X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/a05277128732beb351aa696c49d337086414ffb6..975cbe318119e0d600dc1b0957623d211687ade1:/t/relativity.t diff --git a/t/relativity.t b/t/relativity.t index 0a98efe84..0b8b6eb4b 100755 --- a/t/relativity.t +++ b/t/relativity.t @@ -16,6 +16,20 @@ use Errno qw(ENOENT); # Black-box (ish) test for relative linking between CGI and static content +my $installed = $ENV{INSTALLED_TESTS}; + +my @command; +if ($installed) { + @command = qw(ikiwiki); +} +else { + ok(! system("make -s ikiwiki.out")); + @command = ("perl", "-I".getcwd, qw(./ikiwiki.out + --underlaydir=underlays/basewiki + --set underlaydirbase=underlays + --templatedir=templates)); +} + sub parse_cgi_content { my $content = shift; my %bits; @@ -53,13 +67,11 @@ sub write_setup_file { wikiname: this is the name of my wiki srcdir: t/tmp/in destdir: t/tmp/out -templatedir: templates $urlline cgiurl: $args{cgiurl} $w3mmodeline cgi_wrapper: t/tmp/ikiwiki.cgi cgi_wrappermode: 0754 -html5: $args{html5} # make it easier to test previewing add_plugins: - anonok @@ -72,7 +84,7 @@ EOF sub thoroughly_rebuild { ok(unlink("t/tmp/ikiwiki.cgi") || $!{ENOENT}); - ok(! system("./ikiwiki.out --setup t/tmp/test.setup --rebuild --wrappers")); + ok(! system(@command, qw(--setup t/tmp/test.setup --rebuild --wrappers))); } sub check_cgi_mode_bits { @@ -100,11 +112,16 @@ sub run_cgi { my ($in, $out); my $is_preview = delete $args{is_preview}; my $is_https = delete $args{is_https}; + my $goto = delete $args{goto}; my %defaults = ( SCRIPT_NAME => '/cgi-bin/ikiwiki.cgi', HTTP_HOST => 'example.com', ); - if (defined $is_preview) { + if (defined $goto) { + $defaults{REQUEST_METHOD} = 'GET'; + $defaults{QUERY_STRING} = 'do=goto&page=a/b/c'; + } + elsif (defined $is_preview) { $defaults{REQUEST_METHOD} = 'POST'; $in = 'do=edit&page=a/b/c&Preview'; $defaults{CONTENT_LENGTH} = length $in; @@ -131,8 +148,16 @@ sub run_cgi { return $out; } +sub check_goto { + my $expected = shift; + my $redirect = run_cgi(goto => 1, @_); + ok($redirect =~ m/^Status:\s*302\s+/m); + ok($redirect =~ m/^Location:\s*(\S*)\r?\n/m); + my $location = $1; + like($location, $expected); +} + sub test_startup { - ok(! system("make -s ikiwiki.out")); ok(! system("rm -rf t/tmp")); ok(! system("mkdir t/tmp")); @@ -147,8 +172,8 @@ sub test_startup { } sub test_site1_perfectly_ordinary_ikiwiki { + diag("test_site1_perfectly_ordinary_ikiwiki"); write_setup_file( - html5 => 0, url => "http://example.com/wiki/", cgiurl => "http://example.com/cgi-bin/ikiwiki.cgi", ); @@ -156,6 +181,7 @@ sub test_site1_perfectly_ordinary_ikiwiki { check_cgi_mode_bits(); # url and cgiurl are on the same host so the cgiurl is host-relative check_generated_content(qr{]+href="/cgi-bin/ikiwiki.cgi\?do=prefs"}); + check_goto(qr{^http://example\.com/wiki/a/b/c/$}); my %bits = parse_cgi_content(run_cgi()); like($bits{basehref}, qr{^(?:(?:http:)?//example\.com)?/wiki/$}); like($bits{stylehref}, qr{^(?:(?:http:)?//example.com)?/wiki/style.css$}); @@ -168,6 +194,7 @@ sub test_site1_perfectly_ordinary_ikiwiki { like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:/wiki|\.)/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); + check_goto(qr{^https://example\.com/wiki/a/b/c/$}, is_https => 1); # when accessed via a different hostname, links stay on that host %bits = parse_cgi_content(run_cgi(HTTP_HOST => 'staging.example.net')); @@ -175,6 +202,10 @@ sub test_site1_perfectly_ordinary_ikiwiki { like($bits{stylehref}, qr{^(?:(?:http:)?//staging.example.net)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:/wiki|\.)/$}); like($bits{cgihref}, qr{^(?:(?:http:)?//staging.example.net)?/cgi-bin/ikiwiki.cgi$}); + TODO: { + local $TODO = "hostname should be copied to redirects' Location"; + check_goto(qr{^https://staging\.example\.net/wiki/a/b/c/$}, is_https => 1); + } # previewing a page %bits = parse_cgi_content(run_cgi(is_preview => 1)); @@ -182,52 +213,11 @@ sub test_site1_perfectly_ordinary_ikiwiki { like($bits{stylehref}, qr{^(?:(?:http:)?//example.com)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$}); like($bits{cgihref}, qr{^(?:(?:http:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); - - # in html5, the is allowed to be relative, and we take full - # advantage of that - write_setup_file( - html5 => 1, - url => "http://example.com/wiki/", - cgiurl => "http://example.com/cgi-bin/ikiwiki.cgi", - ); - thoroughly_rebuild(); - check_cgi_mode_bits(); - # url and cgiurl are on the same host so the cgiurl is host-relative - check_generated_content(qr{]+href="/cgi-bin/ikiwiki.cgi\?do=prefs"}); - - %bits = parse_cgi_content(run_cgi()); - is($bits{basehref}, "/wiki/"); - is($bits{stylehref}, "/wiki/style.css"); - is($bits{tophref}, "/wiki/"); - is($bits{cgihref}, "/cgi-bin/ikiwiki.cgi"); - - # when accessed via HTTPS, links are secure - this is easy because under - # html5 they're independent of the URL at which the CGI was accessed - %bits = parse_cgi_content(run_cgi(is_https => 1)); - is($bits{basehref}, "/wiki/"); - is($bits{stylehref}, "/wiki/style.css"); - is($bits{tophref}, "/wiki/"); - is($bits{cgihref}, "/cgi-bin/ikiwiki.cgi"); - - # when accessed via a different hostname, links stay on that host - - # this is really easy in html5 because we can use relative URLs - %bits = parse_cgi_content(run_cgi(HTTP_HOST => 'staging.example.net')); - is($bits{basehref}, "/wiki/"); - is($bits{stylehref}, "/wiki/style.css"); - is($bits{tophref}, "/wiki/"); - is($bits{cgihref}, "/cgi-bin/ikiwiki.cgi"); - - # previewing a page - %bits = parse_cgi_content(run_cgi(is_preview => 1)); - is($bits{basehref}, "/wiki/a/b/c/"); - is($bits{stylehref}, "/wiki/style.css"); - like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$}); - is($bits{cgihref}, "/cgi-bin/ikiwiki.cgi"); } sub test_site2_static_content_and_cgi_on_different_servers { + diag("test_site2_static_content_and_cgi_on_different_servers"); write_setup_file( - html5 => 0, url => "http://static.example.com/", cgiurl => "http://cgi.example.com/ikiwiki.cgi", ); @@ -236,6 +226,7 @@ sub test_site2_static_content_and_cgi_on_different_servers { # url and cgiurl are not on the same host so the cgiurl has to be # protocol-relative or absolute check_generated_content(qr{]+href="(?:http:)?//cgi.example.com/ikiwiki.cgi\?do=prefs"}); + check_goto(qr{^http://static\.example\.com/a/b/c/$}); my %bits = parse_cgi_content(run_cgi(SCRIPT_NAME => '/ikiwiki.cgi', HTTP_HOST => 'cgi.example.com')); like($bits{basehref}, qr{^(?:(?:http:)?//static.example.com)?/$}); @@ -249,6 +240,8 @@ sub test_site2_static_content_and_cgi_on_different_servers { like($bits{stylehref}, qr{^(?:(?:https:)?//static.example.com)?/style.css$}); like($bits{tophref}, qr{^(?:https:)?//static.example.com/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//cgi.example.com)?/ikiwiki.cgi$}); + check_goto(qr{^https://static\.example\.com/a/b/c/$}, is_https => 1, + HTTP_HOST => 'cgi.example.com', SCRIPT_NAME => '/ikiwiki.cgi'); # when accessed via a different hostname, links to the CGI (only) should # stay on that host? @@ -261,48 +254,13 @@ sub test_site2_static_content_and_cgi_on_different_servers { local $TODO = "use self-referential CGI URL?"; like($bits{cgihref}, qr{^(?:(?:http:)?//staging.example.net)?/ikiwiki.cgi$}); } - - write_setup_file( - html5 => 1, - url => "http://static.example.com/", - cgiurl => "http://cgi.example.com/ikiwiki.cgi", - ); - thoroughly_rebuild(); - check_cgi_mode_bits(); - # url and cgiurl are not on the same host so the cgiurl has to be - # protocol-relative or absolute - check_generated_content(qr{]+href="(?:http:)?//cgi.example.com/ikiwiki.cgi\?do=prefs"}); - - %bits = parse_cgi_content(run_cgi(SCRIPT_NAME => '/ikiwiki.cgi', HTTP_HOST => 'cgi.example.com')); - is($bits{basehref}, "//static.example.com/"); - is($bits{stylehref}, "//static.example.com/style.css"); - is($bits{tophref}, "//static.example.com/"); - is($bits{cgihref}, "//cgi.example.com/ikiwiki.cgi"); - - # when accessed via HTTPS, links are secure - in fact they're exactly the - # same as when accessed via HTTP - %bits = parse_cgi_content(run_cgi(is_https => 1, SCRIPT_NAME => '/ikiwiki.cgi', HTTP_HOST => 'cgi.example.com')); - is($bits{basehref}, "//static.example.com/"); - is($bits{stylehref}, "//static.example.com/style.css"); - is($bits{tophref}, "//static.example.com/"); - is($bits{cgihref}, "//cgi.example.com/ikiwiki.cgi"); - - # when accessed via a different hostname, links to the CGI (only) should - # stay on that host? - %bits = parse_cgi_content(run_cgi(is_preview => 1, SCRIPT_NAME => '/ikiwiki.cgi', HTTP_HOST => 'staging.example.net')); - is($bits{basehref}, "//static.example.com/a/b/c/"); - is($bits{stylehref}, "//static.example.com/style.css"); - is($bits{tophref}, "../../../"); - like($bits{cgihref}, qr{//(?:staging\.example\.net|cgi\.example\.com)/ikiwiki\.cgi}); - TODO: { - local $TODO = "use self-referential CGI URL maybe?"; - is($bits{cgihref}, "//staging.example.net/ikiwiki.cgi"); - } + check_goto(qr{^https://static\.example\.com/a/b/c/$}, is_https => 1, + HTTP_HOST => 'staging.example.net', SCRIPT_NAME => '/ikiwiki.cgi'); } sub test_site3_we_specifically_want_everything_to_be_secure { + diag("test_site3_we_specifically_want_everything_to_be_secure"); write_setup_file( - html5 => 0, url => "https://example.com/wiki/", cgiurl => "https://example.com/cgi-bin/ikiwiki.cgi", ); @@ -317,6 +275,7 @@ sub test_site3_we_specifically_want_everything_to_be_secure { like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:/wiki|\.)/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); + check_goto(qr{^https://example\.com/wiki/a/b/c/$}, is_https => 1); # when not accessed via HTTPS, links should still be secure # (but if this happens, that's a sign of web server misconfiguration) @@ -328,6 +287,7 @@ sub test_site3_we_specifically_want_everything_to_be_secure { like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); } like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); + check_goto(qr{^https://example\.com/wiki/a/b/c/$}, is_https => 0); # when accessed via a different hostname, links stay on that host %bits = parse_cgi_content(run_cgi(is_https => 1, HTTP_HOST => 'staging.example.net')); @@ -335,6 +295,8 @@ sub test_site3_we_specifically_want_everything_to_be_secure { like($bits{stylehref}, qr{^(?:(?:https:)?//staging.example.net)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:/wiki|\.)/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//staging.example.net)?/cgi-bin/ikiwiki.cgi$}); + check_goto(qr{^https://staging\.example\.net/wiki/a/b/c/$}, is_https => 1, + HTTP_HOST => 'staging.example.net'); # previewing a page %bits = parse_cgi_content(run_cgi(is_preview => 1, is_https => 1)); @@ -342,14 +304,12 @@ sub test_site3_we_specifically_want_everything_to_be_secure { like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); - - # not testing html5: 0 here because that ends up identical to site 1 } sub test_site4_cgi_is_secure_static_content_doesnt_have_to_be { + diag("test_site4_cgi_is_secure_static_content_doesnt_have_to_be"); # (NetBSD wiki) write_setup_file( - html5 => 0, url => "http://example.com/wiki/", cgiurl => "https://example.com/cgi-bin/ikiwiki.cgi", ); @@ -364,6 +324,7 @@ sub test_site4_cgi_is_secure_static_content_doesnt_have_to_be { like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:/wiki|\.)/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); + check_goto(qr{^https://example\.com/wiki/a/b/c/$}, is_https => 1); # FIXME: when not accessed via HTTPS, should the static content be # forced to https anyway? For now we accept either @@ -372,6 +333,7 @@ sub test_site4_cgi_is_secure_static_content_doesnt_have_to_be { like($bits{stylehref}, qr{^(?:(?:https?:)?//example.com)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:(?:https?://example.com)?/wiki|\.)/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); + check_goto(qr{^https://example\.com/wiki/a/b/c/$}, is_https => 0); # when accessed via a different hostname, links stay on that host %bits = parse_cgi_content(run_cgi(is_https => 1, HTTP_HOST => 'staging.example.net')); @@ -385,6 +347,8 @@ sub test_site4_cgi_is_secure_static_content_doesnt_have_to_be { local $TODO = "this should really point back to itself but currently points to example.com"; like($bits{cgihref}, qr{^(?:(?:https:)?//staging.example.net)?/cgi-bin/ikiwiki.cgi$}); } + check_goto(qr{^https://staging\.example\.net/wiki/a/b/c/$}, is_https => 1, + HTTP_HOST => 'staging.example.net'); # previewing a page %bits = parse_cgi_content(run_cgi(is_preview => 1, is_https => 1)); @@ -392,58 +356,12 @@ sub test_site4_cgi_is_secure_static_content_doesnt_have_to_be { like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); - - write_setup_file( - html5 => 1, - url => "http://example.com/wiki/", - cgiurl => "https://example.com/cgi-bin/ikiwiki.cgi", - ); - thoroughly_rebuild(); - check_cgi_mode_bits(); - # url and cgiurl are on the same host but different schemes - check_generated_content(qr{]+href="https://example.com/cgi-bin/ikiwiki.cgi\?do=prefs"}); - - # when accessed via HTTPS, links are secure (to avoid mixed-content) - %bits = parse_cgi_content(run_cgi(is_https => 1)); - is($bits{basehref}, "/wiki/"); - is($bits{stylehref}, "/wiki/style.css"); - is($bits{tophref}, "/wiki/"); - like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); - - # when not accessed via HTTPS, ??? - %bits = parse_cgi_content(run_cgi()); - like($bits{basehref}, qr{^(?:https?://example.com)?/wiki/$}); - like($bits{stylehref}, qr{^(?:(?:https?:)?//example.com)?/wiki/style.css$}); - like($bits{tophref}, qr{^(?:(?:https?://example.com)?/wiki|\.)/$}); - like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); - - # when accessed via a different hostname, links stay on that host - %bits = parse_cgi_content(run_cgi(is_https => 1, HTTP_HOST => 'staging.example.net')); - # because the static and dynamic stuff is on the same server, we assume that - # both are also on the staging server - is($bits{basehref}, "/wiki/"); - is($bits{stylehref}, "/wiki/style.css"); - like($bits{tophref}, qr{^(?:/wiki|\.)/$}); - TODO: { - local $TODO = "this should really point back to itself but currently points to example.com"; - like($bits{cgihref}, qr{^(?:(?:https:)?//staging\.example\.net)?/cgi-bin/ikiwiki.cgi$}); - } - - # previewing a page - %bits = parse_cgi_content(run_cgi(is_preview => 1, is_https => 1)); - is($bits{basehref}, "/wiki/a/b/c/"); - is($bits{stylehref}, "/wiki/style.css"); - like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$}); - like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); - - # Deliberately not testing https static content with http cgiurl, - # because that makes remarkably little sense. } sub test_site5_w3mmode { + diag("test_site5_w3mmode"); # as documented in [[w3mmode]] write_setup_file( - html5 => 0, url => undef, cgiurl => "ikiwiki.cgi", w3mmode => 1, @@ -460,27 +378,15 @@ sub test_site5_w3mmode { like($bits{basehref}, qr{^(?:(?:file:)?//)?\Q$pwd\E/t/tmp/out/$}); like($bits{stylehref}, qr{^(?:(?:(?:file:)?//)?\Q$pwd\E/t/tmp/out|\.)/style.css$}); - write_setup_file( - html5 => 1, - url => undef, - cgiurl => "ikiwiki.cgi", - w3mmode => 1, - ); - thoroughly_rebuild(); - check_cgi_mode_bits(); - # FIXME: does /$LIB/ikiwiki-w3m.cgi work under w3m? - check_generated_content(qr{]+href="(?:file://)?/\$LIB/ikiwiki-w3m.cgi/ikiwiki.cgi\?do=prefs"}); - - %bits = parse_cgi_content(run_cgi(PATH_INFO => '/ikiwiki.cgi', SCRIPT_NAME => '/cgi-bin/ikiwiki-w3m.cgi')); - like($bits{tophref}, qr{^(?:\Q$pwd\E/t/tmp/out|\.)/$}); - like($bits{cgihref}, qr{^(?:file://)?/\$LIB/ikiwiki-w3m.cgi/ikiwiki.cgi$}); - like($bits{basehref}, qr{^(?:(?:file:)?//)?\Q$pwd\E/t/tmp/out/$}); - like($bits{stylehref}, qr{^(?:(?:(?:file:)?//)?\Q$pwd\E/t/tmp/out|\.)/style.css$}); + my $redirect = run_cgi(goto => 1, PATH_INFO => '/ikiwiki.cgi', + SCRIPT_NAME => '/cgi-bin/ikiwiki-w3m.cgi'); + like($redirect, qr{^Content-type: text/plain\r?\n}m); + like($redirect, qr{^W3m-control: GOTO (?:file://)?\Q$pwd\E/t/tmp/out/a/b/c/\r?\n}m); } sub test_site6_behind_reverse_proxy { + diag("test_site6_behind_reverse_proxy"); write_setup_file( - html5 => 0, url => "https://example.com/wiki/", cgiurl => "https://example.com/cgi-bin/ikiwiki.cgi", reverse_proxy => 1, @@ -497,6 +403,7 @@ sub test_site6_behind_reverse_proxy { like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); like($bits{basehref}, qr{^(?:(?:https:)?//example\.com)?/wiki/$}); like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); + check_goto(qr{^https://example\.com/wiki/a/b/c/$}, HTTP_HOST => 'localhost'); # previewing a page %bits = parse_cgi_content(run_cgi(is_preview => 1, HTTP_HOST => 'localhost')); @@ -504,9 +411,6 @@ sub test_site6_behind_reverse_proxy { like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); like($bits{basehref}, qr{^(?:(?:https)?://example\.com)?/wiki/a/b/c/$}); like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); - - # not testing html5: 1 because it would be the same as site 1 - - # the reverse_proxy config option is unnecessary under html5 } test_startup();