Code Vault

xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)

Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.

Clone URLs: https://code.reversed.top/user/xaizek/rocketgit ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

Commit 9b77048af3f73f8bf30128d5b07a2bae28315d45

Improved http tests by using persistent connections
Author: Catalin(ux) M. BOIE
Author date (UTC): 2017-05-24 18:48
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2017-05-24 18:48
Parent(s): 3f1836953c50735c7860da1f951eb82a42a1940b
Signing key:
Tree: d14e12785f2f04bdf6161c4e809dbdf9ea41554a

File	Lines added	Lines deleted
inc/mail.inc.php	2	2
tests/.gitignore	1	0
tests/Makefile	5	5
tests/_run_tests.sh	2	1
tests/admin_set_git.php	5	3
tests/admin_set_web.php	2	0
tests/by_http.php	3	2
tests/export.php	1	2
tests/git.php	4	4
tests/git2.php	7	5
tests/git_big_push.php	1	1
tests/git_log1.sh	0	1
tests/helpers.inc.php	10	9
tests/http.inc.php	61	45
tests/http_admin.php	4	3
tests/http_bug.php	6	4
tests/http_confirm.php	3	2
tests/http_create_account.php	6	4
tests/http_csrf.php	10	6
tests/http_forgot.php	18	7
tests/http_keys.php	5	3
tests/http_login.php	22	15
tests/http_settings.php	13	11
tests/http_top.php	2	0
tests/http_totp.php	13	14
tests/pr_anon.php	7	6
tests/source.php	4	3
tests/ssh.php	9	5
tests/wh_cloud.php	6	4
tests/wh_http.php	7	6
tests/wh_lambda.php	5	3

File inc/mail.inc.php changed (mode: 100644) (index 90b4ccd..de5d6ad)
...	...	function rg_mail_template($template, $more)
70	70	$subject, $body, $header, -f $rg_admin_email");	$subject, $body, $header, -f $rg_admin_email");
71	71	if ($more['debug'] == 1) {	if ($more['debug'] == 1) {
72	72	if (!isset($more['ui']['uid']))	if (!isset($more['ui']['uid']))
73		$k = 0;
	73		$k = $more['ui']['email'];
74	74	else	else
75	75	$k = $more['ui']['uid'];	$k = $more['ui']['uid'];
76	76
77		rg_cache_set('DEBUG::' . $k . '::mail',
	77		rg_cache_set('DEBUG::' . $k . '::mail::' . $template,
78	78	array(	array(
79	79	'header' => $header,	'header' => $header,
80	80	'subject' => $subject,	'subject' => $subject,

File tests/.gitignore changed (mode: 100644) (index 53756ef..607c80a)
...	...	export.json
30	30	_run_tests.failed	_run_tests.failed
31	31	temp_repos	temp_repos
32	32	state	state
	33		jars

File tests/Makefile changed (mode: 100644) (index f27cc6d..fbd1ef7)
1	1	all: clean run	all: clean run
2		@echo "All OK. Good work!"
3		@-ls -l err-*
4		@-ls -l /var/log/rocketgit/err-*
5		@echo "Do not forget to check for errors in /var/log/rocketgit!"
6	2
7	3	.PHONY: run	.PHONY: run
8	4	run:	run:
9	5	@mkdir -p temp_repos	@mkdir -p temp_repos
10	6	@./_run_tests.sh	@./_run_tests.sh
	7		@echo "All OK. Good work!"
	8		@echo "Errors:"
	9		@-ls -l err-* 2>/dev/null \|\| :
	10		@-ls -l /var/log/rocketgit/err-* 2>/dev/null \|\| :
11	11
12	12	.PHONY: clean	.PHONY: clean
13	13	clean:	clean:

...	...	clean:
15	15	http.arond .pub git2key git2 .in q_merge_requests/mr-* \	http.arond .pub git2key git2 .in q_merge_requests/mr-* \
16	16	qstats/* repos/* helper helper.pub keys/* ca *.pid \	qstats/* repos/* helper helper.pub keys/* ca *.pid \
17	17	*.tmp base ubase wh_cloud.git export.json \	*.tmp base ubase wh_cloud.git export.json \
18		.by_http temp_repos
	18		.by_http temp_repos jars
19	19
20	20	.PHONY: clean_state	.PHONY: clean_state
21	21	clean_state:	clean_state:

File tests/_run_tests.sh changed (mode: 100755) (index a804fd0..8be3399)
1	1	#!/bin/bash	#!/bin/bash
2	2
3		tests="git_big_push admin_set_git by_http wh_lambda http_keys http_forgot \
	3		tests="admin_set_web git_big_push admin_set_git by_http wh_lambda http_keys \
	4		http_forgot \
4	5	api wh_cloud pr_anon wh_http ssh http_totp totp git_log1 \	api wh_cloud pr_anon wh_http ssh http_totp totp git_log1 \
5	6	http_admin http_bug \	http_admin http_bug \
6	7	http_create_account http_login http_settings http_csrf http_top \	http_create_account http_login http_settings http_csrf http_top \

File tests/admin_set_git.php changed (mode: 100644) (index e79f4a5..0c456e1)
...	...	$_testns = 'admin_set_git';
21	21	$rg_cache_enable = TRUE;	$rg_cache_enable = TRUE;
22	22	$rg_cache_debug = TRUE;	$rg_cache_debug = TRUE;
23	23
	24		prepare_http();
	25
24	26	$rg_ui = array('is_admin' => 1);	$rg_ui = array('is_admin' => 1);
25	27	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
26		test_login($test_url, $rg_ui, $good_sid);
	28		test_login($test_url, $rg_ui);
27	29
28	30
29	31	rg_log('');	rg_log('');
30	32	rg_log_enter('Loading Admin -> Settings -> Git...');	rg_log_enter('Loading Admin -> Settings -> Git...');
31	33	$data = array();	$data = array();
32		$headers = array("Cookie: sid=" . $good_sid);
	34		$headers = array();
33	35	$r = do_req($test_url . '/op/admin/settings/git', $data, $headers);	$r = do_req($test_url . '/op/admin/settings/git', $data, $headers);
34	36	if ($r === FALSE) {	if ($r === FALSE) {
35	37	rg_log("Cannot load page!");	rg_log("Cannot load page!");

...	...	if ($r === FALSE) {
37	39	}	}
38	40	if (!isset($r['tokens']['admin_settings_git'])) {	if (!isset($r['tokens']['admin_settings_git'])) {
39	41	rg_log_ml('r:' . print_r($r, TRUE));	rg_log_ml('r:' . print_r($r, TRUE));
40		rg_log("No token?!");
	42		rg_log("No 'admin_settings_git' token?!");
41	43	exit(1);	exit(1);
42	44	}	}
43	45	$token = $r['tokens']['admin_settings_git'];	$token = $r['tokens']['admin_settings_git'];

File tests/admin_set_web.php changed (mode: 100644) (index 6a61fe3..de51f32)
...	...	$_testns = 'admin_set_web';
21	21	$rg_cache_enable = TRUE;	$rg_cache_enable = TRUE;
22	22	$rg_cache_debug = TRUE;	$rg_cache_debug = TRUE;
23	23
	24		prepare_http();
	25
24	26	$rg_ui = array('is_admin' => 1);	$rg_ui = array('is_admin' => 1);
25	27	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
26	28	test_login($test_url, $rg_ui);	test_login($test_url, $rg_ui);

File tests/by_http.php changed (mode: 100644) (index eb00180..e2679b9)
...	...	require_once("common.php");
18	18	$_testns = 'by_http';	$_testns = 'by_http';
19	19	$rg_cache_enable = TRUE;	$rg_cache_enable = TRUE;
20	20
	21		prepare_http();
21	22
22	23	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
23	24	rg_log('Created user ' . $rg_ui['uid']);	rg_log('Created user ' . $rg_ui['uid']);

...	...	rg_log('Created repo ' . $repo['repo_id']);
30	31	$repo2 = array('public' => 0);	$repo2 = array('public' => 0);
31	32	rg_test_create_repo($db, $rg_ui, $repo2);	rg_test_create_repo($db, $rg_ui, $repo2);
32	33	rg_log('Created repo2 ' . $repo2['repo_id']);	rg_log('Created repo2 ' . $repo2['repo_id']);
33		$r = test_login($test_url, $rg_ui, $good_sid);
	34		$r = test_login($test_url, $rg_ui);
34	35	if ($r === FALSE) {	if ($r === FALSE) {
35	36	rg_log("Cannot login!");	rg_log("Cannot login!");
36	37	exit(1);	exit(1);

...	...	$commit = trim(file_get_contents('.by_http/.git/refs/heads/master'));
155	156	rg_log('master from .git: ' . $commit);	rg_log('master from .git: ' . $commit);
156	157	rg_log_enter('Checking on web that everything is OK...');	rg_log_enter('Checking on web that everything is OK...');
157	158	$data = array();	$data = array();
158		$headers = array("Cookie: sid=" . $good_sid);
	159		$headers = array();
159	160	$r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])	$r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])
160	161	. '/' . rawurlencode($repo['name']) . '/source/log/commit/'	. '/' . rawurlencode($repo['name']) . '/source/log/commit/'
161	162	. $commit, $data, $headers);	. $commit, $data, $headers);

File tests/export.php changed (mode: 100644) (index 949cb41..624349c)
...	...	if ($r === FALSE) {
44	44	exit(1);	exit(1);
45	45	}	}
46	46
47		$cmd = 'cat export.json \| json_verify';
48		$a = rg_exec($cmd, '', FALSE, FALSE);
	47		$a = rg_exec('cat export.json \| json_verify', '', FALSE, FALSE);
49	48	if ($a['ok'] !== 1) {	if ($a['ok'] !== 1) {
50	49	rg_log_ml(print_r($a, TRUE));	rg_log_ml(print_r($a, TRUE));
51	50	rg_log('Seems the JSON is not valid!');	rg_log('Seems the JSON is not valid!');

File tests/git.php changed (mode: 100644) (index f317f79..0f195c4)
...	...	$r = rg_exec('rm -rf temp_repos/git_rename'
22	22	. ' && cd temp_repos/git_rename'	. ' && cd temp_repos/git_rename'
23	23	. ' && git init'	. ' && git init'
24	24	. ' && seq 0 1000 > a'	. ' && seq 0 1000 > a'
25		. ' && echo yyy > b; git add a b; git commit -a -m "aaa"'
26		. ' && cp a aclone; git add aclone'
	25		. ' && echo yyy > b && git add a b && git commit -a -m "aaa"'
	26		. ' && cp a aclone && git add aclone'
27	27	. ' && git mv b b2'	. ' && git mv b b2'
28	28	. ' && git commit -a -m "bbb"',	. ' && git commit -a -m "bbb"',
29	29	'', FALSE, FALSE);	'', FALSE, FALSE);

...	...	$r = rg_exec('rm -rf temp_repos/git_bin'
78	78	. ' && cd temp_repos/git_bin'	. ' && cd temp_repos/git_bin'
79	79	. ' && git init'	. ' && git init'
80	80	. ' && seq 0 100 \| while read a; do echo -en "\x`printf "%02x" ${a}`"; done > a'	. ' && seq 0 100 \| while read a; do echo -en "\x`printf "%02x" ${a}`"; done > a'
81		. ' && git add a; git commit -a -m "aaa"'
82		. ' && echo -e \x0ff\x03\x90 > a; git commit -a -m "bbb"',
	81		. ' && git add a && git commit -a -m "aaa"'
	82		. ' && echo -e \x0ff\x03\x90 > a && git commit -a -m "bbb"',
83	83	'', FALSE, FALSE);	'', FALSE, FALSE);
84	84	if ($r['ok'] != 1) {	if ($r['ok'] != 1) {
85	85	rg_log('Could not exec repo script: ' . $r['errmsg'] . '!');	rg_log('Could not exec repo script: ' . $r['errmsg'] . '!');

File tests/git2.php changed (mode: 100644) (index 25937f3..40d9fc2)
...	...	require_once("common.php");
18	18	$_testns = 'git2';	$_testns = 'git2';
19	19	$rg_cache_enable = TRUE;	$rg_cache_enable = TRUE;
20	20
	21		prepare_http();
	22
21	23	system("./git2.sh &>git2.sh.log");	system("./git2.sh &>git2.sh.log");
22	24	$_err = file_get_contents('git2.sh.log');	$_err = file_get_contents('git2.sh.log');
23	25	@unlink('git2.log');	@unlink('git2.log');

...	...	rg_test_create_user($db, $rg_ui);
46	48	rg_log('Created user ' . $rg_ui['uid']);	rg_log('Created user ' . $rg_ui['uid']);
47	49	rg_test_create_repo($db, $rg_ui, $repo);	rg_test_create_repo($db, $rg_ui, $repo);
48	50	rg_log('Created repo ' . $repo['repo_id']);	rg_log('Created repo ' . $repo['repo_id']);
49		$r = test_login($test_url, $rg_ui, $good_sid);
	51		$r = test_login($test_url, $rg_ui);
50	52	if ($r === FALSE) {	if ($r === FALSE) {
51	53	rg_log("Cannot login!");	rg_log("Cannot login!");
52	54	exit(1);	exit(1);

...	...	if ($r === FALSE) {
55	57
56	58	rg_log('');	rg_log('');
57	59	rg_log_enter('Uploading a key...');	rg_log_enter('Uploading a key...');
58		rg_test_upload_ssh_key($db, $rg_ui, "git2", $good_sid);
	60		rg_test_upload_ssh_key($db, $rg_ui, 'git2');
59	61	rg_log_exit();	rg_log_exit();
60	62
61	63

...	...	rg_log("Load master from .git: $commit");
94	96	rg_log('');	rg_log('');
95	97	rg_log_enter('Checking on web that everything is OK...');	rg_log_enter('Checking on web that everything is OK...');
96	98	$data = array();	$data = array();
97		$headers = array("Cookie: sid=" . $good_sid);
	99		$headers = array();
98	100	$r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])	$r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])
99	101	. '/' . rawurlencode($repo['name']) . '/source/log/commit/'	. '/' . rawurlencode($repo['name']) . '/source/log/commit/'
100	102	. $commit, $data, $headers);	. $commit, $data, $headers);

...	...	rg_log_exit();
108	110	rg_log('');	rg_log('');
109	111	rg_log_enter('Checking on web that tag is OK...');	rg_log_enter('Checking on web that tag is OK...');
110	112	$data = array();	$data = array();
111		$headers = array("Cookie: sid=" . $good_sid);
	113		$headers = array();
112	114	$r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])	$r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])
113	115	. '/' . rawurlencode($repo['name'])	. '/' . rawurlencode($repo['name'])
114	116	. '/source/tree/tag/unannot1/blob/a', $data, $headers);	. '/source/tree/tag/unannot1/blob/a', $data, $headers);

...	...	if ($r['ok'] != 1) {
141	143	exit(1);	exit(1);
142	144	}	}
143	145	// Now, the branch should not be visible anymore	// Now, the branch should not be visible anymore
144		$headers = array("Cookie: sid=" . $good_sid);
	146		$headers = array();
145	147	$r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])	$r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])
146	148	. '/' . rawurlencode($repo['name']) . '/source', $data, $headers);	. '/' . rawurlencode($repo['name']) . '/source', $data, $headers);
147	149	rg_log_ml($r['body']);	rg_log_ml($r['body']);

File tests/git_big_push.php changed (mode: 100644) (index 91a5188..3529ec5)
...	...	$rg_git_debug = 100;
23	23
24	24	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
25	25	rg_test_create_repo($db, $rg_ui, $repo);	rg_test_create_repo($db, $rg_ui, $repo);
26		$r = test_login($test_url, $rg_ui, $good_sid);
	26		$r = test_login($test_url, $rg_ui);
27	27	if ($r === FALSE) {	if ($r === FALSE) {
28	28	rg_log("Cannot login!");	rg_log("Cannot login!");
29	29	exit(1);	exit(1);

File tests/git_log1.sh changed (mode: 100755) (index 3b9e812..3b7c604)
...	...	if [ "${?}" != "0" ]; then
67	67	exit 1	exit 1
68	68	fi	fi
69	69
70		echo "git_log1: OK"

File tests/helpers.inc.php changed (mode: 100644) (index 10cade7..7267b69)
...	...	function rg_test_create_repo($db, $rg_ui, &$extra)
152	152	exit(1);	exit(1);
153	153	}	}
154	154	rg_repo_cosmetic($db, $extra);	rg_repo_cosmetic($db, $extra);
	155		rg_log_ml('extra: ' . print_r($extra, TRUE));
155	156
156	157	if ($repo_id > 0) {	if ($repo_id > 0) {
157	158	$sql = "UPDATE repos SET repo_id = $repo_id"	$sql = "UPDATE repos SET repo_id = $repo_id"

...	...	function rg_test_create_bug($db, $rg_ui, $ri, &$extra)
266	267	* Helper for creating and uploading a ssh key	* Helper for creating and uploading a ssh key
267	268	* Returns the key.	* Returns the key.
268	269	*/	*/
269		function rg_test_upload_ssh_key($db, $rg_ui, $key_name, $good_sid)
	270		function rg_test_upload_ssh_key($db, $rg_ui, $key_name)
270	271	{	{
271	272	global $test_url;	global $test_url;
272	273

...	...	function rg_test_upload_ssh_key($db, $rg_ui, $key_name, $good_sid)
292	293
293	294	rg_log("Loading ssh key form...");	rg_log("Loading ssh key form...");
294	295	$data = array();	$data = array();
295		$headers = array("Cookie: sid=" . $good_sid);
	296		$headers = array();
296	297	$r = do_req($test_url . "/op/settings/keys?t=load_key_form", $data, $headers);	$r = do_req($test_url . "/op/settings/keys?t=load_key_form", $data, $headers);
297	298	if ($r === FALSE) {	if ($r === FALSE) {
298	299	rg_log("Cannot load form!");	rg_log("Cannot load form!");

...	...	function rg_test_upload_ssh_key($db, $rg_ui, $key_name, $good_sid)
306	307
307	308	rg_log("Uploading the key...");	rg_log("Uploading the key...");
308	309	$data = array('add' => 1, 'token' => $r['tokens']['keys'], 'key' => $key);	$data = array('add' => 1, 'token' => $r['tokens']['keys'], 'key' => $key);
309		$headers = array('Cookie: sid=' . $good_sid);
	310		$headers = array();
310	311	$r = do_req($test_url . '/op/settings/keys?t=upload_ssh_key', $data, $headers);	$r = do_req($test_url . '/op/settings/keys?t=upload_ssh_key', $data, $headers);
311	312	if ($r === FALSE) {	if ($r === FALSE) {
312	313	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

...	...	function rg_test_upload_ssh_key($db, $rg_ui, $key_name, $good_sid)
334	335	* Helper for generating scratch codes	* Helper for generating scratch codes
335	336	* Returns the scratch codes.	* Returns the scratch codes.
336	337	*/	*/
337		function rg_test_sc_generate($db, $rg_ui, $good_sid)
	338		function rg_test_sc_generate($db, $rg_ui)
338	339	{	{
339	340	global $test_url;	global $test_url;
340	341
341	342	rg_log("Loading generate scratch codes form...");	rg_log("Loading generate scratch codes form...");
342	343	$data = array();	$data = array();
343		$headers = array("Cookie: sid=" . $good_sid);
	344		$headers = array();
344	345	$r = do_req($test_url . "/op/settings/totp/sc", $data, $headers);	$r = do_req($test_url . "/op/settings/totp/sc", $data, $headers);
345	346	if ($r === FALSE) {	if ($r === FALSE) {
346	347	rg_log("Cannot load form!");	rg_log("Cannot load form!");

...	...	function rg_test_sc_generate($db, $rg_ui, $good_sid)
354	355
355	356	rg_log("Generating scratch codes...");	rg_log("Generating scratch codes...");
356	357	$data = array('generate' => 1, 'token' => $r['tokens']['sc']);	$data = array('generate' => 1, 'token' => $r['tokens']['sc']);
357		$headers = array('Cookie: sid=' . $good_sid);
	358		$headers = array();
358	359	$r = do_req($test_url . '/op/settings/totp/sc', $data, $headers);	$r = do_req($test_url . '/op/settings/totp/sc', $data, $headers);
359	360	if ($r === FALSE) {	if ($r === FALSE) {
360	361	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

...	...	function rg_test_sc_generate($db, $rg_ui, $good_sid)
377	378	/*	/*
378	379	* Helper for adding a webhook	* Helper for adding a webhook
379	380	*/	*/
380		function rg_test_wh_add_edit($db, $rg_ui, $good_sid, $htype, $extra)
	381		function rg_test_wh_add_edit($db, $rg_ui, $htype, $extra)
381	382	{	{
382	383	global $test_url;	global $test_url;
383	384
384	385	rg_log_enter('Loading webhook add form...');	rg_log_enter('Loading webhook add form...');
385		$headers = array("Cookie: sid=" . $good_sid);
	386		$headers = array();
386	387
387	388	if (!isset($extra['wh::id']))	if (!isset($extra['wh::id']))
388	389	$extra['wh::id'] = 0;	$extra['wh::id'] = 0;

...	...	function rg_test_wh_add_edit($db, $rg_ui, $good_sid, $htype, $extra)
405	406	rg_log("Adding webhook...");	rg_log("Adding webhook...");
406	407	$data = array('doit' => 1, 'token' => $r['tokens']['wh_add']);	$data = array('doit' => 1, 'token' => $r['tokens']['wh_add']);
407	408	$data = array_merge($data, $extra);	$data = array_merge($data, $extra);
408		$headers = array('Cookie: sid=' . $good_sid);
	409		$headers = array();
409	410	$r = do_req($test_url . '/op/settings/wh/' . $url, $data, $headers);	$r = do_req($test_url . '/op/settings/wh/' . $url, $data, $headers);
410	411	if ($r === FALSE) {	if ($r === FALSE) {
411	412	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

File tests/http.inc.php changed (mode: 100644) (index c43bea9..b03e41e)
3	3	if (!isset($test_ua))	if (!isset($test_ua))
4	4	$test_ua = "curl";	$test_ua = "curl";
5	5
	6		/*
	7		* Clean all cookies
	8		*/
	9		function clean_cookies()
	10		{
	11		global $_testns;
	12
	13		$path = __DIR__ . '/jars';
	14		if (!file_exists($path))
	15		return;
	16
	17		rg_log('Cleaning cookies...');
	18		$cookie_jar = $path . '/' . $_testns;
	19		@unlink($cookie_jar);
	20		}
	21
	22		/*
	23		* This is called at the begining of all tests
	24		*/
	25		function prepare_http()
	26		{
	27		clean_cookies();
	28		}
	29
6	30	/*	/*
7	31	* Data is an array	* Data is an array
8	32	*/	*/
	33		$http_handles = array();
9	34	function do_req($url, &$data, &$headers)	function do_req($url, &$data, &$headers)
10	35	{	{
11	36	global $test_ua, $test_referer;	global $test_ua, $test_referer;
	37		global $cookie_jar;
	38		global $http_handles;
	39		global $http_client;
	40		global $_testns;
	41
	42		if (!isset($http_client))
	43		$http_client = $_testns;
	44
	45		$path = __DIR__ . '/jars';
	46		if (!file_exists($path))
	47		mkdir($path);
	48		$cookie_jar = $path . '/' . $http_client;
12	49
13	50	if (!is_array($data))	if (!is_array($data))
14	51	$data = array();	$data = array();
15	52
16		$data['rg_debug'] = 1;
17
18	53	if (!is_array($headers)) {	if (!is_array($headers)) {
19	54	rg_log("Headers is not an array, reset it.");	rg_log("Headers is not an array, reset it.");
20	55	$headers = array();	$headers = array();
21	56	}	}
22	57
	58		if (!strstr($url, '?'))
	59		$url .= '?rg_debug=1';
	60		else
	61		$url .= '&rg_debug=1';
	62
23	63	rg_log_ml("do_req url[$url] data=" . print_r($data, TRUE)	rg_log_ml("do_req url[$url] data=" . print_r($data, TRUE)
24	64	. "headers=" . print_r($headers, TRUE));	. "headers=" . print_r($headers, TRUE));
25	65
26		$c = curl_init($url);
27		if (count($data) > 0) {
	66		$c = FALSE;
	67		if (isset($http_handles[$http_client]))
	68		$c = $http_handles[$http_client];
	69		if ($c === FALSE) {
	70		$c = curl_init();
	71		$http_handles[$http_client] = $c;
	72		}
	73
	74		curl_setopt($c, CURLOPT_URL, $url);
	75		if (!empty($data)) {
28	76	curl_setopt($c, CURLOPT_POST, 1);	curl_setopt($c, CURLOPT_POST, 1);
29	77	curl_setopt($c, CURLOPT_POSTFIELDS, $data);	curl_setopt($c, CURLOPT_POSTFIELDS, $data);
30	78	} else {	} else {
31		if (!strstr($url, '?'))
32		$url .= '?rg_debug=1';
33		else
34		$url .= '&rg_debug=1';
	79		curl_setopt($c, CURLOPT_POST, 0);
	80		curl_setopt($c, CURLOPT_POSTFIELDS, '');
35	81	}	}
36	82	curl_setopt($c, CURLOPT_RETURNTRANSFER, TRUE);	curl_setopt($c, CURLOPT_RETURNTRANSFER, TRUE);
37		// We cannot use this because we will not have a
38		// chance to capture the sid.
39		//curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
	83		curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
40	84	curl_setopt($c, CURLOPT_HEADER, 1);	curl_setopt($c, CURLOPT_HEADER, 1);
41	85	curl_setopt($c, CURLOPT_HTTPHEADER, $headers);	curl_setopt($c, CURLOPT_HTTPHEADER, $headers);
42	86	curl_setopt($c, CURLOPT_USERAGENT, $test_ua);	curl_setopt($c, CURLOPT_USERAGENT, $test_ua);

...	...	function do_req($url, &$data, &$headers)
44	88	curl_setopt($c, CURLOPT_CERTINFO, TRUE);	curl_setopt($c, CURLOPT_CERTINFO, TRUE);
45	89	curl_setopt($c, CURLOPT_VERBOSE, TRUE);	curl_setopt($c, CURLOPT_VERBOSE, TRUE);
46	90	curl_setopt($c, CURLOPT_ENCODING , 'gzip');	curl_setopt($c, CURLOPT_ENCODING , 'gzip');
	91		curl_setopt($c, CURLOPT_COOKIEJAR, $cookie_jar);
	92		curl_setopt($c, CURLOPT_COOKIEFILE, $cookie_jar);
47	93
48	94	$err = @fopen('php://temp', 'w');	$err = @fopen('php://temp', 'w');
49	95	if ($err !== FALSE) {	if ($err !== FALSE) {

...	...	function do_req($url, &$data, &$headers)
72	118	$header_size = curl_getinfo($c, CURLINFO_HEADER_SIZE);	$header_size = curl_getinfo($c, CURLINFO_HEADER_SIZE);
73	119	$ret['header'] = substr($r, 0, $header_size);	$ret['header'] = substr($r, 0, $header_size);
74	120	$ret['body'] = substr($r, $header_size);	$ret['body'] = substr($r, $header_size);
75		curl_close($c);
76	121
77	122	// Check for XSS	// Check for XSS
78	123	if (stristr($ret['body'], '<xss>')) {	if (stristr($ret['body'], '<xss>')) {

...	...	function do_req($url, &$data, &$headers)
137	182	if (!isset($t[1])) {	if (!isset($t[1])) {
138	183	rg_log_ml('body: ' . print_r($ret['body'], TRUE));	rg_log_ml('body: ' . print_r($ret['body'], TRUE));
139	184	rg_log_ml('matches: ' . print_r($matches[1], TRUE));	rg_log_ml('matches: ' . print_r($matches[1], TRUE));
140		rg_log('Invalid debug token: ' . $m);
	185		rg_log('Invalid debug token (no prefix): ' . $m);
141	186	exit(1);	exit(1);
142	187	}	}
143	188	$ret['tokens'][$t[1]] = $t[0];	$ret['tokens'][$t[1]] = $t[0];

...	...	function do_req($url, &$data, &$headers)
161	206	rg_log('DEBUG ret[totp_secret]=' . $ret['totp_secret']);	rg_log('DEBUG ret[totp_secret]=' . $ret['totp_secret']);
162	207	}	}
163	208
164		$x = preg_match('/Location: (.*)\s/', $ret['header'], $matches);
165		if ($x === 1) {
166		if (strncmp($url, "http://", 7) == 0)
167		$url = substr($url, 7);
168		$t = explode("/", $url, 2);
169		$new = "http://" . $t[0] . trim($matches[1]);
170		rg_log("Redirecting to $new...");
171		$data = array();
172		if (!empty($ret['sid']))
173		$headers = array("Cookie: sid=" . $ret['sid']);
174		$f = do_req($new, $data, $headers);
175		if (empty($f['sid']))
176		$f['sid'] = $ret['sid'];
177		return $f;
178		}
179
180	209	@rename('http-last.out', 'http-prev.out');	@rename('http-last.out', 'http-prev.out');
181	210	file_put_contents('http-last.out', $ret['body']);	file_put_contents('http-last.out', $ret['body']);
182	211

...	...	function do_req($url, &$data, &$headers)
184	213	}	}
185	214
186	215	/*	/*
187		* Helper function that will do the login and will return the good sid
	216		* Helper function that will do the login
188	217	*/	*/
189		function test_login($url, $rg_ui, &$good_sid)
	218		function test_login($url, $rg_ui)
190	219	{	{
191	220	global $test_ua;	global $test_ua;
192	221
193	222	// First we need to load the form so we can get the token	// First we need to load the form so we can get the token
194		// We provide an old cookie to test if we generate a new pre-login one
195	223	$data = array();	$data = array();
196		$headers = array("Cookie: sid=d978671c2cd12fba05be218bb1653c1ce7bfb947");
197	224	$r = do_req($url . "/op/login", $data, $headers);	$r = do_req($url . "/op/login", $data, $headers);
198	225	if ($r === FALSE) {	if ($r === FALSE) {
199	226	rg_log('Cannot load login form!');	rg_log('Cannot load login form!');
200	227	return FALSE;	return FALSE;
201	228	}	}
202		$good_sid = $r['sid'];
203	229	if (!isset($r['tokens']['login'])) {	if (!isset($r['tokens']['login'])) {
204	230	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));
205	231	rg_log('Login token not returned!');	rg_log('Login token not returned!');
206	232	return FALSE;	return FALSE;
207	233	}	}
208	234	$good_token = $r['tokens']['login'];	$good_token = $r['tokens']['login'];
209		rg_log("good: sid=$good_sid token=$good_token");
210		if (strncmp($good_sid, "X", 1) != 0) {
211		rg_log("Seems we did not get a pre-login session!");
212		return FALSE;
213		}
214	235
215	236	// Now, post login form	// Now, post login form
216	237	rg_log("Do the real login post request");	rg_log("Do the real login post request");

...	...	function test_login($url, $rg_ui, &$good_sid)
221	242	"pass" => $rg_ui['pass'],	"pass" => $rg_ui['pass'],
222	243	"lock_ip" => 1	"lock_ip" => 1
223	244	);	);
224		$headers = array("Cookie: sid=" . $good_sid);
	245		$headers = array();
225	246	$r = do_req($url . "/op/login", $data, $headers);	$r = do_req($url . "/op/login", $data, $headers);
226	247	if ($r === FALSE) {	if ($r === FALSE) {
227	248	rg_log_ml("Cannot login: " . print_r($r, TRUE));	rg_log_ml("Cannot login: " . print_r($r, TRUE));
228	249	return FALSE;	return FALSE;
229	250	}	}
230		$good_sid = $r['sid'];
231		if (empty($good_sid)) {
232		rg_log('Empty good_sid!');
233		return FALSE;
234		}
235	251
236	252	if (strstr($r['body'], "invalid user")) {	if (strstr($r['body'], "invalid user")) {
237	253	rg_log_ml(print_r($r, TRUE));	rg_log_ml(print_r($r, TRUE));

File tests/http_admin.php changed (mode: 100644) (index 76463cd..d20a160)
...	...	$rg_cache_enable = TRUE;
20	20
21	21	$rg_user_max_len = 60;	$rg_user_max_len = 60;
22	22
	23		prepare_http();
	24
23	25	$rg_ui = array('is_admin' => 1);	$rg_ui = array('is_admin' => 1);
24	26	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
25	27

...	...	if ($r === FALSE) {
30	32	rg_log("Cannot load login form.");	rg_log("Cannot load login form.");
31	33	exit(1);	exit(1);
32	34	}	}
33		$good_sid = $r['sid'];
34	35	if (!isset($r['tokens']['login'])) {	if (!isset($r['tokens']['login'])) {
35	36	rg_log_ml('R: ' . print_r($r, TRUE));	rg_log_ml('R: ' . print_r($r, TRUE));
36	37	rg_log('Cannot find login token!');	rg_log('Cannot find login token!');

...	...	if (!isset($r['tokens']['login'])) {
39	40	$good_token = $r['tokens']['login'];	$good_token = $r['tokens']['login'];
40	41
41	42
42		rg_log("Do the login (sid=$good_sid token=$good_token)...");
	43		rg_log("Do the login (token=$good_token)...");
43	44	$data = array(	$data = array(
44	45	"doit" => 1,	"doit" => 1,
45	46	"token" => $good_token,	"token" => $good_token,
46	47	"user" => $rg_ui['username'],	"user" => $rg_ui['username'],
47	48	"pass" => $rg_ui['pass'],	"pass" => $rg_ui['pass'],
48	49	"lock_ip" => 0);	"lock_ip" => 0);
49		$headers = array("Cookie: sid=" . $good_sid);
	50		$headers = array();
50	51	$r = do_req($test_url . "/op/login", $data, $headers);	$r = do_req($test_url . "/op/login", $data, $headers);
51	52	if ($r === FALSE) {	if ($r === FALSE) {
52	53	rg_log_ml("Cannot login: " . print_r($r, TRUE));	rg_log_ml("Cannot login: " . print_r($r, TRUE));

File tests/http_bug.php changed (mode: 100644) (index ee186f6..32c2641)
...	...	require_once("common.php");
18	18	$_testns = 'http_bug';	$_testns = 'http_bug';
19	19	$rg_cache_enable = TRUE;	$rg_cache_enable = TRUE;
20	20
	21		prepare_http();
	22
21	23	rg_test_create_user($db, $u1);	rg_test_create_user($db, $u1);
22	24	rg_test_create_user($db, $u2);	rg_test_create_user($db, $u2);
23	25	rg_test_create_repo($db, $u1, $repo);	rg_test_create_repo($db, $u1, $repo);
24	26
25		$r = test_login($test_url, $u1, $good_sid);
	27		$r = test_login($test_url, $u1);
26	28	if ($r === FALSE)	if ($r === FALSE)
27	29	exit(1);	exit(1);
28	30

...	...	if ($r === FALSE)
30	32	rg_log('');	rg_log('');
31	33	rg_log_enter("Loading bug form...");	rg_log_enter("Loading bug form...");
32	34	$url = "/user/" . $u1['username'] . "/" . $repo['name'] . "/bug/add";	$url = "/user/" . $u1['username'] . "/" . $repo['name'] . "/bug/add";
33		$headers = array("Cookie: sid=" . $good_sid);
	35		$headers = array();
34	36	$data = array();	$data = array();
35	37	$r = do_req($test_url . $url, $data, $headers);	$r = do_req($test_url . $url, $data, $headers);
36	38	if ($r === FALSE) {	if ($r === FALSE) {

...	...	rg_log_exit();
226	228
227	229	rg_log('');	rg_log('');
228	230	rg_log_enter("Test watching a bug - we need to login as a different user");	rg_log_enter("Test watching a bug - we need to login as a different user");
229		$r = test_login($test_url, $u2, $good_sid);
	231		$r = test_login($test_url, $u2);
230	232	if ($r === FALSE)	if ($r === FALSE)
231	233	exit(1);	exit(1);
232		$headers = array("Cookie: sid=" . $good_sid);
	234		$headers = array();
233	235
234	236	// We are already in the watch list because the asignee is automatically added	// We are already in the watch list because the asignee is automatically added
235	237	for ($i = 0; $i <= 1; $i++) {	for ($i = 0; $i <= 1; $i++) {

File tests/http_confirm.php changed (mode: 100644) (index e6fa558..08450e6)
...	...	$rg_cache_enable = TRUE;
19	19	$rg_cache_debug = TRUE;	$rg_cache_debug = TRUE;
20	20	$rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";	$rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";
21	21
	22		prepare_http();
	23
22	24	$uniq = rg_id(10);	$uniq = rg_id(10);
23	25
24	26	rg_log_enter('Loading confirmation form...');	rg_log_enter('Loading confirmation form...');

...	...	if ($r === FALSE) {
28	30	rg_log("Cannot load create_account page!");	rg_log("Cannot load create_account page!");
29	31	exit(1);	exit(1);
30	32	}	}
31		$good_sid = $r['sid'];
32	33	$good_token = $r['tokens']['user_edit_hl'];	$good_token = $r['tokens']['user_edit_hl'];
33	34	rg_log_exit();	rg_log_exit();
34	35

...	...	$data['plan_id'] = 0;
43	44	$data['tos'] = 1;	$data['tos'] = 1;
44	45	$data['force_confirm'] = 1;	$data['force_confirm'] = 1;
45	46	$data['doit'] = 1;	$data['doit'] = 1;
46		$headers = array("Cookie: sid=" . $good_sid);
	47		$headers = array();
47	48	$r = do_req($test_url . '/op/create_account?t=create_account', $data, $headers);	$r = do_req($test_url . '/op/create_account?t=create_account', $data, $headers);
48	49	if (!strstr($r['body'], 'Your account has been successfully created')) {	if (!strstr($r['body'], 'Your account has been successfully created')) {
49	50	rg_log_ml('body: ' . print_r($r['body'], TRUE));	rg_log_ml('body: ' . print_r($r['body'], TRUE));

File tests/http_create_account.php changed (mode: 100644) (index 590c759..a29ab51)
...	...	$rg_sql = "host=localhost user=rocketgit dbname=rocketgit connect_timeout=10";
14	14	$rg_no_db = TRUE;	$rg_no_db = TRUE;
15	15	require_once("common.php");	require_once("common.php");
16	16
	17		$_testns = 'http_create_account';
	18
	19		prepare_http();
	20
17	21	rg_log("Test create account");	rg_log("Test create account");
18	22
19	23	// First we need to load the form so we can get the token	// First we need to load the form so we can get the token

...	...	if ($r === FALSE) {
22	26	rg_log("Cannot load create_account page!");	rg_log("Cannot load create_account page!");
23	27	exit(1);	exit(1);
24	28	}	}
25		$good_sid = $r['sid'];
26	29	$good_token = $r['tokens']['user_edit_hl'];	$good_token = $r['tokens']['user_edit_hl'];
27	30
28	31	$uniq = rg_id(16);	$uniq = rg_id(16);

...	...	$data = array(
41	44	"plan_id" => 9,	"plan_id" => 9,
42	45	"session_time" => 60	"session_time" => 60
43	46	);	);
44		$headers = array("Cookie: sid=" . $good_sid);
	47		$headers = array();
45	48	$r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers);	$r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers);
46	49	if (!strstr($r['body'], "without accepting")) {	if (!strstr($r['body'], "without accepting")) {
47	50	rg_log("Seems we could create an account without accepting ToS. Bad!");	rg_log("Seems we could create an account without accepting ToS. Bad!");

...	...	if (!strstr($r['body'], "without accepting")) {
51	54	rg_log('Adding an account accepting tos...');	rg_log('Adding an account accepting tos...');
52	55	$data['token'] = $r['tokens']['user_edit_hl'];	$data['token'] = $r['tokens']['user_edit_hl'];
53	56	$data['tos'] = 1;	$data['tos'] = 1;
54		$headers = array("Cookie: sid=" . $good_sid);
	57		$headers = array();
55	58	$r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers);	$r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers);
56	59	if (!strstr($r['body'], "Your account has been successfully created")) {	if (!strstr($r['body'], "Your account has been successfully created")) {
57	60	rg_log_ml('body: ' . print_r($r['body'], TRUE));	rg_log_ml('body: ' . print_r($r['body'], TRUE));

...	...	foreach ($data as $k => $v) {
86	89	rg_log("Key $k does not match: row=" . $row[$k] . " data=" . $data[$k]);	rg_log("Key $k does not match: row=" . $row[$k] . " data=" . $data[$k]);
87	90	exit(1);	exit(1);
88	91	}	}
89		rg_log("Key $k matches.");
90	92	}	}
91	93
92	94	rg_log("OK!");	rg_log("OK!");

File tests/http_csrf.php changed (mode: 100644) (index 1c13123..8a07a68)
...	...	require_once("common.php");
20	20	$_testns = 'http_csrf';	$_testns = 'http_csrf';
21	21	$rg_cache_enable = TRUE;	$rg_cache_enable = TRUE;
22	22
	23		prepare_http();
	24
23	25	test_set_ua("user-agent-1");	test_set_ua("user-agent-1");
24	26	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
25		$r = test_login($test_url, $rg_ui, $good_sid);
	27		$r = test_login($test_url, $rg_ui);
26	28	if ($r === FALSE) {	if ($r === FALSE) {
27	29	rg_log("Cannot login!");	rg_log("Cannot login!");
28	30	exit(1);	exit(1);

...	...	rg_log_enter("Loading suggestion form (referer test)");
32	34	test_set_ua("user-agent-1");	test_set_ua("user-agent-1");
33	35	test_set_referer($test_url);	test_set_referer($test_url);
34	36	$data = array();	$data = array();
35		$headers = array("Cookie: sid=" . $good_sid);
	37		$headers = array();
36	38	$r = do_req($test_url . "/op/suggestion?t=load_suggestion_form_referer", $data, $headers);	$r = do_req($test_url . "/op/suggestion?t=load_suggestion_form_referer", $data, $headers);
37	39	if (!stristr($r['body'], "action=\"/op/suggestion\"")) {	if (!stristr($r['body'], "action=\"/op/suggestion\"")) {
38	40	rg_log("Cannot load form! See above.");	rg_log("Cannot load form! See above.");

...	...	$data = array(
50	52	"token" => $good_token,	"token" => $good_token,
51	53	"suggestion" => "bla bla bla"	"suggestion" => "bla bla bla"
52	54	);	);
53		$headers = array("Cookie: sid=" . $good_sid);
	55		$headers = array();
54	56	$r = do_req($test_url . "/op/suggestion?t=post_suggestion_form_diff_referer", $data, $headers);	$r = do_req($test_url . "/op/suggestion?t=post_suggestion_form_diff_referer", $data, $headers);
55	57	if (!stristr($r['body'], "invalid referer")) {	if (!stristr($r['body'], "invalid referer")) {
56	58	rg_log_ml("Seems I could add a suggestion bypassing CSRF"	rg_log_ml("Seems I could add a suggestion bypassing CSRF"

...	...	rg_log_exit();
63	65	rg_log_enter("Testing logout CSRF (wrong token)...");	rg_log_enter("Testing logout CSRF (wrong token)...");
64	66	test_set_ua("user-agent-1");	test_set_ua("user-agent-1");
65	67	test_set_referer($test_url);	test_set_referer($test_url);
66		$headers = array("Cookie: sid=" . $good_sid);
67	68	$data['token'] = strtoupper($good_token);	$data['token'] = strtoupper($good_token);
	69		$headers = array();
68	70	$r = do_req($test_url . "/op/logout?t=wrong_token", $data, $headers);	$r = do_req($test_url . "/op/logout?t=wrong_token", $data, $headers);
69	71	if (stristr($r['body'], "You are now logged out")) {	if (stristr($r['body'], "You are now logged out")) {
70	72	rg_log("No error on logout with wrong token?! See above.");	rg_log("No error on logout with wrong token?! See above.");

...	...	if (stristr($r['body'], "You are now logged out")) {
73	75	rg_log_exit();	rg_log_exit();
74	76
75	77
	78		/* TODO setting cookie does not work!
76	79	rg_log_enter("Testing logout CSRF (token passed in cookie)...");	rg_log_enter("Testing logout CSRF (token passed in cookie)...");
77	80	test_set_ua("user-agent-1");	test_set_ua("user-agent-1");
78	81	test_set_referer($test_url);	test_set_referer($test_url);
79		$headers = array("Cookie: sid=" . $good_sid . "; token=" . $good_logout_token);
	82		$headers = array('Cookie: token=' . $good_logout_token);
80	83	$data = array('doit' => 1);	$data = array('doit' => 1);
81	84	$r = do_req($test_url . "/op/logout?t=token_passed_by_cookie", $data, $headers);	$r = do_req($test_url . "/op/logout?t=token_passed_by_cookie", $data, $headers);
82	85	if (stristr($r['body'], "You are now logged out")) {	if (stristr($r['body'], "You are now logged out")) {

...	...	if (stristr($r['body'], "You are now logged out")) {
84	87	exit(1);	exit(1);
85	88	}	}
86	89	rg_log_exit();	rg_log_exit();
	90		*/
87	91
88	92
89	93	rg_log_enter("Testing logout CSRF (good token)...");	rg_log_enter("Testing logout CSRF (good token)...");
90	94	test_set_ua("user-agent-1");	test_set_ua("user-agent-1");
91	95	$url = $test_url . "/op/logout?t=good_token&token=" . $good_logout_token;	$url = $test_url . "/op/logout?t=good_token&token=" . $good_logout_token;
92		$data = array();
	96		$data = array(); $headers = array();
93	97	$r = do_req($url, $data, $headers);	$r = do_req($url, $data, $headers);
94	98	if (!stristr($r['body'], "You are now logged out")) {	if (!stristr($r['body'], "You are now logged out")) {
95	99	rg_log("Seems I cannot logout with a good token! See above.");	rg_log("Seems I cannot logout with a good token! See above.");

File tests/http_forgot.php changed (mode: 100644) (index 686cf12..43eafb9)
...	...	$rg_cache_debug = TRUE;
25	25
26	26	$rg_user_max_len = 60;	$rg_user_max_len = 60;
27	27
	28		prepare_http();
28	29	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
29	30
30	31
31	32	rg_log('');	rg_log('');
32		rg_log_enter('Loading forgot pass form...');
33		$data = array();
	33		rg_log_enter('Loading forgot_send form...');
	34		$data = array(); $headers = array();
34	35	$r = do_req($test_url . '/op/forgot_send', $data, $headers);	$r = do_req($test_url . '/op/forgot_send', $data, $headers);
35	36	if ($r === FALSE) {	if ($r === FALSE) {
36	37	rg_log("Cannot load forgot pass page!");	rg_log("Cannot load forgot pass page!");
37	38	exit(1);	exit(1);
38	39	}	}
39		rg_log('Posting the forgot pass form...');
	40		rg_log('Posting the forgot_send form...');
40	41	$data = array(	$data = array(
41	42	'email' => $rg_ui['email'],	'email' => $rg_ui['email'],
42	43	'doit' => 1	'doit' => 1
43	44	);	);
	45		$headers = array();
44	46	$r = do_req($test_url . '/op/forgot_send', $data, $headers);	$r = do_req($test_url . '/op/forgot_send', $data, $headers);
45	47	if (!strstr($r['body'], 'your inbox and follow the instructions')) {	if (!strstr($r['body'], 'your inbox and follow the instructions')) {
46	48	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

...	...	rg_log_exit();
64	66
65	67	rg_log('');	rg_log('');
66	68	rg_log_enter('Loading token from mail...');	rg_log_enter('Loading token from mail...');
67		$k = 'DEBUG::0::mail';
68		$c = rg_cache_get($k);
	69		$k = 'DEBUG::0::mail::mail/user/forgot/recover';
	70		$tries = 10;
	71		while ($tries-- > 0) {
	72		$c = rg_cache_get($k);
	73		if ($c !== FALSE)
	74		break;
	75		sleep(1);
	76		}
69	77	if (($c === FALSE) \|\| !isset($c['body'])) {	if (($c === FALSE) \|\| !isset($c['body'])) {
70	78	rg_log_ml(print_r($c, TRUE));	rg_log_ml(print_r($c, TRUE));
71	79	rg_log('No c or no body in c var!');	rg_log('No c or no body in c var!');

...	...	if (strcmp($db_token, $s) != 0) {
87	95	// we add junk because I've seen cases when some junk was appended	// we add junk because I've seen cases when some junk was appended
88	96	$s .= 'junk';	$s .= 'junk';
89	97
90		$data = array();
	98		rg_log('Loading the forgot link form...');
	99		$data = array(); $headers = array();
91	100	$r = do_req($test_url . '/op/forgot_link/' . $s, $data, $headers);	$r = do_req($test_url . '/op/forgot_link/' . $s, $data, $headers);
92	101	if ($r === FALSE) {	if ($r === FALSE) {
93	102	rg_log("Cannot load forgot_link page!");	rg_log("Cannot load forgot_link page!");

...	...	$data = array(
103	112	'lock_ip' => 1,	'lock_ip' => 1,
104	113	'doit' => 1	'doit' => 1
105	114	);	);
	115		$headers = array();
106	116	$r = do_req($test_url . '/op/forgot_link', $data, $headers);	$r = do_req($test_url . '/op/forgot_link', $data, $headers);
107	117	if (!strstr($r['body'], 'Home page of user')) {	if (!strstr($r['body'], 'Home page of user')) {
108	118	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));
109		rg_log('Cannot post forgot link form!');
	119		rg_log('Cannot post forgot link form'
	120		. ' ("Home page of user" string not found)!');
110	121	exit(1);	exit(1);
111	122	}	}
112	123	$sql = 'SELECT salt, pass FROM users WHERE uid = ' . $rg_ui['uid'];	$sql = 'SELECT salt, pass FROM users WHERE uid = ' . $rg_ui['uid'];

File tests/http_keys.php changed (mode: 100644) (index fc51b0a..e0a9a9a)
...	...	$_testns = 'http_keys';
21	21	$rg_cache_enable = TRUE;	$rg_cache_enable = TRUE;
22	22	$rg_cache_debug = TRUE;	$rg_cache_debug = TRUE;
23	23
	24		prepare_http();
	25
24	26	$rg_ui = array('is_admin' => 1);	$rg_ui = array('is_admin' => 1);
25	27	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
26		test_login($test_url, $rg_ui, $good_sid);
	28		test_login($test_url, $rg_ui);
27	29
28	30
29	31	rg_log('');	rg_log('');
30	32	rg_log_enter('Loading Admin -> Settings -> SSH...');	rg_log_enter('Loading Admin -> Settings -> SSH...');
31	33	$data = array();	$data = array();
32		$headers = array("Cookie: sid=" . $good_sid);
	34		$headers = array();
33	35	$r = do_req($test_url . '/op/admin/settings/ssh', $data, $headers);	$r = do_req($test_url . '/op/admin/settings/ssh', $data, $headers);
34	36	if ($r === FALSE) {	if ($r === FALSE) {
35	37	rg_log("Cannot load page!");	rg_log("Cannot load page!");

...	...	if ($r === FALSE) {
37	39	}	}
38	40	if (!isset($r['tokens']['admin_settings_ssh'])) {	if (!isset($r['tokens']['admin_settings_ssh'])) {
39	41	rg_log_ml('r:' . print_r($r, TRUE));	rg_log_ml('r:' . print_r($r, TRUE));
40		rg_log("No token?!");
	42		rg_log("No 'admin_settings_ssh' token?!");
41	43	exit(1);	exit(1);
42	44	}	}
43	45	$token = $r['tokens']['admin_settings_ssh'];	$token = $r['tokens']['admin_settings_ssh'];

File tests/http_login.php changed (mode: 100644) (index 2d74e60..ed98c6c)
...	...	require_once("common.php");
18	18	$_testns = 'http_login';	$_testns = 'http_login';
19	19	$rg_cache_enable = TRUE;	$rg_cache_enable = TRUE;
20	20
	21		prepare_http();
	22
21	23	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
22	24
	25		$good_guy = $_testns . '-good';
	26		$bad_guy = $_testns . '-bad';
	27
23	28	rg_log("Test login operation");	rg_log("Test login operation");
24	29	// First we need to load the form so we can get the token	// First we need to load the form so we can get the token
25		// We provide an old cookie to test if we generate a new pre-login one
	30		// We provide junk cookies to test if we generate a new pre-login one
26	31	$data = array();	$data = array();
27		$headers = array("Cookie: sid=d978671c2cd12fba05be218bb1653c1ce7bfb947");
	32		$headers = array();
	33		$http_client = $good_guy;
28	34	$r = do_req($test_url . "/op/login", $data, $headers);	$r = do_req($test_url . "/op/login", $data, $headers);
29	35	if ($r === FALSE) {	if ($r === FALSE) {
30	36	rg_log("Cannot load login form.");	rg_log("Cannot load login form.");

...	...	if ($r === FALSE) {
32	38	}	}
33	39	$good_sid = $r['sid'];	$good_sid = $r['sid'];
34	40	$good_token = $r['tokens']['login'];	$good_token = $r['tokens']['login'];
35		rg_log("good: sid=$good_sid token=$good_token");
36		if (strncmp($good_sid, "X", 1) != 0) {
37		rg_log("Seems we did not get a pre-login session!");
	41		rg_log("good: token=$good_token");
	42		if (strncmp($r['sid'], 'X', 1) != 0) {
	43		rg_log('Seems we did not get a pre-login session!');
38	44	exit(1);	exit(1);
39	45	}	}
40	46
41	47
42		rg_log("Sending wrong token, because bad guy cannot control it");
43		// we need a valid token, so we do a new request
	48		// we need a valid token of the attacker, so we do a new request
44	49	$data = array();	$data = array();
45	50	$headers = array();	$headers = array();
	51		$http_client = $bad_guy;
46	52	$r = do_req($test_url . "/op/login", $data, $headers);	$r = do_req($test_url . "/op/login", $data, $headers);
47	53	if ($r === FALSE) {	if ($r === FALSE) {
48	54	rg_log("Cannot load login form.");	rg_log("Cannot load login form.");
49	55	exit(1);	exit(1);
50	56	}	}
51		//rg_log_ml("After loading attacker login form, r: " . print_r($r, TRUE));
52		$bad_sid = $r['sid'];
53	57	$bad_token = $r['tokens']['login'];	$bad_token = $r['tokens']['login'];
54		rg_log("bad: sid=$bad_sid token=$bad_token");
	58		rg_log("bad_token=$bad_token");
55	59
56		rg_log("Now we can attack, we use attacker token but user cookie...");
	60		rg_log("Now we can attack, we use attacker token but good cookie...");
	61		rg_log("Sending wrong token, because bad guy cannot control it");
57	62	$data = array(	$data = array(
58	63	"doit" => 1,	"doit" => 1,
59	64	"token" => $bad_token,	"token" => $bad_token,

...	...	$data = array(
61	66	"pass" => $rg_ui['pass'],	"pass" => $rg_ui['pass'],
62	67	"lock_ip" => 1	"lock_ip" => 1
63	68	);	);
64		$headers = array("Cookie: sid=" . $good_sid);
	69		$headers = array();
	70		$http_client = $good_guy;
65	71	$r = do_req($test_url . "/op/login?t=bad_token_good_sid", $data, $headers);	$r = do_req($test_url . "/op/login?t=bad_token_good_sid", $data, $headers);
66	72	if ($r === FALSE) {	if ($r === FALSE) {
67	73	rg_log_ml(print_r($r, TRUE));	rg_log_ml(print_r($r, TRUE));

...	...	if (!strstr($r['body'], "invalid token")) {
74	80	exit(1);	exit(1);
75	81	}	}
76	82
77		rg_log("Do the real login post request");
	83		rg_log("Do the good login post request");
78	84	$data = array(	$data = array(
79	85	"doit" => 1,	"doit" => 1,
80	86	"token" => $good_token,	"token" => $good_token,

...	...	$data = array(
82	88	"pass" => $rg_ui['pass'],	"pass" => $rg_ui['pass'],
83	89	"lock_ip" => 1	"lock_ip" => 1
84	90	);	);
85		$headers = array("Cookie: sid=" . $good_sid);
	91		$headers = array();
	92		$http_client = $good_guy;
86	93	$r = do_req($test_url . "/op/login?t=good_sid_good_token", $data, $headers);	$r = do_req($test_url . "/op/login?t=good_sid_good_token", $data, $headers);
87	94	if ($r === FALSE) {	if ($r === FALSE) {
88	95	rg_log_ml("Cannot login: " . print_r($r, TRUE));	rg_log_ml("Cannot login: " . print_r($r, TRUE));

...	...	if (strstr($r['body'], "invalid user")) {
95	102	}	}
96	103
97	104	rg_log("Check what happens if we are logged in and want to login again");	rg_log("Check what happens if we are logged in and want to login again");
98		$r = test_login($test_url, $rg_ui, $good_sid);
	105		$r = test_login($test_url, $rg_ui);
99	106	if ($r === FALSE) {	if ($r === FALSE) {
100	107	rg_log_ml(print_r($r, TRUE));	rg_log_ml(print_r($r, TRUE));
101	108	rg_log("Seems we cannot login again if we are already logged in!");	rg_log("Seems we cannot login again if we are already logged in!");

File tests/http_settings.php changed (mode: 100644) (index e4aae6e..c9f3806)
...	...	require_once("common.php");
20	20	$_testns = 'http_settings';	$_testns = 'http_settings';
21	21	$rg_cache_enable = TRUE;	$rg_cache_enable = TRUE;
22	22
	23		prepare_http();
	24
23	25	$now = time();	$now = time();
24	26
25	27	rg_log("Testing if caching works: cache_enable=" . ($rg_cache_enable ? "true" : "false"));	rg_log("Testing if caching works: cache_enable=" . ($rg_cache_enable ? "true" : "false"));

...	...	if ($r !== FALSE) {
41	43	test_restore($db);	test_restore($db);
42	44
43	45	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
44		$r = test_login($test_url, $rg_ui, $good_sid);
	46		$r = test_login($test_url, $rg_ui);
45	47	if ($r === FALSE) {	if ($r === FALSE) {
46	48	rg_log("Cannot login!");	rg_log("Cannot login!");
47	49	exit(1);	exit(1);

...	...	if ($r === FALSE) {
50	52	rg_log('');	rg_log('');
51	53	rg_log("Loading change pass form");	rg_log("Loading change pass form");
52	54	$data = array();	$data = array();
53		$headers = array("Cookie: sid=" . $good_sid);
	55		$headers = array();
54	56	$r = do_req($test_url . "/op/settings/change_pass?t=load_change_pass_form", $data, $headers);	$r = do_req($test_url . "/op/settings/change_pass?t=load_change_pass_form", $data, $headers);
55	57	if (!strstr($r['body'], "action=\"/op/settings/change_pass\"")) {	if (!strstr($r['body'], "action=\"/op/settings/change_pass\"")) {
56	58	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

...	...	$data = array(
68	70	"pass1" => "bbbb",	"pass1" => "bbbb",
69	71	"pass2" => "bbbb"	"pass2" => "bbbb"
70	72	);	);
71		$headers = array("Cookie: sid=" . $good_sid);
	73		$headers = array();
72	74	$r = do_req($test_url . "/op/settings/change_pass?t=post_change_pass_form", $data, $headers);	$r = do_req($test_url . "/op/settings/change_pass?t=post_change_pass_form", $data, $headers);
73	75	if (!strstr($r['body'], "Password has been successfully updated")) {	if (!strstr($r['body'], "Password has been successfully updated")) {
74	76	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

...	...	if (!strstr($r['body'], "Password has been successfully updated")) {
79	81
80	82	rg_log('');	rg_log('');
81	83	rg_log("Now, try to login with the old password");	rg_log("Now, try to login with the old password");
82		$r2 = test_login($test_url, $rg_ui, $junk);
	84		$r2 = test_login($test_url, $rg_ui);
83	85	if ($r2 !== FALSE) {	if ($r2 !== FALSE) {
84	86	rg_log("Seems we were able to login with the old password!");	rg_log("Seems we were able to login with the old password!");
85	87	exit(1);	exit(1);

...	...	if ($r2 !== FALSE) {
90	92	rg_log('');	rg_log('');
91	93	rg_log("Change back the password");	rg_log("Change back the password");
92	94	$data = array();	$data = array();
93		$headers = array("Cookie: sid=" . $good_sid);
	95		$headers = array();
94	96	$r = do_req($test_url . "/op/settings/change_pass?t=load_change_pass_form", $data, $headers);	$r = do_req($test_url . "/op/settings/change_pass?t=load_change_pass_form", $data, $headers);
95	97	if (!strstr($r['body'], "action=\"/op/settings/change_pass\"")) {	if (!strstr($r['body'], "action=\"/op/settings/change_pass\"")) {
96	98	rg_log("Cannot load change pass form!");	rg_log("Cannot load change pass form!");

...	...	$data = array(
104	106	"pass1" => $rg_ui['pass'],	"pass1" => $rg_ui['pass'],
105	107	"pass2" => $rg_ui['pass']	"pass2" => $rg_ui['pass']
106	108	);	);
107		$headers = array("Cookie: sid=" . $good_sid);
	109		$headers = array();
108	110	$r = do_req($test_url . "/op/settings/change_pass?t=change_back_the_password", $data, $headers);	$r = do_req($test_url . "/op/settings/change_pass?t=change_back_the_password", $data, $headers);
109	111	if ($r === FALSE) {	if ($r === FALSE) {
110	112	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

...	...	rg_log("Testing edit info section");
119	121	rg_log('');	rg_log('');
120	122	rg_log("Loading edit info form");	rg_log("Loading edit info form");
121	123	$data = array();	$data = array();
122		$headers = array("Cookie: sid=" . $good_sid);
	124		$headers = array();
123	125	$r = do_req($test_url . "/op/settings/edit_info?t=load_edit_info_form", $data, $headers);	$r = do_req($test_url . "/op/settings/edit_info?t=load_edit_info_form", $data, $headers);
124	126	if ($r === FALSE) {	if ($r === FALSE) {
125	127	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

...	...	$data = array(
139	141	"plan_id" => 5,	"plan_id" => 5,
140	142	"session_time" => $session_time	"session_time" => $session_time
141	143	);	);
142		$headers = array("Cookie: sid=" . $good_sid);
	144		$headers = array();
143	145	$r = do_req($test_url . "/op/settings/edit_info?t=post_edit_info_form", $data, $headers);	$r = do_req($test_url . "/op/settings/edit_info?t=post_edit_info_form", $data, $headers);
144	146	if (!strstr($r['body'], "Information has been successfully updated")) {	if (!strstr($r['body'], "Information has been successfully updated")) {
145	147	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

...	...	if ($row['session_time'] != $session_time) {
172	174
173	175	rg_log('');	rg_log('');
174	176	rg_log("Testing SSH keys");	rg_log("Testing SSH keys");
175		$key = rg_test_upload_ssh_key($db, $rg_ui, "http_settings", $good_sid);
	177		$key = rg_test_upload_ssh_key($db, $rg_ui, 'http_settings');
176	178	$key = trim($key);	$key = trim($key);
177	179	// the key upload stuff will change < and > to empty.	// the key upload stuff will change < and > to empty.
178	180	$sql = "SELECT * FROM keys WHERE key = '" . $key . "'";	$sql = "SELECT * FROM keys WHERE key = '" . $key . "'";

...	...	rg_log('');
192	194	rg_log("Now, testing deletion: key_id=$key_id");	rg_log("Now, testing deletion: key_id=$key_id");
193	195	rg_log("Loading ssh keys form");	rg_log("Loading ssh keys form");
194	196	$data = array();	$data = array();
195		$headers = array("Cookie: sid=" . $good_sid);
	197		$headers = array();
196	198	$r = do_req($test_url . "/op/settings/keys?t=load_key_form_del", $data, $headers);	$r = do_req($test_url . "/op/settings/keys?t=load_key_form_del", $data, $headers);
197	199	if ($r === FALSE) {	if ($r === FALSE) {
198	200	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

...	...	if ($r === FALSE) {
201	203	}	}
202	204	rg_log("Posting delete keys form");	rg_log("Posting delete keys form");
203	205	$data = array("delete" => 1, "token" => $r['tokens']['keys'], "key_delete_ids[$key_id]" => "on");	$data = array("delete" => 1, "token" => $r['tokens']['keys'], "key_delete_ids[$key_id]" => "on");
204		$headers = array("Cookie: sid=" . $good_sid);
	206		$headers = array();
205	207	$r = do_req($test_url . "/op/settings/keys?t=post_key_form_del", $data, $headers);	$r = do_req($test_url . "/op/settings/keys?t=post_key_form_del", $data, $headers);
206	208	if (!strstr($r['body'], "success")) {	if (!strstr($r['body'], "success")) {
207	209	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

File tests/http_top.php changed (mode: 100644) (index a8b25e1..763891b)
...	...	require_once("common.php");
20	20	$_testns = 'http_top';	$_testns = 'http_top';
21	21	$rg_cache_enable = TRUE;	$rg_cache_enable = TRUE;
22	22
	23		prepare_http();
	24
23	25	// TODO: donate has some problems with input + border (tidy)!	// TODO: donate has some problems with input + border (tidy)!
24	26	$_list = array("features", "discover", "download", "pricing", "tos",	$_list = array("features", "discover", "download", "pricing", "tos",
25	27	"create_account", "login");	"create_account", "login");

File tests/http_totp.php changed (mode: 100644) (index e8a753d..0f3e0b2)
...	...	$rg_cache_debug = TRUE;
25	25
26	26	$rg_user_max_len = 60;	$rg_user_max_len = 60;
27	27
	28		prepare_http();
	29
28	30	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
29	31
30	32	// Add an totp token to this account	// Add an totp token to this account

...	...	if ($r === FALSE) {
48	50	rg_log("Cannot load login form.");	rg_log("Cannot load login form.");
49	51	exit(1);	exit(1);
50	52	}	}
51		$good_sid = $r['sid'];
52	53	$good_token = $r['tokens']['login'];	$good_token = $r['tokens']['login'];
53	54	rg_log_exit();	rg_log_exit();
54	55
55	56
56	57	rg_log('');	rg_log('');
57		rg_log_enter("Do the login without login token (sid=$good_sid token=$good_token)...");
	58		rg_log_enter("Do the login without login token (token=$good_token)...");
58	59	$data = array(	$data = array(
59	60	"doit" => 1,	"doit" => 1,
60	61	"token" => $good_token,	"token" => $good_token,

...	...	$data = array(
62	63	"pass" => $rg_ui['pass'],	"pass" => $rg_ui['pass'],
63	64	"login_token" => '',	"login_token" => '',
64	65	"lock_ip" => 0);	"lock_ip" => 0);
65		$headers = array("Cookie: sid=" . $good_sid);
	66		$headers = array();
66	67	$r = do_req($test_url . "/op/login", $data, $headers);	$r = do_req($test_url . "/op/login", $data, $headers);
67	68	if ($r === FALSE) {	if ($r === FALSE) {
68	69	rg_log_ml('r=' . print_r($r, TRUE));	rg_log_ml('r=' . print_r($r, TRUE));

...	...	rg_log_exit();
79	80
80	81
81	82	rg_log('');	rg_log('');
82		rg_log_enter("Do the login (sid=$good_sid token=$good_token"
83		. " login_token=$lt)...");
	83		rg_log_enter("Do the login (token=$good_token login_token=$lt)...");
84	84	$data = array(	$data = array(
85	85	"doit" => 1,	"doit" => 1,
86	86	"token" => $good_token,	"token" => $good_token,

...	...	$data = array(
88	88	"pass" => $rg_ui['pass'],	"pass" => $rg_ui['pass'],
89	89	"login_token" => $lt,	"login_token" => $lt,
90	90	"lock_ip" => 0);	"lock_ip" => 0);
91		$headers = array("Cookie: sid=" . $good_sid);
	91		$headers = array();
92	92	$r = do_req($test_url . "/op/login", $data, $headers);	$r = do_req($test_url . "/op/login", $data, $headers);
93	93	if ($r === FALSE) {	if ($r === FALSE) {
94	94	rg_log_ml('r=' . print_r($r, TRUE));	rg_log_ml('r=' . print_r($r, TRUE));

...	...	if (strstr($r['body'], "invalid user")) {
100	100	rg_log("Login invalid!");	rg_log("Login invalid!");
101	101	exit(1);	exit(1);
102	102	}	}
103		$good_sid = $r['sid'];
104	103	rg_log_exit();	rg_log_exit();
105	104
106	105

...	...	rg_log('');
108	107	rg_log_enter('Testing device enrollment...');	rg_log_enter('Testing device enrollment...');
109	108	rg_log('Loading enroll form...');	rg_log('Loading enroll form...');
110	109	$data = array();	$data = array();
111		$headers = array("Cookie: sid=" . $good_sid);
	110		$headers = array();
112	111	$r = do_req($test_url . "/op/settings/totp/enroll", $data, $headers);	$r = do_req($test_url . "/op/settings/totp/enroll", $data, $headers);
113	112	if ($r === FALSE) {	if ($r === FALSE) {
114	113	rg_log("Cannot load enroll page!");	rg_log("Cannot load enroll page!");

...	...	$data = array(
129	128	'totp::secret' => $key,	'totp::secret' => $key,
130	129	'totp::ver' => rg_totp_compute($key, time() / 30, 6)	'totp::ver' => rg_totp_compute($key, time() / 30, 6)
131	130	);	);
132		$headers = array("Cookie: sid=" . $good_sid);
	131		$headers = array();
133	132	$r = do_req($test_url . "/op/settings/totp/enroll", $data, $headers);	$r = do_req($test_url . "/op/settings/totp/enroll", $data, $headers);
134	133	if (!strstr($r['body'], 'You enrolled your new device with success')) {	if (!strstr($r['body'], 'You enrolled your new device with success')) {
135	134	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

...	...	rg_log_exit();
149	148
150	149	rg_log('');	rg_log('');
151	150	rg_log_enter('Testing the deletion of scratch codes');	rg_log_enter('Testing the deletion of scratch codes');
152		$sc1 = rg_test_sc_generate($db, $rg_ui, $good_sid);
	151		$sc1 = rg_test_sc_generate($db, $rg_ui);
153	152	sleep(1); // to not have the same itime	sleep(1); // to not have the same itime
154		$sc2 = rg_test_sc_generate($db, $rg_ui, $good_sid);
	153		$sc2 = rg_test_sc_generate($db, $rg_ui);
155	154	$sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid'];	$sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid'];
156	155	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);
157	156	$list = array();	$list = array();

...	...	while (($row = rg_sql_fetch_array($res))) {
161	160	rg_sql_free_result($res);	rg_sql_free_result($res);
162	161	rg_log_ml('list=' . print_r($list, TRUE));	rg_log_ml('list=' . print_r($list, TRUE));
163	162
164		$headers = array("Cookie: sid=" . $good_sid);
	163		$headers = array();
165	164	$r = do_req($test_url . "/op/settings/totp/sc", $data, $headers);	$r = do_req($test_url . "/op/settings/totp/sc", $data, $headers);
166	165	if ($r === FALSE) {	if ($r === FALSE) {
167	166	rg_log("Cannot load sc page!");	rg_log("Cannot load sc page!");

...	...	$data = array(
175	174	'delete_list[' . $list[0] . ']' => 'on',	'delete_list[' . $list[0] . ']' => 'on',
176	175	'delete_list[' . $list[1] . ']' => 'on'	'delete_list[' . $list[1] . ']' => 'on'
177	176	);	);
178		$headers = array("Cookie: sid=" . $good_sid);
	177		$headers = array();
179	178	$r = do_req($test_url . "/op/settings/totp/sc", $data, $headers);	$r = do_req($test_url . "/op/settings/totp/sc", $data, $headers);
180	179	if (!strstr($r['body'], 'success')) {	if (!strstr($r['body'], 'success')) {
181	180	rg_log("Cannot delete scratch codes!");	rg_log("Cannot delete scratch codes!");

...	...	$good_token = $r['tokens']['login_tokens_list'];
238	237	$data = array( 'delete' => 1, 'token' => $good_token);	$data = array( 'delete' => 1, 'token' => $good_token);
239	238	foreach ($list as $id)	foreach ($list as $id)
240	239	$data['delete_list[' . $id . ']'] = 'on';	$data['delete_list[' . $id . ']'] = 'on';
241		$headers = array("Cookie: sid=" . $good_sid);
	240		$headers = array();
242	241	$r = do_req($test_url . "/op/settings/totp/list", $data, $headers);	$r = do_req($test_url . "/op/settings/totp/list", $data, $headers);
243	242	if (!strstr($r['body'], 'success')) {	if (!strstr($r['body'], 'success')) {
244	243	rg_log("Cannot delete login tokens!");	rg_log("Cannot delete login tokens!");

File tests/pr_anon.php changed (mode: 100644) (index 488524d..9fb00f8)
...	...	$rg_cache_enable = TRUE;
23	23	$rg_cache_debug = TRUE;	$rg_cache_debug = TRUE;
24	24	$rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";	$rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";
25	25
	26		prepare_http();
26	27
27	28	rg_log('');	rg_log('');
28	29	rg_log_enter('Creating user...');	rg_log_enter('Creating user...');

...	...	rg_log_exit();
32	33
33	34	rg_log('');	rg_log('');
34	35	rg_log_enter('Login...');	rg_log_enter('Login...');
35		$r = test_login($test_url, $rg_ui, $good_sid);
	36		$r = test_login($test_url, $rg_ui);
36	37	if ($r === FALSE) {	if ($r === FALSE) {
37	38	rg_log("Cannot login!");	rg_log("Cannot login!");
38	39	exit(1);	exit(1);

...	...	rg_log_exit();
42	43
43	44	rg_log('');	rg_log('');
44	45	rg_log_enter('Creating and upload a ssh key...');	rg_log_enter('Creating and upload a ssh key...');
45		rg_test_upload_ssh_key($db, $rg_ui, 'pr_anon', $good_sid);
	46		rg_test_upload_ssh_key($db, $rg_ui, 'pr_anon');
46	47	rg_log_exit();	rg_log_exit();
47	48
48	49

...	...	rg_log_exit();
145	146	rg_log('');	rg_log('');
146	147	rg_log_enter('Loading the merge requests page - just to see it appears there');	rg_log_enter('Loading the merge requests page - just to see it appears there');
147	148	$data = array();	$data = array();
148		$headers = array("Cookie: sid=" . $good_sid);
	149		$headers = array();
149	150	$r = do_req($test_url . '/user/' . $rg_ui['username']	$r = do_req($test_url . '/user/' . $rg_ui['username']
150	151	. '/' . $repo['name'] . '/mr?t=pr_anon', $data, $headers);	. '/' . $repo['name'] . '/mr?t=pr_anon', $data, $headers);
151	152	if (!strstr($r['body'], '>' . $mri['id'] . '<')) {	if (!strstr($r['body'], '>' . $mri['id'] . '<')) {

...	...	rg_log_exit();
159	160	rg_log('');	rg_log('');
160	161	rg_log_enter('Loading the merge request specific page');	rg_log_enter('Loading the merge request specific page');
161	162	$data = array();	$data = array();
162		$headers = array("Cookie: sid=" . $good_sid);
	163		$headers = array();
163	164	$r = do_req($test_url . $url . $mri['id'] . '?t=pr_anon', $data, $headers);	$r = do_req($test_url . $url . $mri['id'] . '?t=pr_anon', $data, $headers);
164	165	if (!strstr($r['body'], 'This pull request can be merged without conflicts')) {	if (!strstr($r['body'], 'This pull request can be merged without conflicts')) {
165	166	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

...	...	if ($r['ok'] != 1) {
225	226	}	}
226	227	$mri = rg_test_mr_in_db($db, $repo['repo_id']);	$mri = rg_test_mr_in_db($db, $repo['repo_id']);
227	228	$data = array();	$data = array();
228		$headers = array("Cookie: sid=" . $good_sid);
	229		$headers = array();
229	230	$r = do_req($test_url . $url . $mri['id'] . '?t=pr_anon', $data, $headers);	$r = do_req($test_url . $url . $mri['id'] . '?t=pr_anon', $data, $headers);
230	231	if (!strstr($r['body'], 'This pull request cannot be merged without conflicts')) {	if (!strstr($r['body'], 'This pull request cannot be merged without conflicts')) {
231	232	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

...	...	rg_log_exit();
238	239	rg_log('');	rg_log('');
239	240	rg_log_enter('Loading conflicts page...');	rg_log_enter('Loading conflicts page...');
240	241	$data = array();	$data = array();
241		$headers = array("Cookie: sid=" . $good_sid);
	242		$headers = array();
242	243	$r = do_req($test_url . $url . $mri['id'] . '?t=pr_anon', $data, $headers);	$r = do_req($test_url . $url . $mri['id'] . '?t=pr_anon', $data, $headers);
243	244	if (!strstr($r['body'], 'Conflicts:')) {	if (!strstr($r['body'], 'Conflicts:')) {
244	245	rg_log_ml('r: ' . print_r($r, TRUE));	rg_log_ml('r: ' . print_r($r, TRUE));

File tests/source.php changed (mode: 100644) (index 103ac97..1075894)
...	...	require_once("common.php");
18	18	$_testns = 'source';	$_testns = 'source';
19	19	$rg_cache_enable = TRUE;	$rg_cache_enable = TRUE;
20	20
	21		prepare_http();
21	22
22	23	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
23	24	rg_log('Created user ' . $rg_ui['uid']);	rg_log('Created user ' . $rg_ui['uid']);
24	25	rg_test_create_repo($db, $rg_ui, $repo);	rg_test_create_repo($db, $rg_ui, $repo);
25	26	rg_log('Created repo ' . $repo['repo_id']);	rg_log('Created repo ' . $repo['repo_id']);
26		$r = test_login($test_url, $rg_ui, $good_sid);
	27		$r = test_login($test_url, $rg_ui);
27	28	if ($r === FALSE) {	if ($r === FALSE) {
28	29	rg_log("Cannot login!");	rg_log("Cannot login!");
29	30	exit(1);	exit(1);

...	...	if ($r === FALSE) {
32	33
33	34	rg_log('');	rg_log('');
34	35	rg_log_enter('Uploading a key...');	rg_log_enter('Uploading a key...');
35		rg_test_upload_ssh_key($db, $rg_ui, 'source', $good_sid);
	36		rg_test_upload_ssh_key($db, $rg_ui, 'source');
36	37	rg_log_exit();	rg_log_exit();
37	38
38	39

...	...	if ($r['ok'] != 1) {
55	56	exit(1);	exit(1);
56	57	}	}
57	58	$data = array();	$data = array();
58		$headers = array("Cookie: sid=" . $good_sid);
	59		$headers = array();
59	60	rg_log('Check "log" menu...');	rg_log('Check "log" menu...');
60	61	$r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])	$r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])
61	62	. '/' . rawurlencode($repo['name']) . '/source/log',	. '/' . rawurlencode($repo['name']) . '/source/log',

File tests/ssh.php changed (mode: 100644) (index ec2a99a..5f90361)
...	...	$rg_cache_enable = TRUE;
20	20	$rg_cache_debug = TRUE;	$rg_cache_debug = TRUE;
21	21	$rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";	$rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";
22	22
	23		prepare_http();
	24
23	25	// This test makes sense only on my devel machine	// This test makes sense only on my devel machine
24	26	if (php_uname("n") != "r1.embedromix.ro") {	if (php_uname("n") != "r1.embedromix.ro") {
	27		// TODO: start a sshd daemon?
25	28	rg_log("OK!");	rg_log("OK!");
26	29	exit(0);	exit(0);
27	30	}	}

...	...	if (php_uname("n") != "r1.embedromix.ro") {
30	33	rg_log("Creating a user...");	rg_log("Creating a user...");
31	34	rg_test_create_user($db, $rg_ui);	rg_test_create_user($db, $rg_ui);
32	35	rg_test_create_repo($db, $rg_ui, $repo);	rg_test_create_repo($db, $rg_ui, $repo);
33		$r = test_login($test_url, $rg_ui, $good_sid);
	36		$r = test_login($test_url, $rg_ui);
34	37	if ($r === FALSE) {	if ($r === FALSE) {
35	38	rg_log("Cannot login!");	rg_log("Cannot login!");
36	39	exit(1);	exit(1);
37	40	}	}
38	41
39		$cmd = "ssh -i keys/" . $rg_ui['uid'] . " rocketgit@rg" . " -p 2222";
	42		$cmd = 'ssh -i keys/' . $rg_ui['uid'] . ' rocketgit@' . $rg_ssh_host
	43		. ' -p ' . $rg_ssh_port;
40	44
41		rg_test_upload_ssh_key($db, $rg_ui, $rg_ui['uid'], $good_sid);
	45		rg_test_upload_ssh_key($db, $rg_ui, $rg_ui['uid']);
42	46
43	47	rg_log('');	rg_log('');
44	48	$list = array('', 'status', 'repos', 'repo', 'totp');	$list = array('', 'status', 'repos', 'repo', 'totp');

...	...	if (!strstr($r['data'], 'Success!')) {
201	205	}	}
202	206
203	207
204		$sc = rg_test_sc_generate($db, $rg_ui, $good_sid);
	208		$sc = rg_test_sc_generate($db, $rg_ui);
205	209	$sql = "UPDATE scratch_codes SET sc = '0' \|\| substring(sc from 1 for 7)"	$sql = "UPDATE scratch_codes SET sc = '0' \|\| substring(sc from 1 for 7)"
206	210	. " WHERE uid = " . $rg_ui['uid'];	. " WHERE uid = " . $rg_ui['uid'];
207	211	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);

...	...	if (strstr($r['data'], 'Success!')) {
244	248	}	}
245	249
246	250
247		$sc = rg_test_sc_generate($db, $rg_ui, $good_sid);
	251		$sc = rg_test_sc_generate($db, $rg_ui);
248	252
249	253
250	254	rg_log('');	rg_log('');

File tests/wh_cloud.php changed (mode: 100644) (index a84f27b..478ce80)
...	...	$rg_cache_enable = TRUE;
20	20	$rg_cache_debug = TRUE;	$rg_cache_debug = TRUE;
21	21	$rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";	$rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";
22	22
	23		prepare_http();
	24
23	25	$home = getenv('HOME');	$home = getenv('HOME');
24	26	if (!file_exists($home . '/.aws/conf.php')) {	if (!file_exists($home . '/.aws/conf.php')) {
25	27	rg_log('no ~/.aws.conf.php file!');	rg_log('no ~/.aws.conf.php file!');

...	...	rg_test_create_user($db, $rg_ui);
37	39
38	40	rg_log('');	rg_log('');
39	41	rg_log_enter('Login...');	rg_log_enter('Login...');
40		$r = test_login($test_url, $rg_ui, $good_sid);
	42		$r = test_login($test_url, $rg_ui);
41	43	if ($r === FALSE) {	if ($r === FALSE) {
42	44	rg_log("Cannot login!");	rg_log("Cannot login!");
43	45	exit(1);	exit(1);

...	...	$extra = array(
64	66	'##repo##-##branch##-##hook_id##'	'##repo##-##branch##-##hook_id##'
65	67	. '-##commit##-##date##-##time##-##ip##-##timestamp##.zip'	. '-##commit##-##date##-##time##-##ip##-##timestamp##.zip'
66	68	);	);
67		rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'cloud', $extra);
	69		rg_test_wh_add_edit($db, $rg_ui, 'cloud', $extra);
68	70	rg_log_exit();	rg_log_exit();
69	71
70	72

...	...	rg_log_exit();
93	95
94	96	rg_log('');	rg_log('');
95	97	rg_log_enter('Creating and upload a ssh key...');	rg_log_enter('Creating and upload a ssh key...');
96		rg_test_upload_ssh_key($db, $rg_ui, "wh_cloud", $good_sid);
	98		rg_test_upload_ssh_key($db, $rg_ui, 'wh_cloud');
97	99	rg_log_exit();	rg_log_exit();
98	100
99	101

...	...	$extra = array(
152	154	'wh::idata::bucket' => 'buck',	'wh::idata::bucket' => 'buck',
153	155	'wh::idata::file' => 'rrr',	'wh::idata::file' => 'rrr',
154	156	);	);
155		rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'cloud', $extra);
	157		rg_test_wh_add_edit($db, $rg_ui, 'cloud', $extra);
156	158	$sql = "SELECT * FROM webhooks WHERE uid = " . $rg_ui['uid']	$sql = "SELECT * FROM webhooks WHERE uid = " . $rg_ui['uid']
157	159	. " AND id = " . $wh_id;	. " AND id = " . $wh_id;
158	160	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);

File tests/wh_http.php changed (mode: 100644) (index 839572c..5aa4f88)
...	...	function clean()
37	37	}	}
38	38	register_shutdown_function('clean');	register_shutdown_function('clean');
39	39
	40		prepare_http();
40	41
41	42	rg_log('');	rg_log('');
42	43	rg_log('Generating certificates...');	rg_log('Generating certificates...');

...	...	$key3 = 'DEBUG::' . $rg_ui['uid'] . '::webhooks::' . $port3;
124	125
125	126	rg_log('');	rg_log('');
126	127	rg_log('Login...');	rg_log('Login...');
127		$r = test_login($test_url, $rg_ui, $good_sid);
	128		$r = test_login($test_url, $rg_ui);
128	129	if ($r === FALSE) {	if ($r === FALSE) {
129	130	rg_log("Cannot login!");	rg_log("Cannot login!");
130	131	exit(1);	exit(1);

...	...	$extra = array(
148	149	'wh::idata::itype' => 0,	'wh::idata::itype' => 0,
149	150	'wh::idata::client_ca_cert' => file_get_contents('ca/wh/certs/cacert.pem')	'wh::idata::client_ca_cert' => file_get_contents('ca/wh/certs/cacert.pem')
150	151	);	);
151		rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'http', $extra);
	152		rg_test_wh_add_edit($db, $rg_ui, 'http', $extra);
152	153
153	154
154	155	rg_log('');	rg_log('');

...	...	$extra = array(
169	170	. file_get_contents('ca/wh/private/client.key'),	. file_get_contents('ca/wh/private/client.key'),
170	171	'wh::idata::client_ca_cert' => file_get_contents('ca/wh/certs/cacert.pem')	'wh::idata::client_ca_cert' => file_get_contents('ca/wh/certs/cacert.pem')
171	172	);	);
172		rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'http', $extra);
	173		rg_test_wh_add_edit($db, $rg_ui, 'http', $extra);
173	174
174	175
175	176	rg_log('');	rg_log('');

...	...	$extra = array(
189	190	'wh::idata::client_cert' => '',	'wh::idata::client_cert' => '',
190	191	'wh::idata::client_ca_cert' => file_get_contents('ca/wh/certs/cacert.pem')	'wh::idata::client_ca_cert' => file_get_contents('ca/wh/certs/cacert.pem')
191	192	);	);
192		rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'http', $extra);
	193		rg_test_wh_add_edit($db, $rg_ui, 'http', $extra);
193	194
194	195
195	196	rg_log('Finding out the ids...');	rg_log('Finding out the ids...');

...	...	$extra = array(
293	294	'wh::idata::client_cert' => 'abc <xss>',	'wh::idata::client_cert' => 'abc <xss>',
294	295	'wh::idata::client_ca_cert' => 'zzz <xss>'	'wh::idata::client_ca_cert' => 'zzz <xss>'
295	296	);	);
296		rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'http', $extra);
	297		rg_test_wh_add_edit($db, $rg_ui, 'http', $extra);
297	298	$sql = "SELECT * FROM webhooks WHERE uid = " . $rg_ui['uid']	$sql = "SELECT * FROM webhooks WHERE uid = " . $rg_ui['uid']
298	299	. " AND id = " . $wh_id1;	. " AND id = " . $wh_id1;
299	300	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);

...	...	foreach ($list as $k => $v) {
340	341	rg_log('');	rg_log('');
341	342	rg_log_enter('Testing the delete - loading form...');	rg_log_enter('Testing the delete - loading form...');
342	343	$data = array();	$data = array();
343		$headers = array("Cookie: sid=" . $good_sid);
	344		$headers = array();
344	345	$r = do_req($test_url . "/op/settings/wh/list", $data, $headers);	$r = do_req($test_url . "/op/settings/wh/list", $data, $headers);
345	346	if ($r === FALSE) {	if ($r === FALSE) {
346	347	rg_log("Cannot load list form.");	rg_log("Cannot load list form.");

File tests/wh_lambda.php changed (mode: 100644) (index d3f8cdd..2103c81)
...	...	$rg_cache_enable = TRUE;
20	20	$rg_cache_debug = TRUE;	$rg_cache_debug = TRUE;
21	21	$rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";	$rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";
22	22
	23		prepare_http();
	24
23	25	$home = getenv('HOME');	$home = getenv('HOME');
24	26	if (!file_exists($home . '/.aws/conf.php')) {	if (!file_exists($home . '/.aws/conf.php')) {
25	27	rg_log('no ~/.aws.conf.php file!');	rg_log('no ~/.aws.conf.php file!');

...	...	rg_test_create_user($db, $rg_ui);
37	39
38	40	rg_log('');	rg_log('');
39	41	rg_log_enter('Login...');	rg_log_enter('Login...');
40		$r = test_login($test_url, $rg_ui, $good_sid);
	42		$r = test_login($test_url, $rg_ui);
41	43	if ($r === FALSE) {	if ($r === FALSE) {
42	44	rg_log("Cannot login!");	rg_log("Cannot login!");
43	45	exit(1);	exit(1);

...	...	$extra = array(
64	66	'wh::idata::function' => 'test-function',	'wh::idata::function' => 'test-function',
65	67	'wh::idata::payload' => '{"key": "aaa branch=##branch## repo=##repo##"}'	'wh::idata::payload' => '{"key": "aaa branch=##branch## repo=##repo##"}'
66	68	);	);
67		rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'lambda', $extra);
	69		rg_test_wh_add_edit($db, $rg_ui, 'lambda', $extra);
68	70	rg_log_exit();	rg_log_exit();
69	71
70	72

...	...	rg_log_exit();
93	95
94	96	rg_log('');	rg_log('');
95	97	rg_log_enter('Creating and upload a ssh key...');	rg_log_enter('Creating and upload a ssh key...');
96		rg_test_upload_ssh_key($db, $rg_ui, "wh_cloud", $good_sid);
	98		rg_test_upload_ssh_key($db, $rg_ui, 'wh_cloud');
97	99	rg_log_exit();	rg_log_exit();
98	100
99	101

Hints

Before first commit, do not forget to setup your git environment:

git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):

git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):

git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:

... clone the repository ...
... make some changes and some commits ...
git push origin master