validator();
is $res, '', 'empty result';
}
+# group without principal record and cgm records
+# was causing infinite loop as principal was not created
+{
+ my $group = RT::Test->load_or_create_group('Test');
+ ok $group && $group->id, 'loaded or created group';
+
+ my $dbh = $group->_Handle->dbh;
+ $dbh->do('DELETE FROM Principals WHERE id = ?', {RaiseError => 1}, $group->id);
+ $dbh->do('DELETE FROM CachedGroupMembers WHERE GroupId = ?', {RaiseError => 1}, $group->id);
+ DBIx::SearchBuilder::Record::Cachable->FlushCache;
+
+ my ($ecode, $res) = RT::Test->run_validator(resolve => 1, timeout => 30);
+ ok $res;
+
+ ($ecode, $res) = RT::Test->run_validator();
+ is $res, '', 'empty result';
+}
diff --git a/rt/t/web/path-traversal.t b/rt/t/web/path-traversal.t
index 5d5c954a1..01302e672 100644
--- a/rt/t/web/path-traversal.t
+++ b/rt/t/web/path-traversal.t
@@ -1,9 +1,10 @@
use strict;
use warnings;
-use RT::Test tests => 22;
+use RT::Test tests => undef;
my ($baseurl, $agent) = RT::Test->started_ok;
+ok($agent->login);
$agent->get("$baseurl/NoAuth/../Elements/HeaderJavascript");
is($agent->status, 400);
@@ -31,6 +32,12 @@ SKIP: {
$agent->warning_like(qr/Invalid request.*aborting/,);
};
+# Do not reject a simple /. in the URL, for downloading uploaded
+# dotfiles, for example.
+$agent->get("$baseurl/Ticket/Attachment/28/9/.bashrc");
+is($agent->status, 200); # Even for a file not found, we return 200
+$agent->content_contains("Bad attachment id");
+
# do not reject these URLs, even though they contain /. outside the path
$agent->get("$baseurl/index.html?ignored=%2F%2E");
is($agent->status, 200);
@@ -44,3 +51,5 @@ is($agent->status, 200);
$agent->get("$baseurl/index.html#/.");
is($agent->status, 200);
+undef $agent;
+done_testing;
generated by cgit v1.2.1 (git 2.18.0) at 2024-10-05 08:21:13 +0000