1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
# HTTP server spec
# Copyright (C) 2023 Nguyễn Gia Phong
#
# This file if part of hybring.
#
# Hybring is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Hybring is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with hybring. If not, see <https://www.gnu.org/licenses/>.
require "file_utils"
require "http/client"
require "./helper"
require "../src/http"
require "../src/sqlite"
BASE_DATA = {"nick" => "example",
"opennic" => "http://example.indy",
"icann" => "https://example.org",
"host" => "example.net"}
def expect_errors(url, overlay, expected)
data = BASE_DATA.merge overlay
response = HTTP::Client.post url, form: URI::Params.encode data
response.status_code.should eq 400
response.content_type.should eq "application/xhtml+xml"
xml = XML.parse response.body
errors = {} of String => String
xml.xpath_nodes("//xhtml:form/xhtml:label[@class='error'][.!='Error:']",
{"xhtml" => "http://www.w3.org/1999/xhtml"}).each do |node|
errors[node["for"]] = node.content
end
errors.should eq expected
end
url = uninitialized String
Spec.before_suite do
server = Server.new CONFIG
spawn do
server.listen do |address|
url = "http://#{address}"
end
end
until server.listening?
sleep 1.milliseconds
end
Spec.after_suite do
server.close
FileUtils.rm_r [CONFIG.db, CONFIG.opennic_local, CONFIG.icann_local]
end
end
describe Server do
it "only accepts POST requests" do
%w(GET PUT HEAD DELETE PATCH OPTIONS).each do |method|
response = HTTP::Client.exec method, url
response.status_code.should eq 405
end
end
pending "requires Content-Length header" do
# FIXME: HTTP::Client automatically sets the header based on body
end
it "rejects too long content" do
response = HTTP::Client.post url, body: "x" * (MAX_CONTENT_LENGTH + 1)
response.status_code.should eq 413
end
it "only accepts application/x-www-form-urlencoded Content-Type" do
response = HTTP::Client.post url
response.status_code.should eq 415
%w(multipart/form-data text/html text/plain).each do |content_type|
headers = HTTP::Headers{"Content-Type" => content_type}
response = HTTP::Client.post url, headers
response.status_code.should eq 415
end
end
it "only allows parameters nick, opennic, icann or host" do
data = BASE_DATA.merge Hash{"foo" => "bar"}
response = HTTP::Client.post url, form: URI::Params.encode data
response.status_code.should eq 400
response.content_type.should eq "text/plain"
response.body.should eq "400 Invalid Parameter\n"
end
it "requires parameters nick, opennic, icann and host" do
k, keys = BASE_DATA.size, BASE_DATA.keys
until k = 0
keys.combinations(k).each do |c|
data = BASE_DATA.reject c
response = HTTP::Client.post url, form: URI::Params.encode data
response.status_code.should eq 400
response.content_type.should eq "text/plain"
response.body.should eq "400 Missing Parameter\n"
end
k -= 1
end
end
it "rejects too long nick" do
msg = "Must be within #{MAX_NICK_LENGTH} characters"
expect_errors url, {"nick" => "x" * (MAX_NICK_LENGTH + 1)},
{"nick" => "Must match #{NICK_PATTERN}"}
end
it "rejects nicks that are not lowercase alphanumeric" do
%w(camelCase pun/tu?a#tion).each do |nick|
expect_errors url, {"nick" => nick},
{"nick" => "Must match #{NICK_PATTERN}"}
end
end
it "rejects relative URLs" do
%w(foo /bar ex.am/ple).each do |uri|
expect_errors url, {"opennic" => uri, "icann" => uri},
{"opennic" => "Must be absolute URL",
"icann" => "Must be absolute URL"}
end
end
it "only accepts HTTP/S" do
expect_errors url, {"opennic" => "gopher://example.indy"},
{"opennic" => "Must be HTTP/S"}
expect_errors url, {"opennic" => "https://example.indy",
"icann" => "http://example.org"},
{"icann" => "Must be HTTPS"}
end
it "checks for OpenNIC domain" do
expect_errors url, {"opennic" => "http://example.org",
"icann" => "https://example.indy"},
{"opennic" => "Must be under OpenNIC domain",
"icann" => "Must not be under OpenNIC domain"}
end
it "checks for uniqueness of nick and URLs" do
overlay = {"nick" => "self", "opennic" => CONFIG.opennic_remote,
"icann" => CONFIG.icann_remote}
base_errors = Hash(String, String).new "Must be unique"
k, keys = overlay.size, overlay.keys
until k = 0
keys.combinations(k).each do |c|
errors = base_errors.select c
data = BASE_DATA.merge overlay.select errors.keys
expect_errors url, data, errors
k -= 1
end
end
end
it "prevents nick from colliding with HTML headings' id" do
msg = "Reserved names: #{HTML_HEADINGS.join ", "}"
HTML_HEADINGS.each do |nick|
expect_errors url, {"nick" => nick}, {"nick" => msg}
end
end
it "inserts to database upon successful application" do
overlay = {"nick" => "chad", "opennic" => "http://chad.epic",
"icann" => "https://chad.example"}
data = BASE_DATA.merge overlay
response = HTTP::Client.post url, form: URI::Params.encode data
response.status_code.should eq 200
response.content_type.should eq "application/xhtml+xml"
db = Database.new CONFIG.db
db.exec "SELECT opennic, icann, official, left, right
FROM member
WHERE nick = %Q", overlay["nick"] do |row|
row[0].text.should eq overlay["opennic"]
row[1].text.should eq overlay["icann"]
row[2].int.should eq 0 # applicant
row[3].text.should eq "self"
row[4].text.should eq "self"
end
end
end
|