"
end
if links ~= "" then
html = html:gsub('', '")
@@ -37,12 +36,12 @@ end
local function answer_request(req_data, profile)
local portal = conf.get_sso_prefix() .. "/portal"
- if nginx.is(req_data, portal) then
+ if req_data:is(portal) then
local html = inject_data(contents("portal.html"), profile)
return nginx.return_contents(html, "text/html; charset=UTF-8")
- elseif nginx.is(req_data, portal .. ".css") then
+ elseif req_data:is(portal .. ".css") then
return nginx.return_contents(contents("portal.css"), "text/css; charset=UTF-8")
- elseif nginx.is(req_data, portal .. ".js") then
+ elseif req_data:is(portal .. ".js") then
return nginx.return_contents(contents("portal.js"), "application/javascript; charset=UTF-8")
else
return nginx.answer_not_found(req_data)
diff --git a/src/ssso_profile.lua b/src/ssso_profile.lua
deleted file mode 100644
index e1c5ed1..0000000
--- a/src/ssso_profile.lua
+++ /dev/null
@@ -1,63 +0,0 @@
-local b64 = require("ssso_base64")
-
-local function build_profile(user, password, name, email)
- return {
- u = user,
- p = password,
- n = name,
- e = email,
- }
-end
-
-local function serialize(profile)
- return (profile.u or "\025") .. "\031" ..
- (profile.p or "\025") .. "\031" ..
- (profile.n or "\025") .. "\031" ..
- (profile.e or "\025") .. "\031"
-end
-
-local function deserialize(ser)
- local profile
- local remainder = ser:gsub("^(.-)\031(.-)\031(.-)\031(.-)\031", function (u, p, n, e)
- if u == "\025" then u = nil end
- if p == "\025" then p = nil end
- if n == "\025" then n = nil end
- if e == "\025" then e = nil end
- profile = build_profile(u, p, n, e)
- return ""
- end)
- return profile, remainder
-end
-
-local function format(template, profile)
- local s = template
- s = s:gsub("\ru%.", profile.u or "")
- s = s:gsub("\rp%.", profile.p or "")
- s = s:gsub("\rn%.", profile.n or "")
- s = s:gsub("\re%.", profile.e or "")
- s = s:gsub("\rb64%(([^\r]-)%)%.", function(x) return b64.encode_base64(x) end)
- s = s:gsub("\ru64%(([^\r]-)%)%.", function(x) return b64.encode_base64url(x) end)
- return s
-end
-
-local function email(profile)
- return profile.e
-end
-
-local function name(profile)
- return profile.n
-end
-
-local function user(profile)
- return profile.u
-end
-
-return {
- build_profile = build_profile,
- deserialize = deserialize, -- TODO: test
- serialize = serialize, -- TODO: test
- email = email,
- format = format,
- name = name,
- user = user,
-}
diff --git a/src/ssso_sessions.lua b/src/ssso_sessions.lua
index c910930..a34a3e3 100644
--- a/src/ssso_sessions.lua
+++ b/src/ssso_sessions.lua
@@ -3,27 +3,27 @@ local login = require("ssso_login")
local nginx = require("ssso_nginx")
local function get_session()
- local session, jws, tslimit
+ local profile, jws, tslimit
local user, password = nginx.get_basic_auth()
if user and password then
- session = login.check_credentials_and_get_profile(user, password)
- if session then
- jws, tslimit = crypto.get_jws_and_tslimit(session)
+ profile = login.check_credentials_and_get_profile(user, password)
+ if profile then
+ jws, tslimit = crypto.get_jws_and_tslimit(profile)
end
end
- if not session then
+ if not profile then
local cookie = nginx.get_jws_cookie()
if not cookie or cookie == "" then
return nil, 401
end
- session, jws, tslimit = crypto.get_data_and_new_jws(cookie)
+ profile, jws, tslimit = crypto.get_profile_and_new_jws(cookie)
end
- if session then
+ if profile then
nginx.set_jws_cookie(jws, tslimit)
- return session, 200
+ return profile, 200
else
return nil, 403
end
diff --git a/src/ssso_sites.lua b/src/ssso_sites.lua
index bc64c7f..ebf7192 100644
--- a/src/ssso_sites.lua
+++ b/src/ssso_sites.lua
@@ -1,6 +1,6 @@
local json = require("cjson.safe")
+local id = require("ssso_identity")
local nginx = require("ssso_nginx")
-local prof = require("ssso_profile")
local known_private_re = {}
local known_sites = {}
@@ -26,7 +26,7 @@ end
local function is_known_private(req_data)
for _, r in ipairs(known_private_re) do
- if nginx.matches(req_data, r) then
+ if req_data:matches(r) then
return true
end
end
@@ -37,12 +37,12 @@ local function handle_request(req_data, auth)
if auth then
for _, site in ipairs(auth.ok) do
for _, r in ipairs(site.r) do
- if nginx.matches(req_data, r) then
+ if req_data:matches(r) then
for _, a in ipairs(site.a) do
if a[1] == "C" then
- nginx.add_cookie(a[2], prof.format(a[3], auth))
+ nginx.add_cookie(a[2], auth:format(a[3]))
elseif a[1] == "H" then
- nginx.add_header(a[2], prof.format(a[3], auth))
+ nginx.add_header(a[2], auth:format(a[3]))
end
end
return nginx.forward_request(req_data)
@@ -50,7 +50,7 @@ local function handle_request(req_data, auth)
end
end
for _, r in ipairs(auth.ko) do
- if nginx.matches(req_data, r) then
+ if req_data:matches(r) then
return nginx.redirect_to_login(req_data, 403)
end
end
@@ -83,12 +83,31 @@ local function format_pattern(pattern)
return ok
end
-local function with_sites(profile, user)
+local class__profile = {}
+setmetatable(class__profile, {__index = id.class__identity})
+
+function class__profile:build(delegate_identity, ok_list, ko_list)
+ local profile = {
+ delegate = delegate_identity,
+ ok = ok_list,
+ ko = ko_list,
+ }
+ setmetatable(profile, {__index = self})
+ return profile
+end
+
+function class__profile:build_from_lists(user, password, name, email, ok_list, ko_list)
+ local delegate_identity = id.class__identity:build(user, password, name, email)
+ return self:build(delegate_identity, ok_list, ko_list)
+end
+
+function class__profile:build_from_conf(user, password, name, email)
local f, site, go_on
local ok_list = {}
local ko_list = {}
- for _, name in ipairs(known_sites) do
- f = io.open(name, "r")
+ local delegate_identity = id.class__identity:build(user, password, name, email)
+ for _, known in ipairs(known_sites) do
+ f = io.open(known, "r")
if f then
site = json.decode(f:read("*all"))
f:close()
@@ -120,14 +139,28 @@ local function with_sites(profile, user)
end
end
end
- profile["ok"] = ok_list
- profile["ko"] = ko_list
- return profile
+ return self:build(delegate_identity, ok_list, ko_list)
end
-local function serialize(profile)
+function class__profile:email()
+ return self.delegate:email()
+end
+
+function class__profile:name()
+ return self.delegate:name()
+end
+
+function class__profile:user()
+ return self.delegate:user()
+end
+
+function class__profile:format(template)
+ return self.delegate:format(template)
+end
+
+function class__profile:serialize()
local ser_s = ""
- for _, site in ipairs(profile.ok or {}) do
+ for _, site in ipairs(self.ok or {}) do
for _, r in ipairs(site.r) do
ser_s = ser_s .. r .. "\029"
end
@@ -136,40 +169,40 @@ local function serialize(profile)
end
ser_s = ser_s .. "\031"
end
- for _, r in ipairs(profile.ko or {}) do
+ for _, r in ipairs(self.ko or {}) do
ser_s = ser_s .. r .. "\030"
end
- return ser_s
+ return ser_s .. "\026" .. self.delegate:serialize()
end
-local function deserialize_update(ser, profile)
- if not ser or ser == "" then
- return profile
- end
+function class__profile:deserialize(ser)
local ok_list = {}
local ko_list = {}
- local remainder = ser:gsub("(.-)\031", function (ser_ok)
- local ok = {
- r = {},
- a = {},
- }
- ser_ok = ser_ok:gsub("(.-)\029", function(r) table.insert(ok.r, r); return "" end)
- ser_ok:gsub("(.)([^=]-)=(.-)\028", function(t, n, v) table.insert(ok.a, {t, n, v}) end)
- table.insert(ok_list, ok)
+ ser = ser:gsub("^(.-)\026", function (ser_sites)
+ ser_sites = ser_sites:gsub("(.-)\031", function (ser_ok)
+ local ok = {
+ r = {},
+ a = {},
+ }
+ ser_ok = ser_ok:gsub("(.-)\029", function(r) table.insert(ok.r, r); return "" end)
+ ser_ok:gsub("(.)([^=]-)=(.-)\028", function(t, n, v) table.insert(ok.a, {t, n, v}) end)
+ table.insert(ok_list, ok)
+ return ""
+ end)
+ ser_sites = ser_sites:gsub("(.-)\030", function (ko)
+ table.insert(ko_list, ko)
+ return ""
+ end)
return ""
end)
- remainder = remainder:gsub("(.-)\030", function (ko)
- table.insert(ko_list, ko)
- return ""
- end)
- profile.ok = ok_list
- profile.ko = ko_list
- return profile, remainder
+ local delegate_identity = id.class__identity:deserialize(ser)
+ return self:build(delegate_identity, ok_list, ko_list)
end
-local function authorized_links(user)
+function class__profile:authorized_links()
local links = {}
local f, site, go_on
+ local user = self:user()
for _, name in ipairs(known_sites) do
f = io.open(name, "r")
if f then
@@ -206,10 +239,7 @@ local function authorized_links(user)
end
return {
- authorized_links = authorized_links,
- deserialize_update = deserialize_update, -- TODO: test
+ class__profile = class__profile,
handle_request = handle_request,
load_sites = load_sites,
- serialize = serialize, -- TODO: test
- with_sites = with_sites,
}
diff --git a/test/crypto.utest.lua b/test/crypto.utest.lua
index eae8cc1..7a0b1c6 100644
--- a/test/crypto.utest.lua
+++ b/test/crypto.utest.lua
@@ -1,14 +1,13 @@
local lu = require("luaunit")
local conf = require("ssso_config")
local crypt = require("ssso_crypto")
+local sites = require("ssso_sites")
local here = debug.getinfo(1).source:sub(2, -18)
conf.load_conf(here)
-local data = {
- u = "u",
- e = "u@h",
- ok = {
+local data = sites.class__profile:build_from_lists("u", nil, nil, "u@h",
+ {
{
r = {
"regex1",
@@ -19,10 +18,10 @@ local data = {
}
},
},
- ko = {
+ {
"regex2",
- },
-}
+ }
+)
function test_jws_is_well_structured()
local jws, _ = crypt.get_jws_and_tslimit(data)
@@ -31,17 +30,12 @@ end
function test_jws_can_be_decoded()
local jws, _ = crypt.get_jws_and_tslimit(data)
- local stored, _, _ = crypt.get_data_and_new_jws(jws)
+ local stored, _, _ = crypt.get_profile_and_new_jws(jws)
lu.assertEquals(stored, data)
end
-function test_data_must_contain_field_u()
- local wrong = {
- i = 1,
- f = 2.3,
- b = true,
- n = nil,
- }
+function test_data_must_be_a_profile_with_a_user()
+ local wrong = sites.class__profile:build_from_conf(nil, "P", "N", "E")
local jws, ts = crypt.get_jws_and_tslimit(wrong)
lu.assertNil(jws)
lu.assertNil(ts)
diff --git a/test/identity.utest.lua b/test/identity.utest.lua
new file mode 100644
index 0000000..dc0d780
--- /dev/null
+++ b/test/identity.utest.lua
@@ -0,0 +1,61 @@
+local lu = require("luaunit")
+local id = require("ssso_identity")
+
+function test_format_replaces_user_placeholders()
+ local identity = id.class__identity:build("U", nil, nil, nil)
+ local template = '{user: "\ru.", foo: "bar", name: "\ru."}'
+ lu.assertEquals(identity:format(template), '{user: "U", foo: "bar", name: "U"}')
+end
+
+function test_format_replaces_password_placeholders()
+ local identity = id.class__identity:build(nil, "P", nil, nil)
+ local template = '{pass: "\rp.", foo: "bar", secret: "\rp."}'
+ lu.assertEquals(identity:format(template), '{pass: "P", foo: "bar", secret: "P"}')
+end
+
+function test_format_replaces_name_placeholders()
+ local identity = id.class__identity:build(nil, nil, "N", nil)
+ local template = '{name: "\rn.", foo: "bar", nickname: "\rn."}'
+ lu.assertEquals(identity:format(template), '{name: "N", foo: "bar", nickname: "N"}')
+end
+
+function test_format_replaces_email_placeholders()
+ local identity = id.class__identity:build(nil, nil, nil, "user@host")
+ local template = '{user: "\re.", foo: "bar", mail: "\re."}'
+ lu.assertEquals(identity:format(template), '{user: "user@host", foo: "bar", mail: "user@host"}')
+end
+
+function test_format_replaces_base64_calls()
+ local identity = id.class__identity:build("👤", "🔒", nil, nil)
+ local template = 'Authorization: Basic \rb64(\ru.:\rp.).'
+ lu.assertEquals(identity:format(template), 'Authorization: Basic 8J+RpDrwn5SS')
+end
+
+function test_format_replaces_base64url_calls()
+ local identity = id.class__identity:build("👤", "🔒", nil, nil)
+ local template = '?authorization=Basic+\ru64(\ru.:\rp.).'
+ lu.assertEquals(identity:format(template), '?authorization=Basic+8J-RpDrwn5SS')
+end
+
+function test_email_returns_the_identity_s_email()
+ local identity = id.class__identity:build(nil, nil, nil, "E")
+ lu.assertEquals(identity:email(), "E")
+end
+
+
+function test_name_returns_the_identity_s_name()
+ local identity = id.class__identity:build(nil, nil, "N", nil)
+ lu.assertEquals(identity:name(), "N")
+end
+
+
+function test_user_returns_the_identity_s_user()
+ local identity = id.class__identity:build("U", nil, nil, nil)
+ lu.assertEquals(identity:user(), "U")
+end
+
+function test_build_identity_returns_the_given_information()
+ lu.assertEquals(id.class__identity:build("U", "P", "N", "E"), {u = "U", p = "P", n = "N", e = "E"})
+end
+
+os.exit(lu.LuaUnit.run())
diff --git a/test/login.utest.lua b/test/login.utest.lua
index 4f8e367..9000bd0 100644
--- a/test/login.utest.lua
+++ b/test/login.utest.lua
@@ -15,7 +15,7 @@ function test_get_login_url_returns_html_with_back_url_substitution()
ngx.reset_resp_body()
ngx.var.request_method = "GET"
ngx.var.request_uri = "/ssso/login?back=/somewhere"
- local r = ng.get_request()
+ local r = ng.class__request:current()
local expected = [[
@@ -40,7 +40,7 @@ function test_login_css_url_returns_css()
ngx.reset_resp_body()
ngx.var.request_method = "BLABLA"
ngx.var.request_uri = "/ssso/login.css"
- local r = ng.get_request()
+ local r = ng.class__request:current()
local expected = "/*CSS*/\n"
-- when
local resp = login.answer_request(r)
@@ -58,7 +58,7 @@ function test_login_js_url_returns_js()
ngx.reset_resp_body()
ngx.var.request_method = "BLABLA"
ngx.var.request_uri = "/ssso/login.js"
- local r = ng.get_request()
+ local r = ng.class__request:current()
local expected = "//JS\n"
-- when
local resp = login.answer_request(r)
@@ -75,7 +75,7 @@ function test_unknown_login_url_returns_404()
ngx.reset_resp_body()
ngx.var.request_method = "BLABLA"
ngx.var.request_uri = "/ssso/login/unknown"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
local resp = login.answer_request(r)
-- then
@@ -90,7 +90,7 @@ function test_get_login_url_with_cause_401_returns_html_with_associated_message(
ngx.reset_resp_body()
ngx.var.request_method = "GET"
ngx.var.request_uri = "/ssso/login?cause=401"
- local r = ng.get_request()
+ local r = ng.class__request:current()
local expected = [[
@@ -115,7 +115,7 @@ function test_get_login_url_with_cause_403_returns_html_with_associated_message(
ngx.reset_resp_body()
ngx.var.request_method = "GET"
ngx.var.request_uri = "/ssso/login?cause=403"
- local r = ng.get_request()
+ local r = ng.class__request:current()
local expected = [[
@@ -141,7 +141,7 @@ function test_post_login_url_with_wrong_credentials_returns_html_with_associated
ngx.reset_post_var()
ngx.var.request_method = "POST"
ngx.var.request_uri = "/ssso/login"
- local r = ng.get_request()
+ local r = ng.class__request:current()
local expected = [[
@@ -169,7 +169,7 @@ function test_post_login_url_with_good_credentials_redirects_to_portal_with_sess
ngx.var.request_uri = "/ssso/login"
ngx.post_var.login = "goodlogin"
ngx.post_var.password = "goodpassword"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
local resp = login.answer_request(r)
-- then
@@ -190,7 +190,7 @@ function test_post_login_url_with_good_credentials_and_back_url_redirects_to_giv
ngx.post_var.login = "goodlogin"
ngx.post_var.password = "goodpassword"
ngx.post_var.back = "/somewhere"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
local resp = login.answer_request(r)
-- then
diff --git a/test/nginx.utest.lua b/test/nginx.utest.lua
index 26d7ce2..7fc376c 100644
--- a/test/nginx.utest.lua
+++ b/test/nginx.utest.lua
@@ -15,7 +15,7 @@ function test_refe_host_meth_uri_taken_from_ngx()
ngx.var.request_method = "M"
ngx.var.request_uri = "U"
-- when
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- then
lu.assertEquals(r.referer, "R")
lu.assertEquals(r.host, "H")
@@ -31,7 +31,7 @@ function test_empty_referer_reported_as_nil()
ngx.var.request_uri = "U"
ngx.var.http_referer = ""
-- when
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- then
lu.assertEquals(r.referer, nil)
end
@@ -41,7 +41,7 @@ function test_query_params_split_from_uri_and_decoded()
ngx.reset_var()
ngx.var.request_uri = "U?P=V&Q=W"
-- when
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- then
lu.assertEquals(r.uri, "U?P=V&Q=W")
lu.assertEquals(r.target, "U")
@@ -53,7 +53,7 @@ function test_default_scheme_is_http()
ngx.reset_var()
ngx.var.request_uri = "U"
-- when
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- then
lu.assertEquals(r.scheme, "http")
end
@@ -64,7 +64,7 @@ function test_scheme_is_https_when_proxy_https_var()
ngx.var.request_uri = "U"
ngx.var.proxy_https = 1
-- when
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- then
lu.assertEquals(r.scheme, "https")
end
@@ -75,7 +75,7 @@ function test_scheme_is_https_when_https_var()
ngx.var.request_uri = "U"
ngx.var.https = 1
-- when
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- then
lu.assertEquals(r.scheme, "https")
end
@@ -142,10 +142,10 @@ function test_method_is_recognized_case_insensitive()
ngx.reset_var()
ngx.var.request_method = "get"
ngx.var.request_uri = "U"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
- local is_get = ng.has_method(r, "GET")
- local is_post = ng.has_method(r, "POST")
+ local is_get = r:has_method("GET")
+ local is_post = r:has_method("POST")
-- then
lu.assertTrue(is_get and true)
lu.assertFalse(is_post or false)
@@ -155,10 +155,10 @@ function test_uri_identity_ignores_query_parameters()
-- given
ngx.reset_var()
ngx.var.request_uri = "U?P=V&Q=W"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
- local is_without_qp = ng.is(r, "U")
- local is_with_qp = ng.is(r, "U?P=V&Q=W")
+ local is_without_qp = r:is("U")
+ local is_with_qp = r:is("U?P=V&Q=W")
-- then
lu.assertTrue(is_without_qp and true)
lu.assertFalse(is_with_qp or false)
@@ -168,10 +168,10 @@ function test_uri_match_ignores_query_parameters()
-- given
ngx.reset_var()
ngx.var.request_uri = "/aa?bb"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
- local matches_without_qp = ng.matches(r, "/a+$")
- local matches_with_qp = ng.matches(r, "/a.*b")
+ local matches_without_qp = r:matches("/a+$")
+ local matches_with_qp = r:matches("/a.*b")
-- then
lu.assertTrue(matches_without_qp and true)
lu.assertFalse(matches_with_qp or false)
@@ -181,10 +181,10 @@ function test_starts_with_ignores_query_parameters()
-- given
ngx.reset_var()
ngx.var.request_uri = "/aa?bb"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
- local start_without_qp = ng.starts_with(r, "/a")
- local start_with_qp = ng.starts_with(r, "/aa?b")
+ local start_without_qp = r:starts_with("/a")
+ local start_with_qp = r:starts_with("/aa?b")
-- then
lu.assertTrue(start_without_qp and true)
lu.assertFalse(start_with_qp or false)
@@ -194,10 +194,10 @@ function test_starts_with_must_start_with_given_value()
-- given
ngx.reset_var()
ngx.var.request_uri = "/aa?bb"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
- local start_in_middle = ng.starts_with(r, "aa")
- local does_not_start = ng.starts_with(r, "x")
+ local start_in_middle = r:starts_with("aa")
+ local does_not_start = r:starts_with("x")
-- then
lu.assertFalse(start_in_middle or false)
lu.assertFalse(does_not_start or false)
@@ -207,11 +207,11 @@ function test_has_param_works_disregarding_the_value()
-- given
ngx.reset_var()
ngx.var.request_uri = "/aa?bb&c=1"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
- local has_unknown_param = ng.has_param(r, "b")
- local has_unvalued_param = ng.has_param(r, "bb")
- local has_valued_param = ng.has_param(r, "c")
+ local has_unknown_param = r:has_param("b")
+ local has_unvalued_param = r:has_param("bb")
+ local has_valued_param = r:has_param("c")
-- then
lu.assertFalse(has_unknown_param or false)
lu.assertTrue(has_unvalued_param and true)
@@ -222,10 +222,10 @@ function test_has_param_works_with_a_correct_value()
-- given
ngx.reset_var()
ngx.var.request_uri = "/aa?bb&c=1"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
- local has_unvalued_param = ng.has_param(r, "bb", true)
- local has_valued_param = ng.has_param(r, "c", "1")
+ local has_unvalued_param = r:has_param("bb", true)
+ local has_valued_param = r:has_param("c", "1")
-- then
lu.assertTrue(has_unvalued_param and true)
lu.assertTrue(has_valued_param and true)
@@ -235,11 +235,11 @@ function test_has_param_works_with_a_wrong_value()
-- given
ngx.reset_var()
ngx.var.request_uri = "/aa?bb&c=1"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
- local has_unknown_param = ng.has_param(r, "b", "x")
- local has_unvalued_param = ng.has_param(r, "bb", "x")
- local has_valued_param = ng.has_param(r, "c", "x")
+ local has_unknown_param = r:has_param("b", "x")
+ local has_unvalued_param = r:has_param("bb", "x")
+ local has_valued_param = r:has_param("c", "x")
-- then
lu.assertFalse(has_unknown_param or false)
lu.assertFalse(has_unvalued_param or false)
@@ -284,7 +284,7 @@ function test_with_post_parameters_merges_post_parameters_to_request_data()
ngx.post_var.p = "5"
ngx.post_var.r = "hello"
-- when (1)
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- then (1)
lu.assertEquals(r, {
scheme = "http",
@@ -296,7 +296,7 @@ function test_with_post_parameters_merges_post_parameters_to_request_data()
},
})
-- when (2)
- r = ng.with_post_parameters(r)
+ r = r:with_post_parameters()
-- then (2)
lu.assertEquals(r, {
scheme = "http",
diff --git a/test/portal1.ctest.lua b/test/portal1.ctest.lua
index 2bc2122..e43d156 100644
--- a/test/portal1.ctest.lua
+++ b/test/portal1.ctest.lua
@@ -1,17 +1,14 @@
local lu = require("luaunit")
local ngx = require("ngx")
local crypto = require("ssso_crypto")
+local sites = require("ssso_sites")
require("do_init")
function test_portal_url_returns_html_with_authorized_links_and_identity()
-- given
- local jws, _ = crypto.get_jws_and_tslimit({
- u = "guest",
- p = "",
- n = "Guest",
- e = "guest@example.org",
- })
+ local profile = sites.class__profile:build_from_lists("guest", "", "Guest", "guest@example.org")
+ local jws, _ = crypto.get_jws_and_tslimit(profile)
ngx.reset_resp_body()
ngx.reset_var()
ngx.var.cookie_SSSO_TOKEN = jws
diff --git a/test/portal2.ctest.lua b/test/portal2.ctest.lua
index 82a66cd..eeb2542 100644
--- a/test/portal2.ctest.lua
+++ b/test/portal2.ctest.lua
@@ -1,12 +1,14 @@
local lu = require("luaunit")
local ngx = require("ngx")
local crypto = require("ssso_crypto")
+local sites = require("ssso_sites")
require("do_init")
function test_portal_css_url_returns_css()
-- given
- local jws, _ = crypto.get_jws_and_tslimit({u = "U", p = "P", n = "N", e = "u@h"})
+ local profile = sites.class__profile:build_from_lists("U", "P", "N", "u@h")
+ local jws, _ = crypto.get_jws_and_tslimit(profile)
ngx.reset_resp_body()
ngx.reset_var()
ngx.var.cookie_SSSO_TOKEN = jws
diff --git a/test/portal3.ctest.lua b/test/portal3.ctest.lua
index 982928a..c31167b 100644
--- a/test/portal3.ctest.lua
+++ b/test/portal3.ctest.lua
@@ -1,12 +1,14 @@
local lu = require("luaunit")
local ngx = require("ngx")
local crypto = require("ssso_crypto")
+local sites = require("ssso_sites")
require("do_init")
function test_portal_js_url_returns_js()
-- given
- local jws, _ = crypto.get_jws_and_tslimit({u = "U", p = "P", n = "N", e = "u@h"})
+ local profile = sites.class__profile:build_from_lists("U", "P", "N", "u@h")
+ local jws, _ = crypto.get_jws_and_tslimit(profile)
ngx.reset_resp_body()
ngx.reset_var()
ngx.var.cookie_SSSO_TOKEN = jws
diff --git a/test/portal4.ctest.lua b/test/portal4.ctest.lua
index 935cff6..b4fe14a 100644
--- a/test/portal4.ctest.lua
+++ b/test/portal4.ctest.lua
@@ -1,12 +1,14 @@
local lu = require("luaunit")
local ngx = require("ngx")
local crypto = require("ssso_crypto")
+local sites = require("ssso_sites")
require("do_init")
function test_unknown_portal_url_returns_404()
-- given
- local jws, _ = crypto.get_jws_and_tslimit({u = "U", p = "P", n = "N", e = "u@h"})
+ local profile = sites.class__profile:build_from_lists("U", "P", "N", "u@h")
+ local jws, _ = crypto.get_jws_and_tslimit(profile)
ngx.reset_resp_body()
ngx.reset_var()
ngx.var.cookie_SSSO_TOKEN = jws
diff --git a/test/portal5.ctest.lua b/test/portal5.ctest.lua
index 50fb389..4a66fc6 100644
--- a/test/portal5.ctest.lua
+++ b/test/portal5.ctest.lua
@@ -1,6 +1,5 @@
local lu = require("luaunit")
local ngx = require("ngx")
-local crypto = require("ssso_crypto")
require("do_init")
diff --git a/test/profile.utest.lua b/test/profile.utest.lua
deleted file mode 100644
index 577cd79..0000000
--- a/test/profile.utest.lua
+++ /dev/null
@@ -1,81 +0,0 @@
-local lu = require("luaunit")
-local prf = require("ssso_profile")
-
-function test_format_replaces_user_placeholders()
- local profile = {
- u = "U",
- }
- local template = '{user: "\ru.", foo: "bar", name: "\ru."}'
- lu.assertEquals(prf.format(template, profile), '{user: "U", foo: "bar", name: "U"}')
-end
-
-function test_format_replaces_password_placeholders()
- local profile = {
- p = "P",
- }
- local template = '{pass: "\rp.", foo: "bar", secret: "\rp."}'
- lu.assertEquals(prf.format(template, profile), '{pass: "P", foo: "bar", secret: "P"}')
-end
-
-function test_format_replaces_name_placeholders()
- local profile = {
- n = "N",
- }
- local template = '{name: "\rn.", foo: "bar", nickname: "\rn."}'
- lu.assertEquals(prf.format(template, profile), '{name: "N", foo: "bar", nickname: "N"}')
-end
-
-function test_format_replaces_email_placeholders()
- local profile = {
- e = "user@host",
- }
- local template = '{user: "\re.", foo: "bar", mail: "\re."}'
- lu.assertEquals(prf.format(template, profile), '{user: "user@host", foo: "bar", mail: "user@host"}')
-end
-
-function test_format_replaces_base64_calls()
- local profile = {
- u = "👤",
- p = "🔒",
- }
- local template = 'Authorization: Basic \rb64(\ru.:\rp.).'
- lu.assertEquals(prf.format(template, profile), 'Authorization: Basic 8J+RpDrwn5SS')
-end
-
-function test_format_replaces_base64url_calls()
- local profile = {
- u = "👤",
- p = "🔒",
- }
- local template = '?authorization=Basic+\ru64(\ru.:\rp.).'
- lu.assertEquals(prf.format(template, profile), '?authorization=Basic+8J-RpDrwn5SS')
-end
-
-function test_email_returns_the_profile_s_email()
- local profile = {
- e = "E",
- }
- lu.assertEquals(prf.email(profile), "E")
-end
-
-
-function test_name_returns_the_profile_s_name()
- local profile = {
- n = "N",
- }
- lu.assertEquals(prf.name(profile), "N")
-end
-
-
-function test_user_returns_the_profile_s_user()
- local profile = {
- u = "U",
- }
- lu.assertEquals(prf.user(profile), "U")
-end
-
-function test_build_profile_returns_the_given_information()
- lu.assertEquals(prf.build_profile("U", "P", "N", "E"), {u = "U", p = "P", n = "N", e = "E"})
-end
-
-os.exit(lu.LuaUnit.run())
diff --git a/test/sessions.utest.lua b/test/sessions.utest.lua
index 3e34dc9..eb95441 100644
--- a/test/sessions.utest.lua
+++ b/test/sessions.utest.lua
@@ -51,13 +51,13 @@ function test_session_and_cookie_renewal_if_good_cookie()
ngx.req.reset()
ngx.reset_header()
ngx.reset_var()
- local data = {u = "bob"}
- local c, _ = crypt.get_jws_and_tslimit(data)
+ local profile = sites.class__profile:build_from_lists("bob", nil, nil, nil, {}, {})
+ local c, _ = crypt.get_jws_and_tslimit(profile)
ngx.var.cookie_SSSO_TOKEN = c
-- when
local s, h = sess.get_session()
-- then
- lu.assertEquals(s, data)
+ lu.assertEquals(s, profile)
lu.assertEquals(h, 200)
lu.assertNil(ngx.header["Set-Cookie"].link)
lu.assertStrMatches(ngx.header["Set-Cookie"].v, "SSSO_TOKEN=[^%.]+%.[^%.]+%.[^%.]+; Path=/; Expires=1626550390; Secure")
@@ -84,15 +84,15 @@ function test_basic_auth_takes_precedence_over_cookie()
ngx.req.reset()
ngx.reset_header()
ngx.reset_var()
- local data = {u = "forget me"}
- local c, _ = crypt.get_jws_and_tslimit(data)
+ local profile = sites.class__profile:build_from_lists("forget me", nil, nil, nil, {}, {})
+ local c, _ = crypt.get_jws_and_tslimit(profile)
ngx.var.cookie_SSSO_TOKEN = c
ngx.var.Authentication = "Basic " .. b64.encode_base64("bob:goodpassword")
-- when
local s, h = sess.get_session()
-- then
lu.assertEquals(h, 200)
- lu.assertEquals(s.u, "bob")
+ lu.assertEquals(s:user(), "bob")
lu.assertNil(ngx.header["Set-Cookie"].link)
lu.assertStrMatches(ngx.header["Set-Cookie"].v, "SSSO_TOKEN=[^%.]+%.[^%.]+%.[^%.]+; Path=/; Expires=1626550390; Secure")
end
@@ -102,15 +102,15 @@ function test_basic_auth_ignored_if_invalid()
ngx.req.reset()
ngx.reset_header()
ngx.reset_var()
- local data = {u = "do not forget me"}
- local c, _ = crypt.get_jws_and_tslimit(data)
+ local profile = sites.class__profile:build_from_lists("do not forget me", nil, nil, nil, {}, {})
+ local c, _ = crypt.get_jws_and_tslimit(profile)
ngx.var.cookie_SSSO_TOKEN = c
ngx.var.Authentication = "Basic !!!!"
-- when
local s, h = sess.get_session()
-- then
lu.assertEquals(h, 200)
- lu.assertEquals(s.u, "do not forget me")
+ lu.assertEquals(s:user(), "do not forget me")
lu.assertNil(ngx.header["Set-Cookie"].link)
lu.assertStrMatches(ngx.header["Set-Cookie"].v, "SSSO_TOKEN=[^%.]+%.[^%.]+%.[^%.]+; Path=/; Expires=1626550390; Secure")
end
diff --git a/test/sites.utest.lua b/test/sites.utest.lua
index 23e346f..7ac5720 100644
--- a/test/sites.utest.lua
+++ b/test/sites.utest.lua
@@ -13,7 +13,7 @@ function test_anonymous_access_to_unknown_site_accepted()
ngx.req.reset()
ngx.reset_var()
ngx.var.request_uri = "/unknown"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
local resp = sites.handle_request(r, nil)
-- then
@@ -26,7 +26,7 @@ function test_anonymous_access_to_public_site_accepted()
ngx.req.reset()
ngx.reset_var()
ngx.var.request_uri = "/public/page"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
local resp = sites.handle_request(r, nil)
-- then
@@ -39,7 +39,7 @@ function test_anonymous_access_to_public_page_of_mixed_site_accepted()
ngx.req.reset()
ngx.reset_var()
ngx.var.request_uri = "/mixed/bob/wiki/foo.adoc"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
local resp = sites.handle_request(r, nil)
-- then
@@ -52,7 +52,7 @@ function test_anonymous_access_to_private_page_of_mixed_site_redirected_401()
ngx.req.reset()
ngx.reset_var()
ngx.var.request_uri = "/mixed/bob/wiki/_new"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
local resp = sites.handle_request(r, nil)
-- then
@@ -65,7 +65,7 @@ function test_anonymous_access_to_private_site_redirected_401()
ngx.req.reset()
ngx.reset_var()
ngx.var.request_uri = "/private/page"
- local r = ng.get_request()
+ local r = ng.class__request:current()
-- when
local resp = sites.handle_request(r, nil)
-- then
@@ -78,12 +78,8 @@ function test_authenticated_access_to_unknown_site_accepted()
ngx.req.reset()
ngx.reset_var()
ngx.var.request_uri = "/unknown"
- local r = ng.get_request()
- local profile = {
- u = "U",
- ok = {},
- ko = {},
- }
+ local r = ng.class__request:current()
+ local profile = sites.class__profile:build_from_lists("U", nil, nil, nil, {}, {})
-- when
local resp = sites.handle_request(r, profile)
-- then
@@ -96,11 +92,9 @@ function test_authenticated_access_to_public_site_accepted()
ngx.req.reset()
ngx.reset_var()
ngx.var.request_uri = "/public/page"
- local r = ng.get_request()
- local profile = {
- u = "U",
- p = "P",
- ok = {
+ local r = ng.class__request:current()
+ local profile = sites.class__profile:build_from_lists("U", "P", nil, nil,
+ {
{
r = {
"^/public",
@@ -110,8 +104,9 @@ function test_authenticated_access_to_public_site_accepted()
{"C", "X-PROXY-PASS", "\rp."},
},
},
- }
- }
+ },
+ {}
+ )
-- when
local resp = sites.handle_request(r, profile)
-- then
@@ -125,14 +120,13 @@ function test_authenticated_access_to_public_site_can_be_denied()
ngx.req.reset()
ngx.reset_var()
ngx.var.request_uri = "/public/page"
- local r = ng.get_request()
- local profile = {
- u = "banned",
- ok = {},
- ko = {
+ local r = ng.class__request:current()
+ local profile = sites.class__profile:build_from_lists("banned", nil, nil, nil,
+ {},
+ {
"^/public",
}
- }
+ )
-- when
local resp = sites.handle_request(r, profile)
-- then
@@ -145,11 +139,9 @@ function test_authenticated_access_to_public_page_of_mixed_site_accepted()
ngx.req.reset()
ngx.reset_var()
ngx.var.request_uri = "/mixed/bob/wiki/foo.adoc"
- local r = ng.get_request()
- local profile = {
- u = "U",
- p = "P",
- ok = {
+ local r = ng.class__request:current()
+ local profile = sites.class__profile:build_from_lists("U", "P", nil, nil,
+ {
{
r = {
"^/public",
@@ -179,8 +171,9 @@ function test_authenticated_access_to_public_page_of_mixed_site_accepted()
{"C", "X-PROXY-PASSWORD", "\rp."},
},
},
- }
- }
+ },
+ {}
+ )
-- when
local resp = sites.handle_request(r, profile)
-- then
@@ -194,11 +187,9 @@ function test_authenticated_access_to_private_page_of_mixed_site_accepted()
ngx.req.reset()
ngx.reset_var()
ngx.var.request_uri = "/mixed/bob/wiki/_new"
- local r = ng.get_request()
- local profile = {
- u = "U",
- p = "P",
- ok = {
+ local r = ng.class__request:current()
+ local profile = sites.class__profile:build_from_lists("U", "P", nil, nil,
+ {
{
r = {
"^/public",
@@ -228,8 +219,9 @@ function test_authenticated_access_to_private_page_of_mixed_site_accepted()
{"C", "X-PROXY-PASSWORD", "\rp."},
},
},
- }
- }
+ },
+ {}
+ )
-- when
local resp = sites.handle_request(r, profile)
-- then
@@ -243,11 +235,9 @@ function test_authenticated_access_to_private_site_accepted_with_the_right_user(
ngx.req.reset()
ngx.reset_var()
ngx.var.request_uri = "/private/page"
- local r = ng.get_request()
- local profile = {
- u = "jean",
- p = "P",
- ok = {
+ local r = ng.class__request:current()
+ local profile = sites.class__profile:build_from_lists("jean", "P", nil, nil,
+ {
{
r = {
"^/private",
@@ -256,8 +246,9 @@ function test_authenticated_access_to_private_site_accepted_with_the_right_user(
{"H", "Authorization", "Basic \rb64(\ru.:\rp.)."},
},
},
- }
- }
+ },
+ {}
+ )
-- when
local resp = sites.handle_request(r, profile)
-- then
@@ -270,15 +261,13 @@ function test_authenticated_access_to_private_site_redirected_403_with_the_wrong
ngx.req.reset()
ngx.reset_var()
ngx.var.request_uri = "/private/page"
- local r = ng.get_request()
- local profile = {
- u = "U",
- p = "P",
- ok = {},
- ko = {
+ local r = ng.class__request:current()
+ local profile = sites.class__profile:build_from_lists("U", "P", nil, nil,
+ {},
+ {
"^/private",
}
- }
+ )
-- when
local resp = sites.handle_request(r, profile)
-- then