2019-04-29 20:27:42 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-11-23 23:31:23 -05:00
|
|
|
require 'rails_helper'
|
|
|
|
|
|
|
|
describe Hijack do
|
2017-11-27 01:43:24 -05:00
|
|
|
class Hijack::Tester < ApplicationController
|
2017-11-23 23:31:23 -05:00
|
|
|
attr_reader :io
|
|
|
|
|
|
|
|
include Hijack
|
2017-11-27 01:43:24 -05:00
|
|
|
|
2017-11-28 00:47:20 -05:00
|
|
|
def initialize(env = {})
|
2017-11-23 23:31:23 -05:00
|
|
|
@io = StringIO.new
|
2017-11-28 00:47:20 -05:00
|
|
|
|
|
|
|
env.merge!(
|
2017-11-27 17:28:40 -05:00
|
|
|
"rack.hijack" => lambda { @io },
|
|
|
|
"rack.input" => StringIO.new
|
2017-11-23 23:31:23 -05:00
|
|
|
)
|
2017-11-28 00:47:20 -05:00
|
|
|
|
|
|
|
self.request = ActionController::TestRequest.new(env, nil, nil)
|
|
|
|
|
2017-11-27 01:43:24 -05:00
|
|
|
# we need this for the 418
|
|
|
|
self.response = ActionDispatch::Response.new
|
2017-11-23 23:31:23 -05:00
|
|
|
end
|
|
|
|
|
2017-11-27 01:43:24 -05:00
|
|
|
def hijack_test(&blk)
|
|
|
|
hijack(&blk)
|
2017-11-23 23:31:23 -05:00
|
|
|
end
|
2017-11-27 01:43:24 -05:00
|
|
|
|
2017-11-23 23:31:23 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
let :tester do
|
|
|
|
Hijack::Tester.new
|
|
|
|
end
|
|
|
|
|
2017-11-28 00:47:20 -05:00
|
|
|
context "Request Tracker integration" do
|
|
|
|
let :logger do
|
|
|
|
lambda do |env, data|
|
|
|
|
@calls += 1
|
|
|
|
@status = data[:status]
|
|
|
|
@total = data[:timing][:total_duration]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
Middleware::RequestTracker.register_detailed_request_logger logger
|
|
|
|
@calls = 0
|
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
|
|
|
Middleware::RequestTracker.unregister_detailed_request_logger logger
|
|
|
|
end
|
|
|
|
|
|
|
|
it "can properly track execution" do
|
|
|
|
app = lambda do |env|
|
|
|
|
tester = Hijack::Tester.new(env)
|
|
|
|
tester.hijack_test do
|
|
|
|
render body: "hello", status: 201
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
env = {}
|
|
|
|
middleware = Middleware::RequestTracker.new(app)
|
|
|
|
|
|
|
|
middleware.call(env)
|
|
|
|
|
|
|
|
expect(@calls).to eq(1)
|
|
|
|
expect(@status).to eq(201)
|
|
|
|
expect(@status).to be > 0
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-11-27 17:28:40 -05:00
|
|
|
it "dupes the request params and env" do
|
|
|
|
orig_req = tester.request
|
|
|
|
copy_req = nil
|
|
|
|
|
|
|
|
tester.hijack_test do
|
|
|
|
copy_req = request
|
|
|
|
render body: "hello world", status: 200
|
|
|
|
end
|
|
|
|
|
|
|
|
expect(copy_req.object_id).not_to eq(orig_req.object_id)
|
|
|
|
end
|
|
|
|
|
2017-12-06 18:30:50 -05:00
|
|
|
it "handles cors" do
|
|
|
|
SiteSetting.cors_origins = "www.rainbows.com"
|
|
|
|
|
|
|
|
app = lambda do |env|
|
|
|
|
tester = Hijack::Tester.new(env)
|
|
|
|
tester.hijack_test do
|
|
|
|
render body: "hello", status: 201
|
|
|
|
end
|
|
|
|
|
|
|
|
expect(tester.io.string).to include("Access-Control-Allow-Origin: www.rainbows.com")
|
|
|
|
end
|
|
|
|
|
|
|
|
env = {}
|
|
|
|
middleware = Discourse::Cors.new(app)
|
|
|
|
middleware.call(env)
|
|
|
|
|
|
|
|
# it can do pre-flight
|
|
|
|
env = {
|
|
|
|
'REQUEST_METHOD' => 'OPTIONS',
|
|
|
|
'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'GET'
|
|
|
|
}
|
|
|
|
|
|
|
|
status, headers, _body = middleware.call(env)
|
|
|
|
|
|
|
|
expect(status).to eq(200)
|
|
|
|
|
|
|
|
expected = {
|
|
|
|
"Access-Control-Allow-Origin" => "www.rainbows.com",
|
2018-10-15 19:46:55 -04:00
|
|
|
"Access-Control-Allow-Headers" => "Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id",
|
2018-09-16 21:37:01 -04:00
|
|
|
"Access-Control-Allow-Credentials" => "true",
|
|
|
|
"Access-Control-Allow-Methods" => "POST, PUT, GET, OPTIONS, DELETE"
|
2017-12-06 18:30:50 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
expect(headers).to eq(expected)
|
|
|
|
end
|
|
|
|
|
2018-01-20 22:26:42 -05:00
|
|
|
it "handles transfers headers" do
|
|
|
|
tester.response.headers["Hello-World"] = "sam"
|
|
|
|
tester.hijack_test do
|
|
|
|
expires_in 1.year
|
|
|
|
render body: "hello world", status: 402
|
|
|
|
end
|
|
|
|
|
|
|
|
expect(tester.io.string).to include("Hello-World: sam")
|
|
|
|
end
|
|
|
|
|
2017-11-27 01:43:24 -05:00
|
|
|
it "handles expires_in" do
|
|
|
|
tester.hijack_test do
|
|
|
|
expires_in 1.year
|
|
|
|
render body: "hello world", status: 402
|
|
|
|
end
|
|
|
|
|
|
|
|
expect(tester.io.string).to include("max-age=31556952")
|
|
|
|
end
|
|
|
|
|
2017-11-23 23:31:23 -05:00
|
|
|
it "renders non 200 status if asked for" do
|
|
|
|
tester.hijack_test do
|
|
|
|
render body: "hello world", status: 402
|
|
|
|
end
|
|
|
|
|
|
|
|
expect(tester.io.string).to include("402")
|
|
|
|
expect(tester.io.string).to include("world")
|
|
|
|
end
|
|
|
|
|
2017-11-27 18:59:53 -05:00
|
|
|
it "handles send_file correctly" do
|
|
|
|
tester.hijack_test do
|
|
|
|
send_file __FILE__, disposition: nil
|
|
|
|
end
|
|
|
|
|
|
|
|
expect(tester.io.string).to start_with("HTTP/1.1 200")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "renders a redirect correctly" do
|
2018-01-18 16:26:18 -05:00
|
|
|
Process.stubs(:clock_gettime).returns(1.0)
|
2017-11-27 18:59:53 -05:00
|
|
|
tester.hijack_test do
|
2018-01-18 16:26:18 -05:00
|
|
|
Process.stubs(:clock_gettime).returns(2.0)
|
2017-11-27 18:59:53 -05:00
|
|
|
redirect_to 'http://awesome.com'
|
|
|
|
end
|
|
|
|
|
2018-01-25 02:43:32 -05:00
|
|
|
result = "HTTP/1.1 302 Found\r\nLocation: http://awesome.com\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 84\r\nConnection: close\r\nX-Runtime: 1.000000\r\n\r\n<html><body>You are being <a href=\"http://awesome.com\">redirected</a>.</body></html>"
|
2017-11-27 18:59:53 -05:00
|
|
|
expect(tester.io.string).to eq(result)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "renders stuff correctly if is empty" do
|
2018-01-18 16:26:18 -05:00
|
|
|
Process.stubs(:clock_gettime).returns(1.0)
|
2017-11-27 18:59:53 -05:00
|
|
|
tester.hijack_test do
|
2018-01-18 16:26:18 -05:00
|
|
|
Process.stubs(:clock_gettime).returns(2.0)
|
2017-11-27 18:59:53 -05:00
|
|
|
render body: nil
|
|
|
|
end
|
|
|
|
|
2018-01-25 02:43:32 -05:00
|
|
|
result = "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\nX-Runtime: 1.000000\r\n\r\n"
|
2017-11-27 18:59:53 -05:00
|
|
|
expect(tester.io.string).to eq(result)
|
|
|
|
end
|
|
|
|
|
2017-11-23 23:31:23 -05:00
|
|
|
it "renders stuff correctly if it works" do
|
2018-01-18 16:26:18 -05:00
|
|
|
Process.stubs(:clock_gettime).returns(1.0)
|
2017-11-23 23:31:23 -05:00
|
|
|
tester.hijack_test do
|
2018-01-18 16:26:18 -05:00
|
|
|
Process.stubs(:clock_gettime).returns(2.0)
|
2017-11-23 23:31:23 -05:00
|
|
|
render plain: "hello world"
|
|
|
|
end
|
|
|
|
|
2018-01-25 02:43:32 -05:00
|
|
|
result = "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 11\r\nConnection: close\r\nX-Runtime: 1.000000\r\n\r\nhello world"
|
2017-11-23 23:31:23 -05:00
|
|
|
expect(tester.io.string).to eq(result)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns 500 by default" do
|
2018-01-18 16:26:18 -05:00
|
|
|
Process.stubs(:clock_gettime).returns(1.0)
|
2017-11-23 23:31:23 -05:00
|
|
|
tester.hijack_test
|
|
|
|
|
2018-01-25 02:43:32 -05:00
|
|
|
expected = "HTTP/1.1 500 Internal Server Error\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\nX-Runtime: 0.000000\r\n\r\n"
|
2017-11-23 23:31:23 -05:00
|
|
|
expect(tester.io.string).to eq(expected)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "does not run the block if io is closed" do
|
|
|
|
tester.io.close
|
|
|
|
|
|
|
|
ran = false
|
|
|
|
tester.hijack_test do
|
|
|
|
ran = true
|
|
|
|
end
|
|
|
|
|
|
|
|
expect(ran).to eq(false)
|
|
|
|
end
|
|
|
|
end
|