X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/d712389ae3e8351c1416aa81d4b85586cf98f002..dc872e42c8649f5b3fd59861e5c56c89d9fc1cbb:/t/relativity.t?ds=inline diff --git a/t/relativity.t b/t/relativity.t index 675efc903..5922ec9fa 100755 --- a/t/relativity.t +++ b/t/relativity.t @@ -2,23 +2,18 @@ use warnings; use strict; -use Cwd qw(getcwd); -use Errno qw(ENOENT); - -BEGIN { - if (!eval q{ +use Test::More; +plan(skip_all => "IPC::Run not available") + unless eval q{ use IPC::Run qw(run); 1; - }) { - eval q{use Test::More skip_all => "IPC::Run not available"}; - } - else { - eval q{use Test::More}; - } - use_ok("IkiWiki"); -} + }; + +use IkiWiki; + +use Cwd qw(getcwd); +use Errno qw(ENOENT); -my $PERL5LIB = 'blib/lib:blib/arch'; my $pwd = getcwd(); # Black-box (ish) test for relative linking between CGI and static content @@ -64,35 +59,56 @@ write_old_file("a/b/c.mdwn", write_old_file("a/d.mdwn", "D"); write_old_file("a/d/e.mdwn", "E"); -####################################################################### -# site 1: a perfectly ordinary ikiwiki +sub write_setup_file { + my (%args) = @_; + my $urlline = defined $args{url} ? "url: $args{url}" : ""; + my $w3mmodeline = defined $args{w3mmode} ? "w3mmode: $args{w3mmode}" : ""; + my $reverseproxyline = defined $args{reverse_proxy} ? "reverse_proxy: $args{reverse_proxy}" : ""; -writefile("test.setup", "t/tmp", < 0, + url => "http://example.com/wiki/", + cgiurl => "http://example.com/cgi-bin/ikiwiki.cgi", +); +thoroughly_rebuild(); +check_cgi_mode_bits(); ok(-e "t/tmp/out/a/b/c/index.html"); $content = readfile("t/tmp/out/a/b/c/index.html"); @@ -162,35 +178,96 @@ like($bits{stylehref}, qr{^(?:(?:http:)?//example.com)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$}); like($bits{cgihref}, qr{^(?:(?:http:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); +# in html5, the is allowed to be relative, and we take full +# advantage of that +write_setup_file( + html5 => 1, + url => "http://example.com/wiki/", + cgiurl => "http://example.com/cgi-bin/ikiwiki.cgi", +); +thoroughly_rebuild(); +check_cgi_mode_bits(); + +ok(-e "t/tmp/out/a/b/c/index.html"); +$content = readfile("t/tmp/out/a/b/c/index.html"); +# no on static HTML +unlike($content, qr{]+href="/cgi-bin/ikiwiki.cgi\?do=prefs"}); +# cross-links between static pages are relative +like($content, qr{
  • A: a
    • }); +like($content, qr{
  • B: b
    • }); +like($content, qr{
  • E: e
    • }); + +run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { + $ENV{REQUEST_METHOD} = 'GET'; + $ENV{SERVER_PORT} = '80'; + $ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi'; + $ENV{QUERY_STRING} = 'do=prefs'; + $ENV{HTTP_HOST} = 'example.com'; +}); +%bits = parse_cgi_content($content); +is($bits{basehref}, "/wiki/"); +is($bits{stylehref}, "/wiki/style.css"); +is($bits{tophref}, "/wiki/"); +is($bits{cgihref}, "/cgi-bin/ikiwiki.cgi"); + +# when accessed via HTTPS, links are secure - this is easy because under +# html5 they're independent of the URL at which the CGI was accessed +run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { + $ENV{REQUEST_METHOD} = 'GET'; + $ENV{SERVER_PORT} = '443'; + $ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi'; + $ENV{QUERY_STRING} = 'do=prefs'; + $ENV{HTTP_HOST} = 'example.com'; + $ENV{HTTPS} = 'on'; +}); +%bits = parse_cgi_content($content); +is($bits{basehref}, "/wiki/"); +is($bits{stylehref}, "/wiki/style.css"); +is($bits{tophref}, "/wiki/"); +is($bits{cgihref}, "/cgi-bin/ikiwiki.cgi"); + +# when accessed via a different hostname, links stay on that host - +# this is really easy in html5 because we can use relative URLs +run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { + $ENV{REQUEST_METHOD} = 'GET'; + $ENV{SERVER_PORT} = '80'; + $ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi'; + $ENV{QUERY_STRING} = 'do=prefs'; + $ENV{HTTP_HOST} = 'staging.example.net'; +}); +%bits = parse_cgi_content($content); +is($bits{basehref}, "/wiki/"); +is($bits{stylehref}, "/wiki/style.css"); +is($bits{tophref}, "/wiki/"); +is($bits{cgihref}, "/cgi-bin/ikiwiki.cgi"); + +# previewing a page +$in = 'do=edit&page=a/b/c&Preview'; +run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub { + $ENV{REQUEST_METHOD} = 'POST'; + $ENV{SERVER_PORT} = '80'; + $ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi'; + $ENV{HTTP_HOST} = 'example.com'; + $ENV{CONTENT_LENGTH} = length $in; +}); +%bits = parse_cgi_content($content); +is($bits{basehref}, "/wiki/a/b/c/"); +is($bits{stylehref}, "/wiki/style.css"); +like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$}); +is($bits{cgihref}, "/cgi-bin/ikiwiki.cgi"); + ####################################################################### # site 2: static content and CGI are on different servers -writefile("test.setup", "t/tmp", < 0, + url => "http://static.example.com/", + cgiurl => "http://cgi.example.com/ikiwiki.cgi", ); - -ok(unlink("t/tmp/ikiwiki.cgi")); -ok(! system("./ikiwiki.out --setup t/tmp/test.setup --rebuild --wrappers")); - -# CGI wrapper should be exactly the requested mode -(undef, undef, $mode, undef, undef, - undef, undef, undef, undef, undef, - undef, undef, undef) = stat("t/tmp/ikiwiki.cgi"); -is($mode & 07777, 0754); +thoroughly_rebuild(); +check_cgi_mode_bits(); ok(-e "t/tmp/out/a/b/c/index.html"); $content = readfile("t/tmp/out/a/b/c/index.html"); @@ -246,40 +323,91 @@ run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub { like($bits{basehref}, qr{^http://static.example.com/a/b/c/$}); like($bits{stylehref}, qr{^(?:(?:http:)?//static.example.com|\.\./\.\./\.\.)/style.css$}); like($bits{tophref}, qr{^(?:(?:http:)?//static.example.com|\.\./\.\./\.\.)/$}); +like($bits{cgihref}, qr{^(?:(?:http:)?//(?:staging\.example\.net|cgi\.example\.com))?/ikiwiki.cgi$}); TODO: { local $TODO = "use self-referential CGI URL?"; like($bits{cgihref}, qr{^(?:(?:http:)?//staging.example.net)?/ikiwiki.cgi$}); } +write_setup_file( + html5 => 1, + url => "http://static.example.com/", + cgiurl => "http://cgi.example.com/ikiwiki.cgi", +); +thoroughly_rebuild(); +check_cgi_mode_bits(); + +ok(-e "t/tmp/out/a/b/c/index.html"); +$content = readfile("t/tmp/out/a/b/c/index.html"); +# no on static HTML +unlike($content, qr{]+href="(?:http:)?//cgi.example.com/ikiwiki.cgi\?do=prefs"}); +# cross-links between static pages are still relative +like($content, qr{
  • A: a
    • }); +like($content, qr{
  • B: b
    • }); +like($content, qr{
  • E: e
    • }); + +run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { + $ENV{REQUEST_METHOD} = 'GET'; + $ENV{SERVER_PORT} = '80'; + $ENV{SCRIPT_NAME} = '/ikiwiki.cgi'; + $ENV{QUERY_STRING} = 'do=prefs'; + $ENV{HTTP_HOST} = 'cgi.example.com'; +}); +%bits = parse_cgi_content($content); +is($bits{basehref}, "//static.example.com/"); +is($bits{stylehref}, "//static.example.com/style.css"); +is($bits{tophref}, "//static.example.com/"); +is($bits{cgihref}, "//cgi.example.com/ikiwiki.cgi"); + +# when accessed via HTTPS, links are secure - in fact they're exactly the +# same as when accessed via HTTP +run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { + $ENV{REQUEST_METHOD} = 'GET'; + $ENV{SERVER_PORT} = '443'; + $ENV{SCRIPT_NAME} = '/ikiwiki.cgi'; + $ENV{QUERY_STRING} = 'do=prefs'; + $ENV{HTTP_HOST} = 'cgi.example.com'; + $ENV{HTTPS} = 'on'; +}); +%bits = parse_cgi_content($content); +is($bits{basehref}, "//static.example.com/"); +is($bits{stylehref}, "//static.example.com/style.css"); +is($bits{tophref}, "//static.example.com/"); +is($bits{cgihref}, "//cgi.example.com/ikiwiki.cgi"); + +# when accessed via a different hostname, links to the CGI (only) should +# stay on that host? +$in = 'do=edit&page=a/b/c&Preview'; +run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub { + $ENV{REQUEST_METHOD} = 'POST'; + $ENV{SERVER_PORT} = '80'; + $ENV{SCRIPT_NAME} = '/ikiwiki.cgi'; + $ENV{HTTP_HOST} = 'staging.example.net'; + $ENV{CONTENT_LENGTH} = length $in; +}); +%bits = parse_cgi_content($content); +is($bits{basehref}, "//static.example.com/a/b/c/"); +is($bits{stylehref}, "//static.example.com/style.css"); +is($bits{tophref}, "../../../"); +like($bits{cgihref}, qr{//(?:staging\.example\.net|cgi\.example\.com)/ikiwiki\.cgi}); +TODO: { +local $TODO = "use self-referential CGI URL maybe?"; +is($bits{cgihref}, "//staging.example.net/ikiwiki.cgi"); +} + ####################################################################### # site 3: we specifically want everything to be secure -writefile("test.setup", "t/tmp", < 0, + url => "https://example.com/wiki/", + cgiurl => "https://example.com/cgi-bin/ikiwiki.cgi", ); - -ok(unlink("t/tmp/ikiwiki.cgi")); -ok(! system("./ikiwiki.out --setup t/tmp/test.setup --rebuild --wrappers")); - -# CGI wrapper should be exactly the requested mode -(undef, undef, $mode, undef, undef, - undef, undef, undef, undef, undef, - undef, undef, undef) = stat("t/tmp/ikiwiki.cgi"); -is($mode & 07777, 0754); +thoroughly_rebuild(); +check_cgi_mode_bits(); ok(-e "t/tmp/out/a/b/c/index.html"); $content = readfile("t/tmp/out/a/b/c/index.html"); @@ -356,35 +484,18 @@ like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); +# not testing html5: 0 here because that ends up identical to site 1 + ####################################################################### # site 4 (NetBSD wiki): CGI is secure, static content doesn't have to be -writefile("test.setup", "t/tmp", < 0, + url => "http://example.com/wiki/", + cgiurl => "https://example.com/cgi-bin/ikiwiki.cgi", ); - -ok(unlink("t/tmp/ikiwiki.cgi")); -ok(! system("./ikiwiki.out --setup t/tmp/test.setup --rebuild --wrappers")); - -# CGI wrapper should be exactly the requested mode -(undef, undef, $mode, undef, undef, - undef, undef, undef, undef, undef, - undef, undef, undef) = stat("t/tmp/ikiwiki.cgi"); -is($mode & 07777, 0754); +thoroughly_rebuild(); +check_cgi_mode_bits(); ok(-e "t/tmp/out/a/b/c/index.html"); $content = readfile("t/tmp/out/a/b/c/index.html"); @@ -441,6 +552,7 @@ run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { like($bits{basehref}, qr{^https://staging.example.net/wiki/$}); like($bits{stylehref}, qr{^(?:(?:https:)?//staging.example.net)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:(?:(?:https:)?//staging.example.net)?/wiki|\.)/$}); +like($bits{cgihref}, qr{^(?:(?:https:)?//(?:staging\.example\.net|example\.com))?/cgi-bin/ikiwiki.cgi$}); TODO: { local $TODO = "this should really point back to itself but currently points to example.com"; like($bits{cgihref}, qr{^(?:(?:https:)?//staging.example.net)?/cgi-bin/ikiwiki.cgi$}); @@ -462,37 +574,137 @@ like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); +write_setup_file( + html5 => 1, + url => "http://example.com/wiki/", + cgiurl => "https://example.com/cgi-bin/ikiwiki.cgi", +); +thoroughly_rebuild(); +check_cgi_mode_bits(); + +ok(-e "t/tmp/out/a/b/c/index.html"); +$content = readfile("t/tmp/out/a/b/c/index.html"); +# no on static HTML +unlike($content, qr{]+href="https://example.com/cgi-bin/ikiwiki.cgi\?do=prefs"}); +# cross-links between static pages are relative +like($content, qr{
  • A: a
    • }); +like($content, qr{
  • B: b
    • }); +like($content, qr{
  • E: e
    • }); + +# when accessed via HTTPS, links are secure (to avoid mixed-content) +run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { + $ENV{REQUEST_METHOD} = 'GET'; + $ENV{SERVER_PORT} = '443'; + $ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi'; + $ENV{QUERY_STRING} = 'do=prefs'; + $ENV{HTTP_HOST} = 'example.com'; + $ENV{HTTPS} = 'on'; +}); +%bits = parse_cgi_content($content); +is($bits{basehref}, "/wiki/"); +is($bits{stylehref}, "/wiki/style.css"); +is($bits{tophref}, "/wiki/"); +like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); + +# when not accessed via HTTPS, ??? +run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { + $ENV{REQUEST_METHOD} = 'GET'; + $ENV{SERVER_PORT} = '80'; + $ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi'; + $ENV{QUERY_STRING} = 'do=prefs'; + $ENV{HTTP_HOST} = 'example.com'; +}); +%bits = parse_cgi_content($content); +like($bits{basehref}, qr{^(?:https?://example.com)?/wiki/$}); +like($bits{stylehref}, qr{^(?:(?:https?:)?//example.com)?/wiki/style.css$}); +like($bits{tophref}, qr{^(?:(?:https?://example.com)?/wiki|\.)/$}); +like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); + +# when accessed via a different hostname, links stay on that host +run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { + $ENV{REQUEST_METHOD} = 'GET'; + $ENV{SERVER_PORT} = '443'; + $ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi'; + $ENV{QUERY_STRING} = 'do=prefs'; + $ENV{HTTP_HOST} = 'staging.example.net'; + $ENV{HTTPS} = 'on'; +}); +%bits = parse_cgi_content($content); +# because the static and dynamic stuff is on the same server, we assume that +# both are also on the staging server +is($bits{basehref}, "/wiki/"); +is($bits{stylehref}, "/wiki/style.css"); +like($bits{tophref}, qr{^(?:/wiki|\.)/$}); +like($bits{cgihref}, qr{^(?:(?:https:)?//(?:example\.com|staging\.example\.net))?/cgi-bin/ikiwiki.cgi$}); +TODO: { +local $TODO = "this should really point back to itself but currently points to example.com"; +like($bits{cgihref}, qr{^(?:(?:https:)?//staging.example.net)?/cgi-bin/ikiwiki.cgi$}); +} + +# previewing a page +$in = 'do=edit&page=a/b/c&Preview'; +run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub { + $ENV{REQUEST_METHOD} = 'POST'; + $ENV{SERVER_PORT} = '443'; + $ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi'; + $ENV{HTTP_HOST} = 'example.com'; + $ENV{CONTENT_LENGTH} = length $in; + $ENV{HTTPS} = 'on'; +}); +%bits = parse_cgi_content($content); +is($bits{basehref}, "/wiki/a/b/c/"); +is($bits{stylehref}, "/wiki/style.css"); +like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$}); +like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); + # Deliberately not testing https static content with http cgiurl, # because that makes remarkably little sense. ####################################################################### # site 5: w3mmode, as documented in [[w3mmode]] -writefile("test.setup", "t/tmp", < 0, + url => undef, + cgiurl => "ikiwiki.cgi", + w3mmode => 1, ); +thoroughly_rebuild(); +check_cgi_mode_bits(); -ok(unlink("t/tmp/ikiwiki.cgi")); -ok(! system("./ikiwiki.out --setup t/tmp/test.setup --rebuild --wrappers")); +ok(-e "t/tmp/out/a/b/c/index.html"); +$content = readfile("t/tmp/out/a/b/c/index.html"); +# no on static HTML +unlike($content, qr{]+href="(?:file://)?/\$LIB/ikiwiki-w3m.cgi/ikiwiki.cgi\?do=prefs"}); +# cross-links between static pages are still relative +like($content, qr{
  • A: a
    • }); +like($content, qr{
  • B: b
    • }); +like($content, qr{
  • E: e
    • }); + +run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { + $ENV{REQUEST_METHOD} = 'GET'; + $ENV{PATH_INFO} = '/ikiwiki.cgi'; + $ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki-w3m.cgi'; + $ENV{QUERY_STRING} = 'do=prefs'; +}); +%bits = parse_cgi_content($content); +like($bits{tophref}, qr{^(?:\Q$pwd\E/t/tmp/out|\.)/$}); +like($bits{cgihref}, qr{^(?:file://)?/\$LIB/ikiwiki-w3m.cgi/ikiwiki.cgi$}); +like($bits{basehref}, qr{^(?:(?:file:)?//)?\Q$pwd\E/t/tmp/out/$}); +like($bits{stylehref}, qr{^(?:(?:(?:file:)?//)?\Q$pwd\E/t/tmp/out|\.)/style.css$}); -# CGI wrapper should be exactly the requested mode -(undef, undef, $mode, undef, undef, - undef, undef, undef, undef, undef, - undef, undef, undef) = stat("t/tmp/ikiwiki.cgi"); -is($mode & 07777, 0754); +write_setup_file( + html5 => 1, + url => undef, + cgiurl => "ikiwiki.cgi", + w3mmode => 1, +); +thoroughly_rebuild(); +check_cgi_mode_bits(); ok(-e "t/tmp/out/a/b/c/index.html"); $content = readfile("t/tmp/out/a/b/c/index.html"); @@ -520,33 +732,14 @@ like($bits{stylehref}, qr{^(?:(?:(?:file:)?//)?\Q$pwd\E/t/tmp/out|\.)/style.css$ ####################################################################### # site 6: we're behind a reverse-proxy -writefile("test.setup", "t/tmp", < 0, + url => "https://example.com/wiki/", + cgiurl => "https://example.com/cgi-bin/ikiwiki.cgi", + reverse_proxy => 1, ); - -ok(unlink("t/tmp/ikiwiki.cgi")); -ok(! system("./ikiwiki.out --setup t/tmp/test.setup --rebuild --wrappers")); - -# CGI wrapper should be exactly the requested mode -(undef, undef, $mode, undef, undef, - undef, undef, undef, undef, undef, - undef, undef, undef) = stat("t/tmp/ikiwiki.cgi"); -is($mode & 07777, 0754); +thoroughly_rebuild(); +check_cgi_mode_bits(); ok(-e "t/tmp/out/a/b/c/index.html"); $content = readfile("t/tmp/out/a/b/c/index.html"); @@ -571,11 +764,8 @@ run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { %bits = parse_cgi_content($content); like($bits{tophref}, qr{^(?:/wiki|\.)/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); -TODO: { -local $TODO = "reverse-proxy support needed"; is($bits{basehref}, "https://example.com/wiki/"); like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); -} # previewing a page $in = 'do=edit&page=a/b/c&Preview'; @@ -589,10 +779,10 @@ run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub { %bits = parse_cgi_content($content); like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); -TODO: { -local $TODO = "reverse-proxy support needed"; is($bits{basehref}, "https://example.com/wiki/a/b/c/"); like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); -} + +# not testing html5: 1 because it would be the same as site 1 - +# the reverse_proxy config option is unnecessary under html5 done_testing;