xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Commit 9b77048af3f73f8bf30128d5b07a2bae28315d45

Improved http tests by using persistent connections
Author: Catalin(ux) M. BOIE
Author date (UTC): 2017-05-24 18:48
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2017-05-24 18:48
Parent(s): 3f1836953c50735c7860da1f951eb82a42a1940b
Signing key:
Tree: d14e12785f2f04bdf6161c4e809dbdf9ea41554a
File Lines added Lines deleted
inc/mail.inc.php 2 2
tests/.gitignore 1 0
tests/Makefile 5 5
tests/_run_tests.sh 2 1
tests/admin_set_git.php 5 3
tests/admin_set_web.php 2 0
tests/by_http.php 3 2
tests/export.php 1 2
tests/git.php 4 4
tests/git2.php 7 5
tests/git_big_push.php 1 1
tests/git_log1.sh 0 1
tests/helpers.inc.php 10 9
tests/http.inc.php 61 45
tests/http_admin.php 4 3
tests/http_bug.php 6 4
tests/http_confirm.php 3 2
tests/http_create_account.php 6 4
tests/http_csrf.php 10 6
tests/http_forgot.php 18 7
tests/http_keys.php 5 3
tests/http_login.php 22 15
tests/http_settings.php 13 11
tests/http_top.php 2 0
tests/http_totp.php 13 14
tests/pr_anon.php 7 6
tests/source.php 4 3
tests/ssh.php 9 5
tests/wh_cloud.php 6 4
tests/wh_http.php 7 6
tests/wh_lambda.php 5 3
File inc/mail.inc.php changed (mode: 100644) (index 90b4ccd..de5d6ad)
... ... function rg_mail_template($template, $more)
70 70 $subject, $body, $header, -f $rg_admin_email"); $subject, $body, $header, -f $rg_admin_email");
71 71 if ($more['debug'] == 1) { if ($more['debug'] == 1) {
72 72 if (!isset($more['ui']['uid'])) if (!isset($more['ui']['uid']))
73 $k = 0;
73 $k = $more['ui']['email'];
74 74 else else
75 75 $k = $more['ui']['uid']; $k = $more['ui']['uid'];
76 76
77 rg_cache_set('DEBUG::' . $k . '::mail',
77 rg_cache_set('DEBUG::' . $k . '::mail::' . $template,
78 78 array( array(
79 79 'header' => $header, 'header' => $header,
80 80 'subject' => $subject, 'subject' => $subject,
File tests/.gitignore changed (mode: 100644) (index 53756ef..607c80a)
... ... export.json
30 30 _run_tests.failed _run_tests.failed
31 31 temp_repos temp_repos
32 32 state state
33 jars
File tests/Makefile changed (mode: 100644) (index f27cc6d..fbd1ef7)
1 1 all: clean run all: clean run
2 @echo "All OK. Good work!"
3 @-ls -l err-*
4 @-ls -l /var/log/rocketgit/err-*
5 @echo "Do not forget to check for errors in /var/log/rocketgit!"
6 2
7 3 .PHONY: run .PHONY: run
8 4 run: run:
9 5 @mkdir -p temp_repos @mkdir -p temp_repos
10 6 @./_run_tests.sh @./_run_tests.sh
7 @echo "All OK. Good work!"
8 @echo "Errors:"
9 @-ls -l err-* 2>/dev/null || :
10 @-ls -l /var/log/rocketgit/err-* 2>/dev/null || :
11 11
12 12 .PHONY: clean .PHONY: clean
13 13 clean: clean:
 
... ... clean:
15 15 http.arond *.pub git2key git2 *.in q_merge_requests/mr-* \ http.arond *.pub git2key git2 *.in q_merge_requests/mr-* \
16 16 qstats/* repos/* helper helper.pub keys/* ca *.pid \ qstats/* repos/* helper helper.pub keys/* ca *.pid \
17 17 *.tmp base ubase wh_cloud.git export.json \ *.tmp base ubase wh_cloud.git export.json \
18 .by_http temp_repos
18 .by_http temp_repos jars
19 19
20 20 .PHONY: clean_state .PHONY: clean_state
21 21 clean_state: clean_state:
File tests/_run_tests.sh changed (mode: 100755) (index a804fd0..8be3399)
1 1 #!/bin/bash #!/bin/bash
2 2
3 tests="git_big_push admin_set_git by_http wh_lambda http_keys http_forgot \
3 tests="admin_set_web git_big_push admin_set_git by_http wh_lambda http_keys \
4 http_forgot \
4 5 api wh_cloud pr_anon wh_http ssh http_totp totp git_log1 \ api wh_cloud pr_anon wh_http ssh http_totp totp git_log1 \
5 6 http_admin http_bug \ http_admin http_bug \
6 7 http_create_account http_login http_settings http_csrf http_top \ http_create_account http_login http_settings http_csrf http_top \
File tests/admin_set_git.php changed (mode: 100644) (index e79f4a5..0c456e1)
... ... $_testns = 'admin_set_git';
21 21 $rg_cache_enable = TRUE; $rg_cache_enable = TRUE;
22 22 $rg_cache_debug = TRUE; $rg_cache_debug = TRUE;
23 23
24 prepare_http();
25
24 26 $rg_ui = array('is_admin' => 1); $rg_ui = array('is_admin' => 1);
25 27 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
26 test_login($test_url, $rg_ui, $good_sid);
28 test_login($test_url, $rg_ui);
27 29
28 30
29 31 rg_log(''); rg_log('');
30 32 rg_log_enter('Loading Admin -> Settings -> Git...'); rg_log_enter('Loading Admin -> Settings -> Git...');
31 33 $data = array(); $data = array();
32 $headers = array("Cookie: sid=" . $good_sid);
34 $headers = array();
33 35 $r = do_req($test_url . '/op/admin/settings/git', $data, $headers); $r = do_req($test_url . '/op/admin/settings/git', $data, $headers);
34 36 if ($r === FALSE) { if ($r === FALSE) {
35 37 rg_log("Cannot load page!"); rg_log("Cannot load page!");
 
... ... if ($r === FALSE) {
37 39 } }
38 40 if (!isset($r['tokens']['admin_settings_git'])) { if (!isset($r['tokens']['admin_settings_git'])) {
39 41 rg_log_ml('r:' . print_r($r, TRUE)); rg_log_ml('r:' . print_r($r, TRUE));
40 rg_log("No token?!");
42 rg_log("No 'admin_settings_git' token?!");
41 43 exit(1); exit(1);
42 44 } }
43 45 $token = $r['tokens']['admin_settings_git']; $token = $r['tokens']['admin_settings_git'];
File tests/admin_set_web.php changed (mode: 100644) (index 6a61fe3..de51f32)
... ... $_testns = 'admin_set_web';
21 21 $rg_cache_enable = TRUE; $rg_cache_enable = TRUE;
22 22 $rg_cache_debug = TRUE; $rg_cache_debug = TRUE;
23 23
24 prepare_http();
25
24 26 $rg_ui = array('is_admin' => 1); $rg_ui = array('is_admin' => 1);
25 27 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
26 28 test_login($test_url, $rg_ui); test_login($test_url, $rg_ui);
File tests/by_http.php changed (mode: 100644) (index eb00180..e2679b9)
... ... require_once("common.php");
18 18 $_testns = 'by_http'; $_testns = 'by_http';
19 19 $rg_cache_enable = TRUE; $rg_cache_enable = TRUE;
20 20
21 prepare_http();
21 22
22 23 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
23 24 rg_log('Created user ' . $rg_ui['uid']); rg_log('Created user ' . $rg_ui['uid']);
 
... ... rg_log('Created repo ' . $repo['repo_id']);
30 31 $repo2 = array('public' => 0); $repo2 = array('public' => 0);
31 32 rg_test_create_repo($db, $rg_ui, $repo2); rg_test_create_repo($db, $rg_ui, $repo2);
32 33 rg_log('Created repo2 ' . $repo2['repo_id']); rg_log('Created repo2 ' . $repo2['repo_id']);
33 $r = test_login($test_url, $rg_ui, $good_sid);
34 $r = test_login($test_url, $rg_ui);
34 35 if ($r === FALSE) { if ($r === FALSE) {
35 36 rg_log("Cannot login!"); rg_log("Cannot login!");
36 37 exit(1); exit(1);
 
... ... $commit = trim(file_get_contents('.by_http/.git/refs/heads/master'));
155 156 rg_log('master from .git: ' . $commit); rg_log('master from .git: ' . $commit);
156 157 rg_log_enter('Checking on web that everything is OK...'); rg_log_enter('Checking on web that everything is OK...');
157 158 $data = array(); $data = array();
158 $headers = array("Cookie: sid=" . $good_sid);
159 $headers = array();
159 160 $r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username']) $r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])
160 161 . '/' . rawurlencode($repo['name']) . '/source/log/commit/' . '/' . rawurlencode($repo['name']) . '/source/log/commit/'
161 162 . $commit, $data, $headers); . $commit, $data, $headers);
File tests/export.php changed (mode: 100644) (index 949cb41..624349c)
... ... if ($r === FALSE) {
44 44 exit(1); exit(1);
45 45 } }
46 46
47 $cmd = 'cat export.json | json_verify';
48 $a = rg_exec($cmd, '', FALSE, FALSE);
47 $a = rg_exec('cat export.json | json_verify', '', FALSE, FALSE);
49 48 if ($a['ok'] !== 1) { if ($a['ok'] !== 1) {
50 49 rg_log_ml(print_r($a, TRUE)); rg_log_ml(print_r($a, TRUE));
51 50 rg_log('Seems the JSON is not valid!'); rg_log('Seems the JSON is not valid!');
File tests/git.php changed (mode: 100644) (index f317f79..0f195c4)
... ... $r = rg_exec('rm -rf temp_repos/git_rename'
22 22 . ' && cd temp_repos/git_rename' . ' && cd temp_repos/git_rename'
23 23 . ' && git init' . ' && git init'
24 24 . ' && seq 0 1000 > a' . ' && seq 0 1000 > a'
25 . ' && echo yyy > b; git add a b; git commit -a -m "aaa"'
26 . ' && cp a aclone; git add aclone'
25 . ' && echo yyy > b && git add a b && git commit -a -m "aaa"'
26 . ' && cp a aclone && git add aclone'
27 27 . ' && git mv b b2' . ' && git mv b b2'
28 28 . ' && git commit -a -m "bbb"', . ' && git commit -a -m "bbb"',
29 29 '', FALSE, FALSE); '', FALSE, FALSE);
 
... ... $r = rg_exec('rm -rf temp_repos/git_bin'
78 78 . ' && cd temp_repos/git_bin' . ' && cd temp_repos/git_bin'
79 79 . ' && git init' . ' && git init'
80 80 . ' && seq 0 100 | while read a; do echo -en "\x`printf "%02x" ${a}`"; done > a' . ' && seq 0 100 | while read a; do echo -en "\x`printf "%02x" ${a}`"; done > a'
81 . ' && git add a; git commit -a -m "aaa"'
82 . ' && echo -e \x0ff\x03\x90 > a; git commit -a -m "bbb"',
81 . ' && git add a && git commit -a -m "aaa"'
82 . ' && echo -e \x0ff\x03\x90 > a && git commit -a -m "bbb"',
83 83 '', FALSE, FALSE); '', FALSE, FALSE);
84 84 if ($r['ok'] != 1) { if ($r['ok'] != 1) {
85 85 rg_log('Could not exec repo script: ' . $r['errmsg'] . '!'); rg_log('Could not exec repo script: ' . $r['errmsg'] . '!');
File tests/git2.php changed (mode: 100644) (index 25937f3..40d9fc2)
... ... require_once("common.php");
18 18 $_testns = 'git2'; $_testns = 'git2';
19 19 $rg_cache_enable = TRUE; $rg_cache_enable = TRUE;
20 20
21 prepare_http();
22
21 23 system("./git2.sh &>git2.sh.log"); system("./git2.sh &>git2.sh.log");
22 24 $_err = file_get_contents('git2.sh.log'); $_err = file_get_contents('git2.sh.log');
23 25 @unlink('git2.log'); @unlink('git2.log');
 
... ... rg_test_create_user($db, $rg_ui);
46 48 rg_log('Created user ' . $rg_ui['uid']); rg_log('Created user ' . $rg_ui['uid']);
47 49 rg_test_create_repo($db, $rg_ui, $repo); rg_test_create_repo($db, $rg_ui, $repo);
48 50 rg_log('Created repo ' . $repo['repo_id']); rg_log('Created repo ' . $repo['repo_id']);
49 $r = test_login($test_url, $rg_ui, $good_sid);
51 $r = test_login($test_url, $rg_ui);
50 52 if ($r === FALSE) { if ($r === FALSE) {
51 53 rg_log("Cannot login!"); rg_log("Cannot login!");
52 54 exit(1); exit(1);
 
... ... if ($r === FALSE) {
55 57
56 58 rg_log(''); rg_log('');
57 59 rg_log_enter('Uploading a key...'); rg_log_enter('Uploading a key...');
58 rg_test_upload_ssh_key($db, $rg_ui, "git2", $good_sid);
60 rg_test_upload_ssh_key($db, $rg_ui, 'git2');
59 61 rg_log_exit(); rg_log_exit();
60 62
61 63
 
... ... rg_log("Load master from .git: $commit");
94 96 rg_log(''); rg_log('');
95 97 rg_log_enter('Checking on web that everything is OK...'); rg_log_enter('Checking on web that everything is OK...');
96 98 $data = array(); $data = array();
97 $headers = array("Cookie: sid=" . $good_sid);
99 $headers = array();
98 100 $r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username']) $r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])
99 101 . '/' . rawurlencode($repo['name']) . '/source/log/commit/' . '/' . rawurlencode($repo['name']) . '/source/log/commit/'
100 102 . $commit, $data, $headers); . $commit, $data, $headers);
 
... ... rg_log_exit();
108 110 rg_log(''); rg_log('');
109 111 rg_log_enter('Checking on web that tag is OK...'); rg_log_enter('Checking on web that tag is OK...');
110 112 $data = array(); $data = array();
111 $headers = array("Cookie: sid=" . $good_sid);
113 $headers = array();
112 114 $r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username']) $r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])
113 115 . '/' . rawurlencode($repo['name']) . '/' . rawurlencode($repo['name'])
114 116 . '/source/tree/tag/unannot1/blob/a', $data, $headers); . '/source/tree/tag/unannot1/blob/a', $data, $headers);
 
... ... if ($r['ok'] != 1) {
141 143 exit(1); exit(1);
142 144 } }
143 145 // Now, the branch should not be visible anymore // Now, the branch should not be visible anymore
144 $headers = array("Cookie: sid=" . $good_sid);
146 $headers = array();
145 147 $r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username']) $r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])
146 148 . '/' . rawurlencode($repo['name']) . '/source', $data, $headers); . '/' . rawurlencode($repo['name']) . '/source', $data, $headers);
147 149 rg_log_ml($r['body']); rg_log_ml($r['body']);
File tests/git_big_push.php changed (mode: 100644) (index 91a5188..3529ec5)
... ... $rg_git_debug = 100;
23 23
24 24 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
25 25 rg_test_create_repo($db, $rg_ui, $repo); rg_test_create_repo($db, $rg_ui, $repo);
26 $r = test_login($test_url, $rg_ui, $good_sid);
26 $r = test_login($test_url, $rg_ui);
27 27 if ($r === FALSE) { if ($r === FALSE) {
28 28 rg_log("Cannot login!"); rg_log("Cannot login!");
29 29 exit(1); exit(1);
File tests/git_log1.sh changed (mode: 100755) (index 3b9e812..3b7c604)
... ... if [ "${?}" != "0" ]; then
67 67 exit 1 exit 1
68 68 fi fi
69 69
70 echo "git_log1: OK"
File tests/helpers.inc.php changed (mode: 100644) (index 10cade7..7267b69)
... ... function rg_test_create_repo($db, $rg_ui, &$extra)
152 152 exit(1); exit(1);
153 153 } }
154 154 rg_repo_cosmetic($db, $extra); rg_repo_cosmetic($db, $extra);
155 rg_log_ml('extra: ' . print_r($extra, TRUE));
155 156
156 157 if ($repo_id > 0) { if ($repo_id > 0) {
157 158 $sql = "UPDATE repos SET repo_id = $repo_id" $sql = "UPDATE repos SET repo_id = $repo_id"
 
... ... function rg_test_create_bug($db, $rg_ui, $ri, &$extra)
266 267 * Helper for creating and uploading a ssh key * Helper for creating and uploading a ssh key
267 268 * Returns the key. * Returns the key.
268 269 */ */
269 function rg_test_upload_ssh_key($db, $rg_ui, $key_name, $good_sid)
270 function rg_test_upload_ssh_key($db, $rg_ui, $key_name)
270 271 { {
271 272 global $test_url; global $test_url;
272 273
 
... ... function rg_test_upload_ssh_key($db, $rg_ui, $key_name, $good_sid)
292 293
293 294 rg_log("Loading ssh key form..."); rg_log("Loading ssh key form...");
294 295 $data = array(); $data = array();
295 $headers = array("Cookie: sid=" . $good_sid);
296 $headers = array();
296 297 $r = do_req($test_url . "/op/settings/keys?t=load_key_form", $data, $headers); $r = do_req($test_url . "/op/settings/keys?t=load_key_form", $data, $headers);
297 298 if ($r === FALSE) { if ($r === FALSE) {
298 299 rg_log("Cannot load form!"); rg_log("Cannot load form!");
 
... ... function rg_test_upload_ssh_key($db, $rg_ui, $key_name, $good_sid)
306 307
307 308 rg_log("Uploading the key..."); rg_log("Uploading the key...");
308 309 $data = array('add' => 1, 'token' => $r['tokens']['keys'], 'key' => $key); $data = array('add' => 1, 'token' => $r['tokens']['keys'], 'key' => $key);
309 $headers = array('Cookie: sid=' . $good_sid);
310 $headers = array();
310 311 $r = do_req($test_url . '/op/settings/keys?t=upload_ssh_key', $data, $headers); $r = do_req($test_url . '/op/settings/keys?t=upload_ssh_key', $data, $headers);
311 312 if ($r === FALSE) { if ($r === FALSE) {
312 313 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
 
... ... function rg_test_upload_ssh_key($db, $rg_ui, $key_name, $good_sid)
334 335 * Helper for generating scratch codes * Helper for generating scratch codes
335 336 * Returns the scratch codes. * Returns the scratch codes.
336 337 */ */
337 function rg_test_sc_generate($db, $rg_ui, $good_sid)
338 function rg_test_sc_generate($db, $rg_ui)
338 339 { {
339 340 global $test_url; global $test_url;
340 341
341 342 rg_log("Loading generate scratch codes form..."); rg_log("Loading generate scratch codes form...");
342 343 $data = array(); $data = array();
343 $headers = array("Cookie: sid=" . $good_sid);
344 $headers = array();
344 345 $r = do_req($test_url . "/op/settings/totp/sc", $data, $headers); $r = do_req($test_url . "/op/settings/totp/sc", $data, $headers);
345 346 if ($r === FALSE) { if ($r === FALSE) {
346 347 rg_log("Cannot load form!"); rg_log("Cannot load form!");
 
... ... function rg_test_sc_generate($db, $rg_ui, $good_sid)
354 355
355 356 rg_log("Generating scratch codes..."); rg_log("Generating scratch codes...");
356 357 $data = array('generate' => 1, 'token' => $r['tokens']['sc']); $data = array('generate' => 1, 'token' => $r['tokens']['sc']);
357 $headers = array('Cookie: sid=' . $good_sid);
358 $headers = array();
358 359 $r = do_req($test_url . '/op/settings/totp/sc', $data, $headers); $r = do_req($test_url . '/op/settings/totp/sc', $data, $headers);
359 360 if ($r === FALSE) { if ($r === FALSE) {
360 361 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
 
... ... function rg_test_sc_generate($db, $rg_ui, $good_sid)
377 378 /* /*
378 379 * Helper for adding a webhook * Helper for adding a webhook
379 380 */ */
380 function rg_test_wh_add_edit($db, $rg_ui, $good_sid, $htype, $extra)
381 function rg_test_wh_add_edit($db, $rg_ui, $htype, $extra)
381 382 { {
382 383 global $test_url; global $test_url;
383 384
384 385 rg_log_enter('Loading webhook add form...'); rg_log_enter('Loading webhook add form...');
385 $headers = array("Cookie: sid=" . $good_sid);
386 $headers = array();
386 387
387 388 if (!isset($extra['wh::id'])) if (!isset($extra['wh::id']))
388 389 $extra['wh::id'] = 0; $extra['wh::id'] = 0;
 
... ... function rg_test_wh_add_edit($db, $rg_ui, $good_sid, $htype, $extra)
405 406 rg_log("Adding webhook..."); rg_log("Adding webhook...");
406 407 $data = array('doit' => 1, 'token' => $r['tokens']['wh_add']); $data = array('doit' => 1, 'token' => $r['tokens']['wh_add']);
407 408 $data = array_merge($data, $extra); $data = array_merge($data, $extra);
408 $headers = array('Cookie: sid=' . $good_sid);
409 $headers = array();
409 410 $r = do_req($test_url . '/op/settings/wh/' . $url, $data, $headers); $r = do_req($test_url . '/op/settings/wh/' . $url, $data, $headers);
410 411 if ($r === FALSE) { if ($r === FALSE) {
411 412 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
File tests/http.inc.php changed (mode: 100644) (index c43bea9..b03e41e)
3 3 if (!isset($test_ua)) if (!isset($test_ua))
4 4 $test_ua = "curl"; $test_ua = "curl";
5 5
6 /*
7 * Clean all cookies
8 */
9 function clean_cookies()
10 {
11 global $_testns;
12
13 $path = __DIR__ . '/jars';
14 if (!file_exists($path))
15 return;
16
17 rg_log('Cleaning cookies...');
18 $cookie_jar = $path . '/' . $_testns;
19 @unlink($cookie_jar);
20 }
21
22 /*
23 * This is called at the begining of all tests
24 */
25 function prepare_http()
26 {
27 clean_cookies();
28 }
29
6 30 /* /*
7 31 * Data is an array * Data is an array
8 32 */ */
33 $http_handles = array();
9 34 function do_req($url, &$data, &$headers) function do_req($url, &$data, &$headers)
10 35 { {
11 36 global $test_ua, $test_referer; global $test_ua, $test_referer;
37 global $cookie_jar;
38 global $http_handles;
39 global $http_client;
40 global $_testns;
41
42 if (!isset($http_client))
43 $http_client = $_testns;
44
45 $path = __DIR__ . '/jars';
46 if (!file_exists($path))
47 mkdir($path);
48 $cookie_jar = $path . '/' . $http_client;
12 49
13 50 if (!is_array($data)) if (!is_array($data))
14 51 $data = array(); $data = array();
15 52
16 $data['rg_debug'] = 1;
17
18 53 if (!is_array($headers)) { if (!is_array($headers)) {
19 54 rg_log("Headers is not an array, reset it."); rg_log("Headers is not an array, reset it.");
20 55 $headers = array(); $headers = array();
21 56 } }
22 57
58 if (!strstr($url, '?'))
59 $url .= '?rg_debug=1';
60 else
61 $url .= '&rg_debug=1';
62
23 63 rg_log_ml("do_req url[$url] data=" . print_r($data, TRUE) rg_log_ml("do_req url[$url] data=" . print_r($data, TRUE)
24 64 . "headers=" . print_r($headers, TRUE)); . "headers=" . print_r($headers, TRUE));
25 65
26 $c = curl_init($url);
27 if (count($data) > 0) {
66 $c = FALSE;
67 if (isset($http_handles[$http_client]))
68 $c = $http_handles[$http_client];
69 if ($c === FALSE) {
70 $c = curl_init();
71 $http_handles[$http_client] = $c;
72 }
73
74 curl_setopt($c, CURLOPT_URL, $url);
75 if (!empty($data)) {
28 76 curl_setopt($c, CURLOPT_POST, 1); curl_setopt($c, CURLOPT_POST, 1);
29 77 curl_setopt($c, CURLOPT_POSTFIELDS, $data); curl_setopt($c, CURLOPT_POSTFIELDS, $data);
30 78 } else { } else {
31 if (!strstr($url, '?'))
32 $url .= '?rg_debug=1';
33 else
34 $url .= '&rg_debug=1';
79 curl_setopt($c, CURLOPT_POST, 0);
80 curl_setopt($c, CURLOPT_POSTFIELDS, '');
35 81 } }
36 82 curl_setopt($c, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($c, CURLOPT_RETURNTRANSFER, TRUE);
37 // We cannot use this because we will not have a
38 // chance to capture the sid.
39 //curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
83 curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
40 84 curl_setopt($c, CURLOPT_HEADER, 1); curl_setopt($c, CURLOPT_HEADER, 1);
41 85 curl_setopt($c, CURLOPT_HTTPHEADER, $headers); curl_setopt($c, CURLOPT_HTTPHEADER, $headers);
42 86 curl_setopt($c, CURLOPT_USERAGENT, $test_ua); curl_setopt($c, CURLOPT_USERAGENT, $test_ua);
 
... ... function do_req($url, &$data, &$headers)
44 88 curl_setopt($c, CURLOPT_CERTINFO, TRUE); curl_setopt($c, CURLOPT_CERTINFO, TRUE);
45 89 curl_setopt($c, CURLOPT_VERBOSE, TRUE); curl_setopt($c, CURLOPT_VERBOSE, TRUE);
46 90 curl_setopt($c, CURLOPT_ENCODING , 'gzip'); curl_setopt($c, CURLOPT_ENCODING , 'gzip');
91 curl_setopt($c, CURLOPT_COOKIEJAR, $cookie_jar);
92 curl_setopt($c, CURLOPT_COOKIEFILE, $cookie_jar);
47 93
48 94 $err = @fopen('php://temp', 'w'); $err = @fopen('php://temp', 'w');
49 95 if ($err !== FALSE) { if ($err !== FALSE) {
 
... ... function do_req($url, &$data, &$headers)
72 118 $header_size = curl_getinfo($c, CURLINFO_HEADER_SIZE); $header_size = curl_getinfo($c, CURLINFO_HEADER_SIZE);
73 119 $ret['header'] = substr($r, 0, $header_size); $ret['header'] = substr($r, 0, $header_size);
74 120 $ret['body'] = substr($r, $header_size); $ret['body'] = substr($r, $header_size);
75 curl_close($c);
76 121
77 122 // Check for XSS // Check for XSS
78 123 if (stristr($ret['body'], '<xss>')) { if (stristr($ret['body'], '<xss>')) {
 
... ... function do_req($url, &$data, &$headers)
137 182 if (!isset($t[1])) { if (!isset($t[1])) {
138 183 rg_log_ml('body: ' . print_r($ret['body'], TRUE)); rg_log_ml('body: ' . print_r($ret['body'], TRUE));
139 184 rg_log_ml('matches: ' . print_r($matches[1], TRUE)); rg_log_ml('matches: ' . print_r($matches[1], TRUE));
140 rg_log('Invalid debug token: ' . $m);
185 rg_log('Invalid debug token (no prefix): ' . $m);
141 186 exit(1); exit(1);
142 187 } }
143 188 $ret['tokens'][$t[1]] = $t[0]; $ret['tokens'][$t[1]] = $t[0];
 
... ... function do_req($url, &$data, &$headers)
161 206 rg_log('DEBUG ret[totp_secret]=' . $ret['totp_secret']); rg_log('DEBUG ret[totp_secret]=' . $ret['totp_secret']);
162 207 } }
163 208
164 $x = preg_match('/Location: (.*)\s/', $ret['header'], $matches);
165 if ($x === 1) {
166 if (strncmp($url, "http://", 7) == 0)
167 $url = substr($url, 7);
168 $t = explode("/", $url, 2);
169 $new = "http://" . $t[0] . trim($matches[1]);
170 rg_log("Redirecting to $new...");
171 $data = array();
172 if (!empty($ret['sid']))
173 $headers = array("Cookie: sid=" . $ret['sid']);
174 $f = do_req($new, $data, $headers);
175 if (empty($f['sid']))
176 $f['sid'] = $ret['sid'];
177 return $f;
178 }
179
180 209 @rename('http-last.out', 'http-prev.out'); @rename('http-last.out', 'http-prev.out');
181 210 file_put_contents('http-last.out', $ret['body']); file_put_contents('http-last.out', $ret['body']);
182 211
 
... ... function do_req($url, &$data, &$headers)
184 213 } }
185 214
186 215 /* /*
187 * Helper function that will do the login and will return the good sid
216 * Helper function that will do the login
188 217 */ */
189 function test_login($url, $rg_ui, &$good_sid)
218 function test_login($url, $rg_ui)
190 219 { {
191 220 global $test_ua; global $test_ua;
192 221
193 222 // First we need to load the form so we can get the token // First we need to load the form so we can get the token
194 // We provide an old cookie to test if we generate a new pre-login one
195 223 $data = array(); $data = array();
196 $headers = array("Cookie: sid=d978671c2cd12fba05be218bb1653c1ce7bfb947");
197 224 $r = do_req($url . "/op/login", $data, $headers); $r = do_req($url . "/op/login", $data, $headers);
198 225 if ($r === FALSE) { if ($r === FALSE) {
199 226 rg_log('Cannot load login form!'); rg_log('Cannot load login form!');
200 227 return FALSE; return FALSE;
201 228 } }
202 $good_sid = $r['sid'];
203 229 if (!isset($r['tokens']['login'])) { if (!isset($r['tokens']['login'])) {
204 230 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
205 231 rg_log('Login token not returned!'); rg_log('Login token not returned!');
206 232 return FALSE; return FALSE;
207 233 } }
208 234 $good_token = $r['tokens']['login']; $good_token = $r['tokens']['login'];
209 rg_log("good: sid=$good_sid token=$good_token");
210 if (strncmp($good_sid, "X", 1) != 0) {
211 rg_log("Seems we did not get a pre-login session!");
212 return FALSE;
213 }
214 235
215 236 // Now, post login form // Now, post login form
216 237 rg_log("Do the real login post request"); rg_log("Do the real login post request");
 
... ... function test_login($url, $rg_ui, &$good_sid)
221 242 "pass" => $rg_ui['pass'], "pass" => $rg_ui['pass'],
222 243 "lock_ip" => 1 "lock_ip" => 1
223 244 ); );
224 $headers = array("Cookie: sid=" . $good_sid);
245 $headers = array();
225 246 $r = do_req($url . "/op/login", $data, $headers); $r = do_req($url . "/op/login", $data, $headers);
226 247 if ($r === FALSE) { if ($r === FALSE) {
227 248 rg_log_ml("Cannot login: " . print_r($r, TRUE)); rg_log_ml("Cannot login: " . print_r($r, TRUE));
228 249 return FALSE; return FALSE;
229 250 } }
230 $good_sid = $r['sid'];
231 if (empty($good_sid)) {
232 rg_log('Empty good_sid!');
233 return FALSE;
234 }
235 251
236 252 if (strstr($r['body'], "invalid user")) { if (strstr($r['body'], "invalid user")) {
237 253 rg_log_ml(print_r($r, TRUE)); rg_log_ml(print_r($r, TRUE));
File tests/http_admin.php changed (mode: 100644) (index 76463cd..d20a160)
... ... $rg_cache_enable = TRUE;
20 20
21 21 $rg_user_max_len = 60; $rg_user_max_len = 60;
22 22
23 prepare_http();
24
23 25 $rg_ui = array('is_admin' => 1); $rg_ui = array('is_admin' => 1);
24 26 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
25 27
 
... ... if ($r === FALSE) {
30 32 rg_log("Cannot load login form."); rg_log("Cannot load login form.");
31 33 exit(1); exit(1);
32 34 } }
33 $good_sid = $r['sid'];
34 35 if (!isset($r['tokens']['login'])) { if (!isset($r['tokens']['login'])) {
35 36 rg_log_ml('R: ' . print_r($r, TRUE)); rg_log_ml('R: ' . print_r($r, TRUE));
36 37 rg_log('Cannot find login token!'); rg_log('Cannot find login token!');
 
... ... if (!isset($r['tokens']['login'])) {
39 40 $good_token = $r['tokens']['login']; $good_token = $r['tokens']['login'];
40 41
41 42
42 rg_log("Do the login (sid=$good_sid token=$good_token)...");
43 rg_log("Do the login (token=$good_token)...");
43 44 $data = array( $data = array(
44 45 "doit" => 1, "doit" => 1,
45 46 "token" => $good_token, "token" => $good_token,
46 47 "user" => $rg_ui['username'], "user" => $rg_ui['username'],
47 48 "pass" => $rg_ui['pass'], "pass" => $rg_ui['pass'],
48 49 "lock_ip" => 0); "lock_ip" => 0);
49 $headers = array("Cookie: sid=" . $good_sid);
50 $headers = array();
50 51 $r = do_req($test_url . "/op/login", $data, $headers); $r = do_req($test_url . "/op/login", $data, $headers);
51 52 if ($r === FALSE) { if ($r === FALSE) {
52 53 rg_log_ml("Cannot login: " . print_r($r, TRUE)); rg_log_ml("Cannot login: " . print_r($r, TRUE));
File tests/http_bug.php changed (mode: 100644) (index ee186f6..32c2641)
... ... require_once("common.php");
18 18 $_testns = 'http_bug'; $_testns = 'http_bug';
19 19 $rg_cache_enable = TRUE; $rg_cache_enable = TRUE;
20 20
21 prepare_http();
22
21 23 rg_test_create_user($db, $u1); rg_test_create_user($db, $u1);
22 24 rg_test_create_user($db, $u2); rg_test_create_user($db, $u2);
23 25 rg_test_create_repo($db, $u1, $repo); rg_test_create_repo($db, $u1, $repo);
24 26
25 $r = test_login($test_url, $u1, $good_sid);
27 $r = test_login($test_url, $u1);
26 28 if ($r === FALSE) if ($r === FALSE)
27 29 exit(1); exit(1);
28 30
 
... ... if ($r === FALSE)
30 32 rg_log(''); rg_log('');
31 33 rg_log_enter("Loading bug form..."); rg_log_enter("Loading bug form...");
32 34 $url = "/user/" . $u1['username'] . "/" . $repo['name'] . "/bug/add"; $url = "/user/" . $u1['username'] . "/" . $repo['name'] . "/bug/add";
33 $headers = array("Cookie: sid=" . $good_sid);
35 $headers = array();
34 36 $data = array(); $data = array();
35 37 $r = do_req($test_url . $url, $data, $headers); $r = do_req($test_url . $url, $data, $headers);
36 38 if ($r === FALSE) { if ($r === FALSE) {
 
... ... rg_log_exit();
226 228
227 229 rg_log(''); rg_log('');
228 230 rg_log_enter("Test watching a bug - we need to login as a different user"); rg_log_enter("Test watching a bug - we need to login as a different user");
229 $r = test_login($test_url, $u2, $good_sid);
231 $r = test_login($test_url, $u2);
230 232 if ($r === FALSE) if ($r === FALSE)
231 233 exit(1); exit(1);
232 $headers = array("Cookie: sid=" . $good_sid);
234 $headers = array();
233 235
234 236 // We are already in the watch list because the asignee is automatically added // We are already in the watch list because the asignee is automatically added
235 237 for ($i = 0; $i <= 1; $i++) { for ($i = 0; $i <= 1; $i++) {
File tests/http_confirm.php changed (mode: 100644) (index e6fa558..08450e6)
... ... $rg_cache_enable = TRUE;
19 19 $rg_cache_debug = TRUE; $rg_cache_debug = TRUE;
20 20 $rg_event_socket = "/var/lib/rocketgit/sockets/event.sock"; $rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";
21 21
22 prepare_http();
23
22 24 $uniq = rg_id(10); $uniq = rg_id(10);
23 25
24 26 rg_log_enter('Loading confirmation form...'); rg_log_enter('Loading confirmation form...');
 
... ... if ($r === FALSE) {
28 30 rg_log("Cannot load create_account page!"); rg_log("Cannot load create_account page!");
29 31 exit(1); exit(1);
30 32 } }
31 $good_sid = $r['sid'];
32 33 $good_token = $r['tokens']['user_edit_hl']; $good_token = $r['tokens']['user_edit_hl'];
33 34 rg_log_exit(); rg_log_exit();
34 35
 
... ... $data['plan_id'] = 0;
43 44 $data['tos'] = 1; $data['tos'] = 1;
44 45 $data['force_confirm'] = 1; $data['force_confirm'] = 1;
45 46 $data['doit'] = 1; $data['doit'] = 1;
46 $headers = array("Cookie: sid=" . $good_sid);
47 $headers = array();
47 48 $r = do_req($test_url . '/op/create_account?t=create_account', $data, $headers); $r = do_req($test_url . '/op/create_account?t=create_account', $data, $headers);
48 49 if (!strstr($r['body'], 'Your account has been successfully created')) { if (!strstr($r['body'], 'Your account has been successfully created')) {
49 50 rg_log_ml('body: ' . print_r($r['body'], TRUE)); rg_log_ml('body: ' . print_r($r['body'], TRUE));
File tests/http_create_account.php changed (mode: 100644) (index 590c759..a29ab51)
... ... $rg_sql = "host=localhost user=rocketgit dbname=rocketgit connect_timeout=10";
14 14 $rg_no_db = TRUE; $rg_no_db = TRUE;
15 15 require_once("common.php"); require_once("common.php");
16 16
17 $_testns = 'http_create_account';
18
19 prepare_http();
20
17 21 rg_log("Test create account"); rg_log("Test create account");
18 22
19 23 // First we need to load the form so we can get the token // First we need to load the form so we can get the token
 
... ... if ($r === FALSE) {
22 26 rg_log("Cannot load create_account page!"); rg_log("Cannot load create_account page!");
23 27 exit(1); exit(1);
24 28 } }
25 $good_sid = $r['sid'];
26 29 $good_token = $r['tokens']['user_edit_hl']; $good_token = $r['tokens']['user_edit_hl'];
27 30
28 31 $uniq = rg_id(16); $uniq = rg_id(16);
 
... ... $data = array(
41 44 "plan_id" => 9, "plan_id" => 9,
42 45 "session_time" => 60 "session_time" => 60
43 46 ); );
44 $headers = array("Cookie: sid=" . $good_sid);
47 $headers = array();
45 48 $r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers); $r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers);
46 49 if (!strstr($r['body'], "without accepting")) { if (!strstr($r['body'], "without accepting")) {
47 50 rg_log("Seems we could create an account without accepting ToS. Bad!"); rg_log("Seems we could create an account without accepting ToS. Bad!");
 
... ... if (!strstr($r['body'], "without accepting")) {
51 54 rg_log('Adding an account accepting tos...'); rg_log('Adding an account accepting tos...');
52 55 $data['token'] = $r['tokens']['user_edit_hl']; $data['token'] = $r['tokens']['user_edit_hl'];
53 56 $data['tos'] = 1; $data['tos'] = 1;
54 $headers = array("Cookie: sid=" . $good_sid);
57 $headers = array();
55 58 $r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers); $r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers);
56 59 if (!strstr($r['body'], "Your account has been successfully created")) { if (!strstr($r['body'], "Your account has been successfully created")) {
57 60 rg_log_ml('body: ' . print_r($r['body'], TRUE)); rg_log_ml('body: ' . print_r($r['body'], TRUE));
 
... ... foreach ($data as $k => $v) {
86 89 rg_log("Key $k does not match: row=" . $row[$k] . " data=" . $data[$k]); rg_log("Key $k does not match: row=" . $row[$k] . " data=" . $data[$k]);
87 90 exit(1); exit(1);
88 91 } }
89 rg_log("Key $k matches.");
90 92 } }
91 93
92 94 rg_log("OK!"); rg_log("OK!");
File tests/http_csrf.php changed (mode: 100644) (index 1c13123..8a07a68)
... ... require_once("common.php");
20 20 $_testns = 'http_csrf'; $_testns = 'http_csrf';
21 21 $rg_cache_enable = TRUE; $rg_cache_enable = TRUE;
22 22
23 prepare_http();
24
23 25 test_set_ua("user-agent-1"); test_set_ua("user-agent-1");
24 26 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
25 $r = test_login($test_url, $rg_ui, $good_sid);
27 $r = test_login($test_url, $rg_ui);
26 28 if ($r === FALSE) { if ($r === FALSE) {
27 29 rg_log("Cannot login!"); rg_log("Cannot login!");
28 30 exit(1); exit(1);
 
... ... rg_log_enter("Loading suggestion form (referer test)");
32 34 test_set_ua("user-agent-1"); test_set_ua("user-agent-1");
33 35 test_set_referer($test_url); test_set_referer($test_url);
34 36 $data = array(); $data = array();
35 $headers = array("Cookie: sid=" . $good_sid);
37 $headers = array();
36 38 $r = do_req($test_url . "/op/suggestion?t=load_suggestion_form_referer", $data, $headers); $r = do_req($test_url . "/op/suggestion?t=load_suggestion_form_referer", $data, $headers);
37 39 if (!stristr($r['body'], "action=\"/op/suggestion\"")) { if (!stristr($r['body'], "action=\"/op/suggestion\"")) {
38 40 rg_log("Cannot load form! See above."); rg_log("Cannot load form! See above.");
 
... ... $data = array(
50 52 "token" => $good_token, "token" => $good_token,
51 53 "suggestion" => "bla bla bla" "suggestion" => "bla bla bla"
52 54 ); );
53 $headers = array("Cookie: sid=" . $good_sid);
55 $headers = array();
54 56 $r = do_req($test_url . "/op/suggestion?t=post_suggestion_form_diff_referer", $data, $headers); $r = do_req($test_url . "/op/suggestion?t=post_suggestion_form_diff_referer", $data, $headers);
55 57 if (!stristr($r['body'], "invalid referer")) { if (!stristr($r['body'], "invalid referer")) {
56 58 rg_log_ml("Seems I could add a suggestion bypassing CSRF" rg_log_ml("Seems I could add a suggestion bypassing CSRF"
 
... ... rg_log_exit();
63 65 rg_log_enter("Testing logout CSRF (wrong token)..."); rg_log_enter("Testing logout CSRF (wrong token)...");
64 66 test_set_ua("user-agent-1"); test_set_ua("user-agent-1");
65 67 test_set_referer($test_url); test_set_referer($test_url);
66 $headers = array("Cookie: sid=" . $good_sid);
67 68 $data['token'] = strtoupper($good_token); $data['token'] = strtoupper($good_token);
69 $headers = array();
68 70 $r = do_req($test_url . "/op/logout?t=wrong_token", $data, $headers); $r = do_req($test_url . "/op/logout?t=wrong_token", $data, $headers);
69 71 if (stristr($r['body'], "You are now logged out")) { if (stristr($r['body'], "You are now logged out")) {
70 72 rg_log("No error on logout with wrong token?! See above."); rg_log("No error on logout with wrong token?! See above.");
 
... ... if (stristr($r['body'], "You are now logged out")) {
73 75 rg_log_exit(); rg_log_exit();
74 76
75 77
78 /* TODO setting cookie does not work!
76 79 rg_log_enter("Testing logout CSRF (token passed in cookie)..."); rg_log_enter("Testing logout CSRF (token passed in cookie)...");
77 80 test_set_ua("user-agent-1"); test_set_ua("user-agent-1");
78 81 test_set_referer($test_url); test_set_referer($test_url);
79 $headers = array("Cookie: sid=" . $good_sid . "; token=" . $good_logout_token);
82 $headers = array('Cookie: token=' . $good_logout_token);
80 83 $data = array('doit' => 1); $data = array('doit' => 1);
81 84 $r = do_req($test_url . "/op/logout?t=token_passed_by_cookie", $data, $headers); $r = do_req($test_url . "/op/logout?t=token_passed_by_cookie", $data, $headers);
82 85 if (stristr($r['body'], "You are now logged out")) { if (stristr($r['body'], "You are now logged out")) {
 
... ... if (stristr($r['body'], "You are now logged out")) {
84 87 exit(1); exit(1);
85 88 } }
86 89 rg_log_exit(); rg_log_exit();
90 */
87 91
88 92
89 93 rg_log_enter("Testing logout CSRF (good token)..."); rg_log_enter("Testing logout CSRF (good token)...");
90 94 test_set_ua("user-agent-1"); test_set_ua("user-agent-1");
91 95 $url = $test_url . "/op/logout?t=good_token&token=" . $good_logout_token; $url = $test_url . "/op/logout?t=good_token&token=" . $good_logout_token;
92 $data = array();
96 $data = array(); $headers = array();
93 97 $r = do_req($url, $data, $headers); $r = do_req($url, $data, $headers);
94 98 if (!stristr($r['body'], "You are now logged out")) { if (!stristr($r['body'], "You are now logged out")) {
95 99 rg_log("Seems I cannot logout with a good token! See above."); rg_log("Seems I cannot logout with a good token! See above.");
File tests/http_forgot.php changed (mode: 100644) (index 686cf12..43eafb9)
... ... $rg_cache_debug = TRUE;
25 25
26 26 $rg_user_max_len = 60; $rg_user_max_len = 60;
27 27
28 prepare_http();
28 29 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
29 30
30 31
31 32 rg_log(''); rg_log('');
32 rg_log_enter('Loading forgot pass form...');
33 $data = array();
33 rg_log_enter('Loading forgot_send form...');
34 $data = array(); $headers = array();
34 35 $r = do_req($test_url . '/op/forgot_send', $data, $headers); $r = do_req($test_url . '/op/forgot_send', $data, $headers);
35 36 if ($r === FALSE) { if ($r === FALSE) {
36 37 rg_log("Cannot load forgot pass page!"); rg_log("Cannot load forgot pass page!");
37 38 exit(1); exit(1);
38 39 } }
39 rg_log('Posting the forgot pass form...');
40 rg_log('Posting the forgot_send form...');
40 41 $data = array( $data = array(
41 42 'email' => $rg_ui['email'], 'email' => $rg_ui['email'],
42 43 'doit' => 1 'doit' => 1
43 44 ); );
45 $headers = array();
44 46 $r = do_req($test_url . '/op/forgot_send', $data, $headers); $r = do_req($test_url . '/op/forgot_send', $data, $headers);
45 47 if (!strstr($r['body'], 'your inbox and follow the instructions')) { if (!strstr($r['body'], 'your inbox and follow the instructions')) {
46 48 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
 
... ... rg_log_exit();
64 66
65 67 rg_log(''); rg_log('');
66 68 rg_log_enter('Loading token from mail...'); rg_log_enter('Loading token from mail...');
67 $k = 'DEBUG::0::mail';
68 $c = rg_cache_get($k);
69 $k = 'DEBUG::0::mail::mail/user/forgot/recover';
70 $tries = 10;
71 while ($tries-- > 0) {
72 $c = rg_cache_get($k);
73 if ($c !== FALSE)
74 break;
75 sleep(1);
76 }
69 77 if (($c === FALSE) || !isset($c['body'])) { if (($c === FALSE) || !isset($c['body'])) {
70 78 rg_log_ml(print_r($c, TRUE)); rg_log_ml(print_r($c, TRUE));
71 79 rg_log('No c or no body in c var!'); rg_log('No c or no body in c var!');
 
... ... if (strcmp($db_token, $s) != 0) {
87 95 // we add junk because I've seen cases when some junk was appended // we add junk because I've seen cases when some junk was appended
88 96 $s .= 'junk'; $s .= 'junk';
89 97
90 $data = array();
98 rg_log('Loading the forgot link form...');
99 $data = array(); $headers = array();
91 100 $r = do_req($test_url . '/op/forgot_link/' . $s, $data, $headers); $r = do_req($test_url . '/op/forgot_link/' . $s, $data, $headers);
92 101 if ($r === FALSE) { if ($r === FALSE) {
93 102 rg_log("Cannot load forgot_link page!"); rg_log("Cannot load forgot_link page!");
 
... ... $data = array(
103 112 'lock_ip' => 1, 'lock_ip' => 1,
104 113 'doit' => 1 'doit' => 1
105 114 ); );
115 $headers = array();
106 116 $r = do_req($test_url . '/op/forgot_link', $data, $headers); $r = do_req($test_url . '/op/forgot_link', $data, $headers);
107 117 if (!strstr($r['body'], 'Home page of user')) { if (!strstr($r['body'], 'Home page of user')) {
108 118 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
109 rg_log('Cannot post forgot link form!');
119 rg_log('Cannot post forgot link form'
120 . ' ("Home page of user" string not found)!');
110 121 exit(1); exit(1);
111 122 } }
112 123 $sql = 'SELECT salt, pass FROM users WHERE uid = ' . $rg_ui['uid']; $sql = 'SELECT salt, pass FROM users WHERE uid = ' . $rg_ui['uid'];
File tests/http_keys.php changed (mode: 100644) (index fc51b0a..e0a9a9a)
... ... $_testns = 'http_keys';
21 21 $rg_cache_enable = TRUE; $rg_cache_enable = TRUE;
22 22 $rg_cache_debug = TRUE; $rg_cache_debug = TRUE;
23 23
24 prepare_http();
25
24 26 $rg_ui = array('is_admin' => 1); $rg_ui = array('is_admin' => 1);
25 27 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
26 test_login($test_url, $rg_ui, $good_sid);
28 test_login($test_url, $rg_ui);
27 29
28 30
29 31 rg_log(''); rg_log('');
30 32 rg_log_enter('Loading Admin -> Settings -> SSH...'); rg_log_enter('Loading Admin -> Settings -> SSH...');
31 33 $data = array(); $data = array();
32 $headers = array("Cookie: sid=" . $good_sid);
34 $headers = array();
33 35 $r = do_req($test_url . '/op/admin/settings/ssh', $data, $headers); $r = do_req($test_url . '/op/admin/settings/ssh', $data, $headers);
34 36 if ($r === FALSE) { if ($r === FALSE) {
35 37 rg_log("Cannot load page!"); rg_log("Cannot load page!");
 
... ... if ($r === FALSE) {
37 39 } }
38 40 if (!isset($r['tokens']['admin_settings_ssh'])) { if (!isset($r['tokens']['admin_settings_ssh'])) {
39 41 rg_log_ml('r:' . print_r($r, TRUE)); rg_log_ml('r:' . print_r($r, TRUE));
40 rg_log("No token?!");
42 rg_log("No 'admin_settings_ssh' token?!");
41 43 exit(1); exit(1);
42 44 } }
43 45 $token = $r['tokens']['admin_settings_ssh']; $token = $r['tokens']['admin_settings_ssh'];
File tests/http_login.php changed (mode: 100644) (index 2d74e60..ed98c6c)
... ... require_once("common.php");
18 18 $_testns = 'http_login'; $_testns = 'http_login';
19 19 $rg_cache_enable = TRUE; $rg_cache_enable = TRUE;
20 20
21 prepare_http();
22
21 23 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
22 24
25 $good_guy = $_testns . '-good';
26 $bad_guy = $_testns . '-bad';
27
23 28 rg_log("Test login operation"); rg_log("Test login operation");
24 29 // First we need to load the form so we can get the token // First we need to load the form so we can get the token
25 // We provide an old cookie to test if we generate a new pre-login one
30 // We provide junk cookies to test if we generate a new pre-login one
26 31 $data = array(); $data = array();
27 $headers = array("Cookie: sid=d978671c2cd12fba05be218bb1653c1ce7bfb947");
32 $headers = array();
33 $http_client = $good_guy;
28 34 $r = do_req($test_url . "/op/login", $data, $headers); $r = do_req($test_url . "/op/login", $data, $headers);
29 35 if ($r === FALSE) { if ($r === FALSE) {
30 36 rg_log("Cannot load login form."); rg_log("Cannot load login form.");
 
... ... if ($r === FALSE) {
32 38 } }
33 39 $good_sid = $r['sid']; $good_sid = $r['sid'];
34 40 $good_token = $r['tokens']['login']; $good_token = $r['tokens']['login'];
35 rg_log("good: sid=$good_sid token=$good_token");
36 if (strncmp($good_sid, "X", 1) != 0) {
37 rg_log("Seems we did not get a pre-login session!");
41 rg_log("good: token=$good_token");
42 if (strncmp($r['sid'], 'X', 1) != 0) {
43 rg_log('Seems we did not get a pre-login session!');
38 44 exit(1); exit(1);
39 45 } }
40 46
41 47
42 rg_log("Sending wrong token, because bad guy cannot control it");
43 // we need a valid token, so we do a new request
48 // we need a valid token of the attacker, so we do a new request
44 49 $data = array(); $data = array();
45 50 $headers = array(); $headers = array();
51 $http_client = $bad_guy;
46 52 $r = do_req($test_url . "/op/login", $data, $headers); $r = do_req($test_url . "/op/login", $data, $headers);
47 53 if ($r === FALSE) { if ($r === FALSE) {
48 54 rg_log("Cannot load login form."); rg_log("Cannot load login form.");
49 55 exit(1); exit(1);
50 56 } }
51 //rg_log_ml("After loading attacker login form, r: " . print_r($r, TRUE));
52 $bad_sid = $r['sid'];
53 57 $bad_token = $r['tokens']['login']; $bad_token = $r['tokens']['login'];
54 rg_log("bad: sid=$bad_sid token=$bad_token");
58 rg_log("bad_token=$bad_token");
55 59
56 rg_log("Now we can attack, we use attacker token but user cookie...");
60 rg_log("Now we can attack, we use attacker token but good cookie...");
61 rg_log("Sending wrong token, because bad guy cannot control it");
57 62 $data = array( $data = array(
58 63 "doit" => 1, "doit" => 1,
59 64 "token" => $bad_token, "token" => $bad_token,
 
... ... $data = array(
61 66 "pass" => $rg_ui['pass'], "pass" => $rg_ui['pass'],
62 67 "lock_ip" => 1 "lock_ip" => 1
63 68 ); );
64 $headers = array("Cookie: sid=" . $good_sid);
69 $headers = array();
70 $http_client = $good_guy;
65 71 $r = do_req($test_url . "/op/login?t=bad_token_good_sid", $data, $headers); $r = do_req($test_url . "/op/login?t=bad_token_good_sid", $data, $headers);
66 72 if ($r === FALSE) { if ($r === FALSE) {
67 73 rg_log_ml(print_r($r, TRUE)); rg_log_ml(print_r($r, TRUE));
 
... ... if (!strstr($r['body'], "invalid token")) {
74 80 exit(1); exit(1);
75 81 } }
76 82
77 rg_log("Do the real login post request");
83 rg_log("Do the good login post request");
78 84 $data = array( $data = array(
79 85 "doit" => 1, "doit" => 1,
80 86 "token" => $good_token, "token" => $good_token,
 
... ... $data = array(
82 88 "pass" => $rg_ui['pass'], "pass" => $rg_ui['pass'],
83 89 "lock_ip" => 1 "lock_ip" => 1
84 90 ); );
85 $headers = array("Cookie: sid=" . $good_sid);
91 $headers = array();
92 $http_client = $good_guy;
86 93 $r = do_req($test_url . "/op/login?t=good_sid_good_token", $data, $headers); $r = do_req($test_url . "/op/login?t=good_sid_good_token", $data, $headers);
87 94 if ($r === FALSE) { if ($r === FALSE) {
88 95 rg_log_ml("Cannot login: " . print_r($r, TRUE)); rg_log_ml("Cannot login: " . print_r($r, TRUE));
 
... ... if (strstr($r['body'], "invalid user")) {
95 102 } }
96 103
97 104 rg_log("Check what happens if we are logged in and want to login again"); rg_log("Check what happens if we are logged in and want to login again");
98 $r = test_login($test_url, $rg_ui, $good_sid);
105 $r = test_login($test_url, $rg_ui);
99 106 if ($r === FALSE) { if ($r === FALSE) {
100 107 rg_log_ml(print_r($r, TRUE)); rg_log_ml(print_r($r, TRUE));
101 108 rg_log("Seems we cannot login again if we are already logged in!"); rg_log("Seems we cannot login again if we are already logged in!");
File tests/http_settings.php changed (mode: 100644) (index e4aae6e..c9f3806)
... ... require_once("common.php");
20 20 $_testns = 'http_settings'; $_testns = 'http_settings';
21 21 $rg_cache_enable = TRUE; $rg_cache_enable = TRUE;
22 22
23 prepare_http();
24
23 25 $now = time(); $now = time();
24 26
25 27 rg_log("Testing if caching works: cache_enable=" . ($rg_cache_enable ? "true" : "false")); rg_log("Testing if caching works: cache_enable=" . ($rg_cache_enable ? "true" : "false"));
 
... ... if ($r !== FALSE) {
41 43 test_restore($db); test_restore($db);
42 44
43 45 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
44 $r = test_login($test_url, $rg_ui, $good_sid);
46 $r = test_login($test_url, $rg_ui);
45 47 if ($r === FALSE) { if ($r === FALSE) {
46 48 rg_log("Cannot login!"); rg_log("Cannot login!");
47 49 exit(1); exit(1);
 
... ... if ($r === FALSE) {
50 52 rg_log(''); rg_log('');
51 53 rg_log("Loading change pass form"); rg_log("Loading change pass form");
52 54 $data = array(); $data = array();
53 $headers = array("Cookie: sid=" . $good_sid);
55 $headers = array();
54 56 $r = do_req($test_url . "/op/settings/change_pass?t=load_change_pass_form", $data, $headers); $r = do_req($test_url . "/op/settings/change_pass?t=load_change_pass_form", $data, $headers);
55 57 if (!strstr($r['body'], "action=\"/op/settings/change_pass\"")) { if (!strstr($r['body'], "action=\"/op/settings/change_pass\"")) {
56 58 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
 
... ... $data = array(
68 70 "pass1" => "bbbb", "pass1" => "bbbb",
69 71 "pass2" => "bbbb" "pass2" => "bbbb"
70 72 ); );
71 $headers = array("Cookie: sid=" . $good_sid);
73 $headers = array();
72 74 $r = do_req($test_url . "/op/settings/change_pass?t=post_change_pass_form", $data, $headers); $r = do_req($test_url . "/op/settings/change_pass?t=post_change_pass_form", $data, $headers);
73 75 if (!strstr($r['body'], "Password has been successfully updated")) { if (!strstr($r['body'], "Password has been successfully updated")) {
74 76 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
 
... ... if (!strstr($r['body'], "Password has been successfully updated")) {
79 81
80 82 rg_log(''); rg_log('');
81 83 rg_log("Now, try to login with the old password"); rg_log("Now, try to login with the old password");
82 $r2 = test_login($test_url, $rg_ui, $junk);
84 $r2 = test_login($test_url, $rg_ui);
83 85 if ($r2 !== FALSE) { if ($r2 !== FALSE) {
84 86 rg_log("Seems we were able to login with the old password!"); rg_log("Seems we were able to login with the old password!");
85 87 exit(1); exit(1);
 
... ... if ($r2 !== FALSE) {
90 92 rg_log(''); rg_log('');
91 93 rg_log("Change back the password"); rg_log("Change back the password");
92 94 $data = array(); $data = array();
93 $headers = array("Cookie: sid=" . $good_sid);
95 $headers = array();
94 96 $r = do_req($test_url . "/op/settings/change_pass?t=load_change_pass_form", $data, $headers); $r = do_req($test_url . "/op/settings/change_pass?t=load_change_pass_form", $data, $headers);
95 97 if (!strstr($r['body'], "action=\"/op/settings/change_pass\"")) { if (!strstr($r['body'], "action=\"/op/settings/change_pass\"")) {
96 98 rg_log("Cannot load change pass form!"); rg_log("Cannot load change pass form!");
 
... ... $data = array(
104 106 "pass1" => $rg_ui['pass'], "pass1" => $rg_ui['pass'],
105 107 "pass2" => $rg_ui['pass'] "pass2" => $rg_ui['pass']
106 108 ); );
107 $headers = array("Cookie: sid=" . $good_sid);
109 $headers = array();
108 110 $r = do_req($test_url . "/op/settings/change_pass?t=change_back_the_password", $data, $headers); $r = do_req($test_url . "/op/settings/change_pass?t=change_back_the_password", $data, $headers);
109 111 if ($r === FALSE) { if ($r === FALSE) {
110 112 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
 
... ... rg_log("Testing edit info section");
119 121 rg_log(''); rg_log('');
120 122 rg_log("Loading edit info form"); rg_log("Loading edit info form");
121 123 $data = array(); $data = array();
122 $headers = array("Cookie: sid=" . $good_sid);
124 $headers = array();
123 125 $r = do_req($test_url . "/op/settings/edit_info?t=load_edit_info_form", $data, $headers); $r = do_req($test_url . "/op/settings/edit_info?t=load_edit_info_form", $data, $headers);
124 126 if ($r === FALSE) { if ($r === FALSE) {
125 127 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
 
... ... $data = array(
139 141 "plan_id" => 5, "plan_id" => 5,
140 142 "session_time" => $session_time "session_time" => $session_time
141 143 ); );
142 $headers = array("Cookie: sid=" . $good_sid);
144 $headers = array();
143 145 $r = do_req($test_url . "/op/settings/edit_info?t=post_edit_info_form", $data, $headers); $r = do_req($test_url . "/op/settings/edit_info?t=post_edit_info_form", $data, $headers);
144 146 if (!strstr($r['body'], "Information has been successfully updated")) { if (!strstr($r['body'], "Information has been successfully updated")) {
145 147 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
 
... ... if ($row['session_time'] != $session_time) {
172 174
173 175 rg_log(''); rg_log('');
174 176 rg_log("Testing SSH keys"); rg_log("Testing SSH keys");
175 $key = rg_test_upload_ssh_key($db, $rg_ui, "http_settings", $good_sid);
177 $key = rg_test_upload_ssh_key($db, $rg_ui, 'http_settings');
176 178 $key = trim($key); $key = trim($key);
177 179 // the key upload stuff will change < and > to empty. // the key upload stuff will change < and > to empty.
178 180 $sql = "SELECT * FROM keys WHERE key = '" . $key . "'"; $sql = "SELECT * FROM keys WHERE key = '" . $key . "'";
 
... ... rg_log('');
192 194 rg_log("Now, testing deletion: key_id=$key_id"); rg_log("Now, testing deletion: key_id=$key_id");
193 195 rg_log("Loading ssh keys form"); rg_log("Loading ssh keys form");
194 196 $data = array(); $data = array();
195 $headers = array("Cookie: sid=" . $good_sid);
197 $headers = array();
196 198 $r = do_req($test_url . "/op/settings/keys?t=load_key_form_del", $data, $headers); $r = do_req($test_url . "/op/settings/keys?t=load_key_form_del", $data, $headers);
197 199 if ($r === FALSE) { if ($r === FALSE) {
198 200 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
 
... ... if ($r === FALSE) {
201 203 } }
202 204 rg_log("Posting delete keys form"); rg_log("Posting delete keys form");
203 205 $data = array("delete" => 1, "token" => $r['tokens']['keys'], "key_delete_ids[$key_id]" => "on"); $data = array("delete" => 1, "token" => $r['tokens']['keys'], "key_delete_ids[$key_id]" => "on");
204 $headers = array("Cookie: sid=" . $good_sid);
206 $headers = array();
205 207 $r = do_req($test_url . "/op/settings/keys?t=post_key_form_del", $data, $headers); $r = do_req($test_url . "/op/settings/keys?t=post_key_form_del", $data, $headers);
206 208 if (!strstr($r['body'], "success")) { if (!strstr($r['body'], "success")) {
207 209 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
File tests/http_top.php changed (mode: 100644) (index a8b25e1..763891b)
... ... require_once("common.php");
20 20 $_testns = 'http_top'; $_testns = 'http_top';
21 21 $rg_cache_enable = TRUE; $rg_cache_enable = TRUE;
22 22
23 prepare_http();
24
23 25 // TODO: donate has some problems with input + border (tidy)! // TODO: donate has some problems with input + border (tidy)!
24 26 $_list = array("features", "discover", "download", "pricing", "tos", $_list = array("features", "discover", "download", "pricing", "tos",
25 27 "create_account", "login"); "create_account", "login");
File tests/http_totp.php changed (mode: 100644) (index e8a753d..0f3e0b2)
... ... $rg_cache_debug = TRUE;
25 25
26 26 $rg_user_max_len = 60; $rg_user_max_len = 60;
27 27
28 prepare_http();
29
28 30 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
29 31
30 32 // Add an totp token to this account // Add an totp token to this account
 
... ... if ($r === FALSE) {
48 50 rg_log("Cannot load login form."); rg_log("Cannot load login form.");
49 51 exit(1); exit(1);
50 52 } }
51 $good_sid = $r['sid'];
52 53 $good_token = $r['tokens']['login']; $good_token = $r['tokens']['login'];
53 54 rg_log_exit(); rg_log_exit();
54 55
55 56
56 57 rg_log(''); rg_log('');
57 rg_log_enter("Do the login without login token (sid=$good_sid token=$good_token)...");
58 rg_log_enter("Do the login without login token (token=$good_token)...");
58 59 $data = array( $data = array(
59 60 "doit" => 1, "doit" => 1,
60 61 "token" => $good_token, "token" => $good_token,
 
... ... $data = array(
62 63 "pass" => $rg_ui['pass'], "pass" => $rg_ui['pass'],
63 64 "login_token" => '', "login_token" => '',
64 65 "lock_ip" => 0); "lock_ip" => 0);
65 $headers = array("Cookie: sid=" . $good_sid);
66 $headers = array();
66 67 $r = do_req($test_url . "/op/login", $data, $headers); $r = do_req($test_url . "/op/login", $data, $headers);
67 68 if ($r === FALSE) { if ($r === FALSE) {
68 69 rg_log_ml('r=' . print_r($r, TRUE)); rg_log_ml('r=' . print_r($r, TRUE));
 
... ... rg_log_exit();
79 80
80 81
81 82 rg_log(''); rg_log('');
82 rg_log_enter("Do the login (sid=$good_sid token=$good_token"
83 . " login_token=$lt)...");
83 rg_log_enter("Do the login (token=$good_token login_token=$lt)...");
84 84 $data = array( $data = array(
85 85 "doit" => 1, "doit" => 1,
86 86 "token" => $good_token, "token" => $good_token,
 
... ... $data = array(
88 88 "pass" => $rg_ui['pass'], "pass" => $rg_ui['pass'],
89 89 "login_token" => $lt, "login_token" => $lt,
90 90 "lock_ip" => 0); "lock_ip" => 0);
91 $headers = array("Cookie: sid=" . $good_sid);
91 $headers = array();
92 92 $r = do_req($test_url . "/op/login", $data, $headers); $r = do_req($test_url . "/op/login", $data, $headers);
93 93 if ($r === FALSE) { if ($r === FALSE) {
94 94 rg_log_ml('r=' . print_r($r, TRUE)); rg_log_ml('r=' . print_r($r, TRUE));
 
... ... if (strstr($r['body'], "invalid user")) {
100 100 rg_log("Login invalid!"); rg_log("Login invalid!");
101 101 exit(1); exit(1);
102 102 } }
103 $good_sid = $r['sid'];
104 103 rg_log_exit(); rg_log_exit();
105 104
106 105
 
... ... rg_log('');
108 107 rg_log_enter('Testing device enrollment...'); rg_log_enter('Testing device enrollment...');
109 108 rg_log('Loading enroll form...'); rg_log('Loading enroll form...');
110 109 $data = array(); $data = array();
111 $headers = array("Cookie: sid=" . $good_sid);
110 $headers = array();
112 111 $r = do_req($test_url . "/op/settings/totp/enroll", $data, $headers); $r = do_req($test_url . "/op/settings/totp/enroll", $data, $headers);
113 112 if ($r === FALSE) { if ($r === FALSE) {
114 113 rg_log("Cannot load enroll page!"); rg_log("Cannot load enroll page!");
 
... ... $data = array(
129 128 'totp::secret' => $key, 'totp::secret' => $key,
130 129 'totp::ver' => rg_totp_compute($key, time() / 30, 6) 'totp::ver' => rg_totp_compute($key, time() / 30, 6)
131 130 ); );
132 $headers = array("Cookie: sid=" . $good_sid);
131 $headers = array();
133 132 $r = do_req($test_url . "/op/settings/totp/enroll", $data, $headers); $r = do_req($test_url . "/op/settings/totp/enroll", $data, $headers);
134 133 if (!strstr($r['body'], 'You enrolled your new device with success')) { if (!strstr($r['body'], 'You enrolled your new device with success')) {
135 134 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
 
... ... rg_log_exit();
149 148
150 149 rg_log(''); rg_log('');
151 150 rg_log_enter('Testing the deletion of scratch codes'); rg_log_enter('Testing the deletion of scratch codes');
152 $sc1 = rg_test_sc_generate($db, $rg_ui, $good_sid);
151 $sc1 = rg_test_sc_generate($db, $rg_ui);
153 152 sleep(1); // to not have the same itime sleep(1); // to not have the same itime
154 $sc2 = rg_test_sc_generate($db, $rg_ui, $good_sid);
153 $sc2 = rg_test_sc_generate($db, $rg_ui);
155 154 $sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid']; $sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid'];
156 155 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
157 156 $list = array(); $list = array();
 
... ... while (($row = rg_sql_fetch_array($res))) {
161 160 rg_sql_free_result($res); rg_sql_free_result($res);
162 161 rg_log_ml('list=' . print_r($list, TRUE)); rg_log_ml('list=' . print_r($list, TRUE));
163 162
164 $headers = array("Cookie: sid=" . $good_sid);
163 $headers = array();
165 164 $r = do_req($test_url . "/op/settings/totp/sc", $data, $headers); $r = do_req($test_url . "/op/settings/totp/sc", $data, $headers);
166 165 if ($r === FALSE) { if ($r === FALSE) {
167 166 rg_log("Cannot load sc page!"); rg_log("Cannot load sc page!");
 
... ... $data = array(
175 174 'delete_list[' . $list[0] . ']' => 'on', 'delete_list[' . $list[0] . ']' => 'on',
176 175 'delete_list[' . $list[1] . ']' => 'on' 'delete_list[' . $list[1] . ']' => 'on'
177 176 ); );
178 $headers = array("Cookie: sid=" . $good_sid);
177 $headers = array();
179 178 $r = do_req($test_url . "/op/settings/totp/sc", $data, $headers); $r = do_req($test_url . "/op/settings/totp/sc", $data, $headers);
180 179 if (!strstr($r['body'], 'success')) { if (!strstr($r['body'], 'success')) {
181 180 rg_log("Cannot delete scratch codes!"); rg_log("Cannot delete scratch codes!");
 
... ... $good_token = $r['tokens']['login_tokens_list'];
238 237 $data = array( 'delete' => 1, 'token' => $good_token); $data = array( 'delete' => 1, 'token' => $good_token);
239 238 foreach ($list as $id) foreach ($list as $id)
240 239 $data['delete_list[' . $id . ']'] = 'on'; $data['delete_list[' . $id . ']'] = 'on';
241 $headers = array("Cookie: sid=" . $good_sid);
240 $headers = array();
242 241 $r = do_req($test_url . "/op/settings/totp/list", $data, $headers); $r = do_req($test_url . "/op/settings/totp/list", $data, $headers);
243 242 if (!strstr($r['body'], 'success')) { if (!strstr($r['body'], 'success')) {
244 243 rg_log("Cannot delete login tokens!"); rg_log("Cannot delete login tokens!");
File tests/pr_anon.php changed (mode: 100644) (index 488524d..9fb00f8)
... ... $rg_cache_enable = TRUE;
23 23 $rg_cache_debug = TRUE; $rg_cache_debug = TRUE;
24 24 $rg_event_socket = "/var/lib/rocketgit/sockets/event.sock"; $rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";
25 25
26 prepare_http();
26 27
27 28 rg_log(''); rg_log('');
28 29 rg_log_enter('Creating user...'); rg_log_enter('Creating user...');
 
... ... rg_log_exit();
32 33
33 34 rg_log(''); rg_log('');
34 35 rg_log_enter('Login...'); rg_log_enter('Login...');
35 $r = test_login($test_url, $rg_ui, $good_sid);
36 $r = test_login($test_url, $rg_ui);
36 37 if ($r === FALSE) { if ($r === FALSE) {
37 38 rg_log("Cannot login!"); rg_log("Cannot login!");
38 39 exit(1); exit(1);
 
... ... rg_log_exit();
42 43
43 44 rg_log(''); rg_log('');
44 45 rg_log_enter('Creating and upload a ssh key...'); rg_log_enter('Creating and upload a ssh key...');
45 rg_test_upload_ssh_key($db, $rg_ui, 'pr_anon', $good_sid);
46 rg_test_upload_ssh_key($db, $rg_ui, 'pr_anon');
46 47 rg_log_exit(); rg_log_exit();
47 48
48 49
 
... ... rg_log_exit();
145 146 rg_log(''); rg_log('');
146 147 rg_log_enter('Loading the merge requests page - just to see it appears there'); rg_log_enter('Loading the merge requests page - just to see it appears there');
147 148 $data = array(); $data = array();
148 $headers = array("Cookie: sid=" . $good_sid);
149 $headers = array();
149 150 $r = do_req($test_url . '/user/' . $rg_ui['username'] $r = do_req($test_url . '/user/' . $rg_ui['username']
150 151 . '/' . $repo['name'] . '/mr?t=pr_anon', $data, $headers); . '/' . $repo['name'] . '/mr?t=pr_anon', $data, $headers);
151 152 if (!strstr($r['body'], '>' . $mri['id'] . '<')) { if (!strstr($r['body'], '>' . $mri['id'] . '<')) {
 
... ... rg_log_exit();
159 160 rg_log(''); rg_log('');
160 161 rg_log_enter('Loading the merge request specific page'); rg_log_enter('Loading the merge request specific page');
161 162 $data = array(); $data = array();
162 $headers = array("Cookie: sid=" . $good_sid);
163 $headers = array();
163 164 $r = do_req($test_url . $url . $mri['id'] . '?t=pr_anon', $data, $headers); $r = do_req($test_url . $url . $mri['id'] . '?t=pr_anon', $data, $headers);
164 165 if (!strstr($r['body'], 'This pull request can be merged without conflicts')) { if (!strstr($r['body'], 'This pull request can be merged without conflicts')) {
165 166 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
 
... ... if ($r['ok'] != 1) {
225 226 } }
226 227 $mri = rg_test_mr_in_db($db, $repo['repo_id']); $mri = rg_test_mr_in_db($db, $repo['repo_id']);
227 228 $data = array(); $data = array();
228 $headers = array("Cookie: sid=" . $good_sid);
229 $headers = array();
229 230 $r = do_req($test_url . $url . $mri['id'] . '?t=pr_anon', $data, $headers); $r = do_req($test_url . $url . $mri['id'] . '?t=pr_anon', $data, $headers);
230 231 if (!strstr($r['body'], 'This pull request cannot be merged without conflicts')) { if (!strstr($r['body'], 'This pull request cannot be merged without conflicts')) {
231 232 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
 
... ... rg_log_exit();
238 239 rg_log(''); rg_log('');
239 240 rg_log_enter('Loading conflicts page...'); rg_log_enter('Loading conflicts page...');
240 241 $data = array(); $data = array();
241 $headers = array("Cookie: sid=" . $good_sid);
242 $headers = array();
242 243 $r = do_req($test_url . $url . $mri['id'] . '?t=pr_anon', $data, $headers); $r = do_req($test_url . $url . $mri['id'] . '?t=pr_anon', $data, $headers);
243 244 if (!strstr($r['body'], 'Conflicts:')) { if (!strstr($r['body'], 'Conflicts:')) {
244 245 rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml('r: ' . print_r($r, TRUE));
File tests/source.php changed (mode: 100644) (index 103ac97..1075894)
... ... require_once("common.php");
18 18 $_testns = 'source'; $_testns = 'source';
19 19 $rg_cache_enable = TRUE; $rg_cache_enable = TRUE;
20 20
21 prepare_http();
21 22
22 23 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
23 24 rg_log('Created user ' . $rg_ui['uid']); rg_log('Created user ' . $rg_ui['uid']);
24 25 rg_test_create_repo($db, $rg_ui, $repo); rg_test_create_repo($db, $rg_ui, $repo);
25 26 rg_log('Created repo ' . $repo['repo_id']); rg_log('Created repo ' . $repo['repo_id']);
26 $r = test_login($test_url, $rg_ui, $good_sid);
27 $r = test_login($test_url, $rg_ui);
27 28 if ($r === FALSE) { if ($r === FALSE) {
28 29 rg_log("Cannot login!"); rg_log("Cannot login!");
29 30 exit(1); exit(1);
 
... ... if ($r === FALSE) {
32 33
33 34 rg_log(''); rg_log('');
34 35 rg_log_enter('Uploading a key...'); rg_log_enter('Uploading a key...');
35 rg_test_upload_ssh_key($db, $rg_ui, 'source', $good_sid);
36 rg_test_upload_ssh_key($db, $rg_ui, 'source');
36 37 rg_log_exit(); rg_log_exit();
37 38
38 39
 
... ... if ($r['ok'] != 1) {
55 56 exit(1); exit(1);
56 57 } }
57 58 $data = array(); $data = array();
58 $headers = array("Cookie: sid=" . $good_sid);
59 $headers = array();
59 60 rg_log('Check "log" menu...'); rg_log('Check "log" menu...');
60 61 $r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username']) $r = do_req($test_url . '/user/' . rawurlencode($rg_ui['username'])
61 62 . '/' . rawurlencode($repo['name']) . '/source/log', . '/' . rawurlencode($repo['name']) . '/source/log',
File tests/ssh.php changed (mode: 100644) (index ec2a99a..5f90361)
... ... $rg_cache_enable = TRUE;
20 20 $rg_cache_debug = TRUE; $rg_cache_debug = TRUE;
21 21 $rg_event_socket = "/var/lib/rocketgit/sockets/event.sock"; $rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";
22 22
23 prepare_http();
24
23 25 // This test makes sense only on my devel machine // This test makes sense only on my devel machine
24 26 if (php_uname("n") != "r1.embedromix.ro") { if (php_uname("n") != "r1.embedromix.ro") {
27 // TODO: start a sshd daemon?
25 28 rg_log("OK!"); rg_log("OK!");
26 29 exit(0); exit(0);
27 30 } }
 
... ... if (php_uname("n") != "r1.embedromix.ro") {
30 33 rg_log("Creating a user..."); rg_log("Creating a user...");
31 34 rg_test_create_user($db, $rg_ui); rg_test_create_user($db, $rg_ui);
32 35 rg_test_create_repo($db, $rg_ui, $repo); rg_test_create_repo($db, $rg_ui, $repo);
33 $r = test_login($test_url, $rg_ui, $good_sid);
36 $r = test_login($test_url, $rg_ui);
34 37 if ($r === FALSE) { if ($r === FALSE) {
35 38 rg_log("Cannot login!"); rg_log("Cannot login!");
36 39 exit(1); exit(1);
37 40 } }
38 41
39 $cmd = "ssh -i keys/" . $rg_ui['uid'] . " rocketgit@rg" . " -p 2222";
42 $cmd = 'ssh -i keys/' . $rg_ui['uid'] . ' rocketgit@' . $rg_ssh_host
43 . ' -p ' . $rg_ssh_port;
40 44
41 rg_test_upload_ssh_key($db, $rg_ui, $rg_ui['uid'], $good_sid);
45 rg_test_upload_ssh_key($db, $rg_ui, $rg_ui['uid']);
42 46
43 47 rg_log(''); rg_log('');
44 48 $list = array('', 'status', 'repos', 'repo', 'totp'); $list = array('', 'status', 'repos', 'repo', 'totp');
 
... ... if (!strstr($r['data'], 'Success!')) {
201 205 } }
202 206
203 207
204 $sc = rg_test_sc_generate($db, $rg_ui, $good_sid);
208 $sc = rg_test_sc_generate($db, $rg_ui);
205 209 $sql = "UPDATE scratch_codes SET sc = '0' || substring(sc from 1 for 7)" $sql = "UPDATE scratch_codes SET sc = '0' || substring(sc from 1 for 7)"
206 210 . " WHERE uid = " . $rg_ui['uid']; . " WHERE uid = " . $rg_ui['uid'];
207 211 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
 
... ... if (strstr($r['data'], 'Success!')) {
244 248 } }
245 249
246 250
247 $sc = rg_test_sc_generate($db, $rg_ui, $good_sid);
251 $sc = rg_test_sc_generate($db, $rg_ui);
248 252
249 253
250 254 rg_log(''); rg_log('');
File tests/wh_cloud.php changed (mode: 100644) (index a84f27b..478ce80)
... ... $rg_cache_enable = TRUE;
20 20 $rg_cache_debug = TRUE; $rg_cache_debug = TRUE;
21 21 $rg_event_socket = "/var/lib/rocketgit/sockets/event.sock"; $rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";
22 22
23 prepare_http();
24
23 25 $home = getenv('HOME'); $home = getenv('HOME');
24 26 if (!file_exists($home . '/.aws/conf.php')) { if (!file_exists($home . '/.aws/conf.php')) {
25 27 rg_log('no ~/.aws.conf.php file!'); rg_log('no ~/.aws.conf.php file!');
 
... ... rg_test_create_user($db, $rg_ui);
37 39
38 40 rg_log(''); rg_log('');
39 41 rg_log_enter('Login...'); rg_log_enter('Login...');
40 $r = test_login($test_url, $rg_ui, $good_sid);
42 $r = test_login($test_url, $rg_ui);
41 43 if ($r === FALSE) { if ($r === FALSE) {
42 44 rg_log("Cannot login!"); rg_log("Cannot login!");
43 45 exit(1); exit(1);
 
... ... $extra = array(
64 66 '##repo##-##branch##-##hook_id##' '##repo##-##branch##-##hook_id##'
65 67 . '-##commit##-##date##-##time##-##ip##-##timestamp##.zip' . '-##commit##-##date##-##time##-##ip##-##timestamp##.zip'
66 68 ); );
67 rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'cloud', $extra);
69 rg_test_wh_add_edit($db, $rg_ui, 'cloud', $extra);
68 70 rg_log_exit(); rg_log_exit();
69 71
70 72
 
... ... rg_log_exit();
93 95
94 96 rg_log(''); rg_log('');
95 97 rg_log_enter('Creating and upload a ssh key...'); rg_log_enter('Creating and upload a ssh key...');
96 rg_test_upload_ssh_key($db, $rg_ui, "wh_cloud", $good_sid);
98 rg_test_upload_ssh_key($db, $rg_ui, 'wh_cloud');
97 99 rg_log_exit(); rg_log_exit();
98 100
99 101
 
... ... $extra = array(
152 154 'wh::idata::bucket' => 'buck', 'wh::idata::bucket' => 'buck',
153 155 'wh::idata::file' => 'rrr', 'wh::idata::file' => 'rrr',
154 156 ); );
155 rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'cloud', $extra);
157 rg_test_wh_add_edit($db, $rg_ui, 'cloud', $extra);
156 158 $sql = "SELECT * FROM webhooks WHERE uid = " . $rg_ui['uid'] $sql = "SELECT * FROM webhooks WHERE uid = " . $rg_ui['uid']
157 159 . " AND id = " . $wh_id; . " AND id = " . $wh_id;
158 160 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
File tests/wh_http.php changed (mode: 100644) (index 839572c..5aa4f88)
... ... function clean()
37 37 } }
38 38 register_shutdown_function('clean'); register_shutdown_function('clean');
39 39
40 prepare_http();
40 41
41 42 rg_log(''); rg_log('');
42 43 rg_log('Generating certificates...'); rg_log('Generating certificates...');
 
... ... $key3 = 'DEBUG::' . $rg_ui['uid'] . '::webhooks::' . $port3;
124 125
125 126 rg_log(''); rg_log('');
126 127 rg_log('Login...'); rg_log('Login...');
127 $r = test_login($test_url, $rg_ui, $good_sid);
128 $r = test_login($test_url, $rg_ui);
128 129 if ($r === FALSE) { if ($r === FALSE) {
129 130 rg_log("Cannot login!"); rg_log("Cannot login!");
130 131 exit(1); exit(1);
 
... ... $extra = array(
148 149 'wh::idata::itype' => 0, 'wh::idata::itype' => 0,
149 150 'wh::idata::client_ca_cert' => file_get_contents('ca/wh/certs/cacert.pem') 'wh::idata::client_ca_cert' => file_get_contents('ca/wh/certs/cacert.pem')
150 151 ); );
151 rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'http', $extra);
152 rg_test_wh_add_edit($db, $rg_ui, 'http', $extra);
152 153
153 154
154 155 rg_log(''); rg_log('');
 
... ... $extra = array(
169 170 . file_get_contents('ca/wh/private/client.key'), . file_get_contents('ca/wh/private/client.key'),
170 171 'wh::idata::client_ca_cert' => file_get_contents('ca/wh/certs/cacert.pem') 'wh::idata::client_ca_cert' => file_get_contents('ca/wh/certs/cacert.pem')
171 172 ); );
172 rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'http', $extra);
173 rg_test_wh_add_edit($db, $rg_ui, 'http', $extra);
173 174
174 175
175 176 rg_log(''); rg_log('');
 
... ... $extra = array(
189 190 'wh::idata::client_cert' => '', 'wh::idata::client_cert' => '',
190 191 'wh::idata::client_ca_cert' => file_get_contents('ca/wh/certs/cacert.pem') 'wh::idata::client_ca_cert' => file_get_contents('ca/wh/certs/cacert.pem')
191 192 ); );
192 rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'http', $extra);
193 rg_test_wh_add_edit($db, $rg_ui, 'http', $extra);
193 194
194 195
195 196 rg_log('Finding out the ids...'); rg_log('Finding out the ids...');
 
... ... $extra = array(
293 294 'wh::idata::client_cert' => 'abc <xss>', 'wh::idata::client_cert' => 'abc <xss>',
294 295 'wh::idata::client_ca_cert' => 'zzz <xss>' 'wh::idata::client_ca_cert' => 'zzz <xss>'
295 296 ); );
296 rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'http', $extra);
297 rg_test_wh_add_edit($db, $rg_ui, 'http', $extra);
297 298 $sql = "SELECT * FROM webhooks WHERE uid = " . $rg_ui['uid'] $sql = "SELECT * FROM webhooks WHERE uid = " . $rg_ui['uid']
298 299 . " AND id = " . $wh_id1; . " AND id = " . $wh_id1;
299 300 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
 
... ... foreach ($list as $k => $v) {
340 341 rg_log(''); rg_log('');
341 342 rg_log_enter('Testing the delete - loading form...'); rg_log_enter('Testing the delete - loading form...');
342 343 $data = array(); $data = array();
343 $headers = array("Cookie: sid=" . $good_sid);
344 $headers = array();
344 345 $r = do_req($test_url . "/op/settings/wh/list", $data, $headers); $r = do_req($test_url . "/op/settings/wh/list", $data, $headers);
345 346 if ($r === FALSE) { if ($r === FALSE) {
346 347 rg_log("Cannot load list form."); rg_log("Cannot load list form.");
File tests/wh_lambda.php changed (mode: 100644) (index d3f8cdd..2103c81)
... ... $rg_cache_enable = TRUE;
20 20 $rg_cache_debug = TRUE; $rg_cache_debug = TRUE;
21 21 $rg_event_socket = "/var/lib/rocketgit/sockets/event.sock"; $rg_event_socket = "/var/lib/rocketgit/sockets/event.sock";
22 22
23 prepare_http();
24
23 25 $home = getenv('HOME'); $home = getenv('HOME');
24 26 if (!file_exists($home . '/.aws/conf.php')) { if (!file_exists($home . '/.aws/conf.php')) {
25 27 rg_log('no ~/.aws.conf.php file!'); rg_log('no ~/.aws.conf.php file!');
 
... ... rg_test_create_user($db, $rg_ui);
37 39
38 40 rg_log(''); rg_log('');
39 41 rg_log_enter('Login...'); rg_log_enter('Login...');
40 $r = test_login($test_url, $rg_ui, $good_sid);
42 $r = test_login($test_url, $rg_ui);
41 43 if ($r === FALSE) { if ($r === FALSE) {
42 44 rg_log("Cannot login!"); rg_log("Cannot login!");
43 45 exit(1); exit(1);
 
... ... $extra = array(
64 66 'wh::idata::function' => 'test-function', 'wh::idata::function' => 'test-function',
65 67 'wh::idata::payload' => '{"key": "aaa branch=##branch## repo=##repo##"}' 'wh::idata::payload' => '{"key": "aaa branch=##branch## repo=##repo##"}'
66 68 ); );
67 rg_test_wh_add_edit($db, $rg_ui, $good_sid, 'lambda', $extra);
69 rg_test_wh_add_edit($db, $rg_ui, 'lambda', $extra);
68 70 rg_log_exit(); rg_log_exit();
69 71
70 72
 
... ... rg_log_exit();
93 95
94 96 rg_log(''); rg_log('');
95 97 rg_log_enter('Creating and upload a ssh key...'); rg_log_enter('Creating and upload a ssh key...');
96 rg_test_upload_ssh_key($db, $rg_ui, "wh_cloud", $good_sid);
98 rg_test_upload_ssh_key($db, $rg_ui, 'wh_cloud');
97 99 rg_log_exit(); rg_log_exit();
98 100
99 101
Hints

Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master