Commit graph

441 commits

Author SHA1 Message Date
John McLear
92d4b8b649
tests: re-enable docker tests in travis (#4395)
Thanks to node10 having better support we can re-enable these tests.
2020-10-06 14:21:09 +01:00
Richard Hansen
c74b254334 tests: Disable non-test logging unless level <= DEBUG
This makes it easier to see the test results, and it hides some
scary-looking but intentional error messages.

This code will likely have to be updated if/when we change the logging
library (see issue #1922).
2020-10-06 09:19:58 +01:00
Richard Hansen
a8cf434d1d import: Replace the allowAnyoneToImport check with userCanModify
This reduces the number of hoops a user or tool must jump through to
import.
2020-10-05 18:48:16 +01:00
Richard Hansen
831528e8bc import: Allow import if pad does not yet exist 2020-10-05 18:48:16 +01:00
Richard Hansen
9a6f286441 tests: Always run the import unsupported file type test 2020-10-05 18:48:16 +01:00
Richard Hansen
2f17849b7b tests: Switch import/export tests to self-contained server
This makes it possible to test various settings combinations and
examine internal state to confirm correct behavior. Also, the user
doesn't need to start an Etherpad server before running these tests.
2020-10-05 18:48:16 +01:00
Richard Hansen
32b6d8e37f tests: Factor out common server setup/teardown 2020-10-05 18:48:16 +01:00
Richard Hansen
f7953ece85 socketio: Delete redundant authentication check
There's no need to perform an authentication check in the socket.io
middleware because `PadMessageHandler.handleMessage` calls
`SecurityMananger.checkAccess` and that now performs authentication
and authorization checks.

This change also improves the user experience: Before, access denials
caused socket.io error events in the client, which `pad.js` mostly
ignores (the user doesn't see anything). Now a deny message is sent
back to the client, which causes `pad.js` to display an obvious
permission denied message.

This also fixes a minor bug: `settings.loadTest` is supposed to bypass
authentication and authorization checks, but they weren't bypassed
because `SecurityManager.checkAccess` did not check
`settings.loadTest`.
2020-10-05 18:12:04 +01:00
webzwo0i
ceb09ce99a
security: Support proxy with rate limiting and include CI test coverage for nginx rev proxy (#4373)
Previously Etherpad would not pass the correct client IP address through and this caused the rate limiter to limit users behind reverse proxies.  This change allows Etherpad to use a client IP passed from a reverse proxy.

Note to devs: This header can be spoofed and spoofing the header could be used in an attack.  To mitigate additional *steps should be taken by Etherpad site admins IE doing rate limiting at proxy.*  This only really applies to large scale deployments but it's worth noting.
2020-10-01 10:39:01 +01:00
Richard Hansen
bf9d613e95
feature: New user-specific readOnly and canCreate settings (#4370)
Also:
  * Group the tests for readability.
  * Factor out some common test setup.
2020-09-28 11:22:06 +01:00
John McLear
8919608d45 tests: disable a version of safari for now as its too buggy on sauce labs 2020-09-27 23:13:29 +01:00
Richard Hansen
180983736d security: Enable authorize plugins to grant read-only access 2020-09-27 22:55:49 +01:00
John McLear
505d67ed1c allowing longer for FF to do timeslider rev test 2020-09-27 21:44:43 +01:00
Richard Hansen
304318b618 webaccess: Move pre-authn authz check to a separate hook
Before this change, the authorize hook was invoked twice: once before
authentication and again after (if settings.requireAuthorization is
true). Now pre-authentication authorization is instead handled by a
new preAuthorize hook, and the authorize hook is only invoked after
the user has authenticated.

Rationale: Without this change it is too easy to write an
authorization plugin that is too permissive. Specifically:

  * If the plugin does not check the path for /admin then a non-admin
    user might be able to access /admin pages.
  * If the plugin assumes that the user has already been authenticated
    by the time the authorize function is called then unauthenticated
    users might be able to gain access to restricted resources.

This change also avoids calling the plugin's authorize function twice
per access, which makes it easier for plugin authors to write an
authorization plugin that is easy to understand.

This change may break existing authorization plugins: After this
change, the authorize hook will no longer be able to authorize
non-admin access to /admin pages. This is intentional. Access to admin
pages should instead be controlled via the `is_admin` user setting,
which can be set in the config file or by an authentication plugin.

Also:
  * Add tests for the authenticate and authorize hooks.
  * Disable the authentication failure delay when testing.
2020-09-27 21:19:58 +01:00
John McLear
a51132d712
tests: test coverage for read only pad ids (#4364) 2020-09-27 19:12:11 +01:00
John McLear
53b80d6280
tests: adding a check before finishing responsiveness test - allowing load test to run for 25 instead of 30 seconds to facilitate travis performance. (#4363)
The goal of this PR is to make tests break less frequently.  It is yet confirmed if this has worked but time will tell.
2020-09-27 15:13:55 +01:00
John McLear
ea4b9bf7d7
tests: support even slower safari (#4361) 2020-09-26 21:57:21 +01:00
Richard Hansen
9f63d9b76a tests: Check for true/false, not truthiness 2020-09-26 21:40:19 +01:00
Richard Hansen
c18831c333 tests: Fix typo (publicstatus -> publicStatus) 2020-09-26 21:40:19 +01:00
Richard Hansen
e01e575c86 tests: Use async/await instead of callbacks, use assert 2020-09-26 21:40:19 +01:00
Richard Hansen
24345bf9a8 tests: Group session and group tests to improve readability 2020-09-26 21:40:19 +01:00
Richard Hansen
4527254bcc tests: Use let and const instead of var 2020-09-26 21:40:19 +01:00
Richard Hansen
e88c532172 tests: Delete unused variable 2020-09-26 21:40:19 +01:00
Richard Hansen
ab5934cbda webaccess: Split authFailure hook into authnFailure and authzFailure
This makes it possible for plugins to return different pages to the
user depending on whether the auth failure was authn or authz.
2020-09-26 19:37:11 +01:00
Richard Hansen
02757079c0 security: Enable authorize plugins to grant modify-only access 2020-09-26 18:36:36 +01:00
Richard Hansen
72ed1816ec security: Fix authz check for pad names with encoded characters
Also:
  * Minor test cleanups (`function` instead of arrow functions, etc.).
  * Add a test for a case that was previously not covered.
2020-09-26 10:47:27 +01:00
Richard Hansen
23131a501c tests: Rewrite import/export tests to use async and supertest 2020-09-26 10:46:16 +01:00
Richard Hansen
54c999fe83 tests: Factor out common skip checks 2020-09-26 10:46:16 +01:00
Richard Hansen
1c3c5b744c tests: Skip all import/export tests if !allowAnyoneToImport
Three of the four tests fail if `settings.allowAnyoneToImport` is
false. The fourth ("tries to import Plain Text to a pad that does not
exist") isn't particularly useful when `settings.allowAnyoneToImport`
is false: That test tests an import failure mode, and when
`settings.allowAnyoneToImport` is false the failure could be caused by
that instead of the expected cause.
2020-09-26 10:46:16 +01:00
Richard Hansen
c148e673a8 tests: Use this.skip() when skipping tests 2020-09-26 10:46:16 +01:00
Richard Hansen
668373b80f tests: Fix abiword/soffice check 2020-09-26 10:46:16 +01:00
Richard Hansen
89de03795a tests: Delete unused imports and code 2020-09-26 10:46:16 +01:00
Richard Hansen
94f944160d security: Don't require express_sid if authn not required
This should make it possible to embed a pad in an iframe from another
site as long as `settings.requireAuthentication` is false.
2020-09-24 10:42:41 +01:00
Richard Hansen
53fd0b4f98 webaccess: Return 401 for authn failure, 403 for authz failure
This makes it possible for reverse proxies to transform 403 errors
into something like "upgrade to a premium account to access this
pad".

Also add some webaccess tests.
2020-09-24 10:41:58 +01:00
John McLear
ca7b8e278f allow slower for Safari 2020-09-22 16:32:40 +01:00
Richard Hansen
a000a93dc6 Refactor startup/shutdown for tests
* `src/node/server.js` can now be run as a script (for normal
    operation) or imported as a module (for tests).
  * Move shutdown actions to `src/node/server.js` to be close to the
    startup actions.
  * Put startup and shutdown in functions so that tests can call them.
  * Use `await` instead of callbacks.
  * Block until the HTTP server is listening to avoid races during
    test startup.
  * Add a new `shutdown` hook.
  * Use the `shutdown` hook to:
      * close the HTTP server
      * call `end()` on the stats collection to cancel its timers
      * call `terminate()` on the Threads.Pool to stop the workers
  * Exit with exit code 0 (instead of 1) on SIGTERM.
  * Export the HTTP server so that tests can get the HTTP server's
    port via `server.address().port` when `settings.port` is 0.
2020-09-22 11:07:21 +01:00
Richard Hansen
346111250e utils: Fix promise creation accounting bug in promises.timesLimit
Before this change, `promises.timesLimit()` created `concurrency - 1`
too many promises. The only users of this function use a concurrency
of 500, so this meant that 499 extra promises were created each time
it was used. The bug didn't affect correctness, but it did result in a
large number of unnecessary database operations whenever a pad was
deleted. This change fixes that bug.

Also:
  * Convert the function to async and have it resolve after all of the
    created promises are resolved.
  * Reject concurrency of 0 (unless total is 0).
  * Document the function.
  * Add tests.
2020-09-21 23:16:32 +01:00
webzwo0i
85f52a2f23
tests: Plugin backend tests in ci (#4314) 2020-09-18 16:28:42 +01:00
Joas Souza
8c04fe8775
Feature: Copy Pad without history (#4295)
New feature to copy a pad without copying entire history.  This is useful to perform a low CPU intensive operation while still copying current pad state.
2020-09-16 19:24:09 +01:00
Richard Hansen
b80a37173e security: Fix authorization bypass vulnerability
Before, a malicious user could bypass authorization restrictions
imposed by the authorize hook:

 * Step 1: Fetch any resource that the malicious user is authorized to
   access (e.g., static content).
 * Step 2: Use the signed express_sid cookie generated in step 1 to
   create a socket.io connection.
 * Step 3: Perform the CLIENT_READY handshake for the desired pad.
 * Step 4: Profit!

Now the authorization decision made by the authorize hook is
propagated to SecurityManager so that it can approve or reject
socket.io messages as appropriate.

This also sets up future support for per-user read-only and
modify-only (no create) authorization levels.
2020-09-15 21:40:25 +01:00
Richard Hansen
9e6d3f3f63 tests: Add authentication, authorization bypass tests 2020-09-15 20:03:30 +01:00
John McLear
4434e54368
Update responsiveness.js
Changing allowed delay from 300 to 400 because Safari OSX is consistently slow compared to every other modern browser.
2020-09-12 11:00:05 +01:00
webzwo0i
e2b3b009e1
tests: skip responsivness test on firefox 52.0/windows (#4275) 2020-09-09 21:40:53 +01:00
John McLear
2b9915d00d commenting out responsiveness test in preperation for a release 2020-09-08 15:18:19 +01:00
webzwo0i
d30364d3de
tests: make it more clear that test duration exceeded (#4237) 2020-08-30 16:41:12 +01:00
John McLear
12c05c20b2
bugfix/import: doc import bugfix (#4235) 2020-08-30 14:11:12 +01:00
John McLear
4db484e34e
tests: uncomment responsiveness tests
To make travis run them again and review to see what fails.
2020-08-27 22:45:32 +01:00
webzwo0i
acfa1b6b4e
frontend tests: retry should retry with the same padName, which was not true in case there was no padName supplied (#4206) 2020-07-29 19:26:09 +01:00
webzwo0i
1b6a9d8be0
tests: Fix frontend tests (#4188), ugly work around for "Pad never loaded" (#4200)
* remote_runner.js: fix drain call (cf.
https://github.com/caolan/async/blob/master/CHANGELOG.md#breaking-changes)

* dont wait 30 seconds after remote_runner.js returned

* timeout frontend tests after 9.5 minutes to prevent travis from silently stop them

* log when not all tests finished

* prevent killTimeout to happen after last test

* log server messages to console

* remote_runner will take some time to setup sl, so this second is not necessary

* dont write to global mocha variable

* mochas `test end` event is not called when a before/beforeEach-hooks
failed, so we should only use pass/fail/pending-hooks for logging.
also some cruft removed

* pass test in `pending`-event handler

* remove some more cruft in tests/frontend/runner.js

* frontend tests: clarify why stats.tests and total differ

* move killTimeout to pass/fail/pending instead of `test end` to guarantee that it is run

* delete killTimeout on test end to prevent misleading log message

* unused variable

* fix regex

* unlikely edge case

* ensure `allowed test duration exceeded` message is printed for the last runner

* get rid of jquery.iframe.js, currently no support for IE<9

* retry up to 3 times when pad could not be loaded

* Call the logging code in stopSauce in a callback for `browser.quit()`.
This should fix cases like
https://app.saucelabs.com/tests/cb8225375d274cbcbb091309f5466cfd
Travis received all the logs and remote_runner.js exits, but there never
is a DELETE command for webdriver.
2020-07-28 19:57:33 +01:00
Daniel Krol
859a128c54
Command line argument for chromium test for fake webrtc (#4199) 2020-07-28 10:33:49 +01:00