X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b04638275cff9b393e1bc04136d44f361b999cf8..3ed14dc61e8d39d748d0e7c25d12e4e5c45e09a8:/services/keep-web/handler_test.go diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go index 86e1409391..6bd34d7113 100644 --- a/services/keep-web/handler_test.go +++ b/services/keep-web/handler_test.go @@ -1,11 +1,18 @@ +// Copyright (C) The Arvados Authors. All rights reserved. +// +// SPDX-License-Identifier: AGPL-3.0 + package main import ( + "bytes" + "fmt" "html" "io/ioutil" "net/http" "net/http/httptest" "net/url" + "path/filepath" "regexp" "strings" @@ -19,7 +26,7 @@ var _ = check.Suite(&UnitSuite{}) type UnitSuite struct{} func (s *UnitSuite) TestCORSPreflight(c *check.C) { - h := handler{Config: &Config{}} + h := handler{Config: DefaultConfig()} u, _ := url.Parse("http://keep-web.example/c=" + arvadostest.FooCollection + "/foo") req := &http.Request{ Method: "OPTIONS", @@ -38,8 +45,8 @@ func (s *UnitSuite) TestCORSPreflight(c *check.C) { c.Check(resp.Code, check.Equals, http.StatusOK) c.Check(resp.Body.String(), check.Equals, "") c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*") - c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Equals, "GET, POST") - c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Range") + c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Equals, "GET, POST, OPTIONS, PROPFIND") + c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Authorization, Content-Type, Range") // Check preflight for a disallowed request resp = httptest.NewRecorder() @@ -49,6 +56,35 @@ func (s *UnitSuite) TestCORSPreflight(c *check.C) { c.Check(resp.Code, check.Equals, http.StatusMethodNotAllowed) } +func (s *UnitSuite) TestInvalidUUID(c *check.C) { + bogusID := strings.Replace(arvadostest.FooPdh, "+", "-", 1) + "-" + token := arvadostest.ActiveToken + for _, trial := range []string{ + "http://keep-web/c=" + bogusID + "/foo", + "http://keep-web/c=" + bogusID + "/t=" + token + "/foo", + "http://keep-web/collections/download/" + bogusID + "/" + token + "/foo", + "http://keep-web/collections/" + bogusID + "/foo", + "http://" + bogusID + ".keep-web/" + bogusID + "/foo", + "http://" + bogusID + ".keep-web/t=" + token + "/" + bogusID + "/foo", + } { + c.Log(trial) + u, err := url.Parse(trial) + c.Assert(err, check.IsNil) + req := &http.Request{ + Method: "GET", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + } + resp := httptest.NewRecorder() + cfg := DefaultConfig() + cfg.AnonymousTokens = []string{arvadostest.AnonymousToken} + h := handler{Config: cfg} + h.ServeHTTP(resp, req) + c.Check(resp.Code, check.Equals, http.StatusNotFound) + } +} + func mustParseURL(s string) *url.URL { r, err := url.Parse(s) if err != nil { @@ -450,3 +486,177 @@ func (s *IntegrationSuite) testVhostRedirectTokenToCookie(c *check.C, method, ho c.Check(resp.Header().Get("Location"), check.Equals, "") return resp } + +func (s *IntegrationSuite) TestDirectoryListing(c *check.C) { + s.testServer.Config.AttachmentOnlyHost = "download.example.com" + authHeader := http.Header{ + "Authorization": {"OAuth2 " + arvadostest.ActiveToken}, + } + for _, trial := range []struct { + uri string + header http.Header + expect []string + cutDirs int + }{ + { + uri: strings.Replace(arvadostest.FooAndBarFilesInDirPDH, "+", "-", -1) + ".example.com/", + header: authHeader, + expect: []string{"dir1/foo", "dir1/bar"}, + cutDirs: 0, + }, + { + uri: strings.Replace(arvadostest.FooAndBarFilesInDirPDH, "+", "-", -1) + ".example.com/dir1/", + header: authHeader, + expect: []string{"foo", "bar"}, + cutDirs: 0, + }, + { + uri: "download.example.com/collections/" + arvadostest.FooAndBarFilesInDirUUID + "/", + header: authHeader, + expect: []string{"dir1/foo", "dir1/bar"}, + cutDirs: 2, + }, + { + uri: "collections.example.com/collections/download/" + arvadostest.FooAndBarFilesInDirUUID + "/" + arvadostest.ActiveToken + "/", + header: nil, + expect: []string{"dir1/foo", "dir1/bar"}, + cutDirs: 4, + }, + { + uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/t=" + arvadostest.ActiveToken + "/", + header: nil, + expect: []string{"dir1/foo", "dir1/bar"}, + cutDirs: 2, + }, + { + uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/t=" + arvadostest.ActiveToken, + header: nil, + expect: []string{"dir1/foo", "dir1/bar"}, + cutDirs: 2, + }, + { + uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID, + header: authHeader, + expect: []string{"dir1/foo", "dir1/bar"}, + cutDirs: 1, + }, + { + uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/dir1/", + header: authHeader, + expect: []string{"foo", "bar"}, + cutDirs: 1, + }, + { + uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/_/dir1/", + header: authHeader, + expect: []string{"foo", "bar"}, + cutDirs: 2, + }, + { + uri: arvadostest.FooAndBarFilesInDirUUID + ".example.com/dir1?api_token=" + arvadostest.ActiveToken, + header: authHeader, + expect: []string{"foo", "bar"}, + cutDirs: 0, + }, + { + uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/theperthcountyconspiracydoesnotexist/", + header: authHeader, + expect: nil, + }, + } { + c.Logf("HTML: %q => %q", trial.uri, trial.expect) + resp := httptest.NewRecorder() + u := mustParseURL("//" + trial.uri) + req := &http.Request{ + Method: "GET", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: trial.header, + } + s.testServer.Handler.ServeHTTP(resp, req) + var cookies []*http.Cookie + for resp.Code == http.StatusSeeOther { + u, _ := req.URL.Parse(resp.Header().Get("Location")) + req = &http.Request{ + Method: "GET", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: trial.header, + } + cookies = append(cookies, (&http.Response{Header: resp.Header()}).Cookies()...) + for _, c := range cookies { + req.AddCookie(c) + } + resp = httptest.NewRecorder() + s.testServer.Handler.ServeHTTP(resp, req) + } + if trial.expect == nil { + c.Check(resp.Code, check.Equals, http.StatusNotFound) + } else { + c.Check(resp.Code, check.Equals, http.StatusOK) + for _, e := range trial.expect { + c.Check(resp.Body.String(), check.Matches, `(?ms).*href="`+e+`".*`) + } + c.Check(resp.Body.String(), check.Matches, `(?ms).*--cut-dirs=`+fmt.Sprintf("%d", trial.cutDirs)+` .*`) + } + + c.Logf("WebDAV: %q => %q", trial.uri, trial.expect) + req = &http.Request{ + Method: "OPTIONS", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: trial.header, + Body: ioutil.NopCloser(&bytes.Buffer{}), + } + resp = httptest.NewRecorder() + s.testServer.Handler.ServeHTTP(resp, req) + if trial.expect == nil { + c.Check(resp.Code, check.Equals, http.StatusNotFound) + } else { + c.Check(resp.Code, check.Equals, http.StatusOK) + } + + req = &http.Request{ + Method: "PROPFIND", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: trial.header, + Body: ioutil.NopCloser(&bytes.Buffer{}), + } + resp = httptest.NewRecorder() + s.testServer.Handler.ServeHTTP(resp, req) + if trial.expect == nil { + c.Check(resp.Code, check.Equals, http.StatusNotFound) + } else { + c.Check(resp.Code, check.Equals, http.StatusMultiStatus) + for _, e := range trial.expect { + c.Check(resp.Body.String(), check.Matches, `(?ms).*`+filepath.Join(u.Path, e)+`.*`) + } + } + } +} + +func (s *IntegrationSuite) TestHealthCheckPing(c *check.C) { + s.testServer.Config.ManagementToken = arvadostest.ManagementToken + authHeader := http.Header{ + "Authorization": {"Bearer " + arvadostest.ManagementToken}, + } + + resp := httptest.NewRecorder() + u := mustParseURL("http://download.example.com/_health/ping") + req := &http.Request{ + Method: "GET", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: authHeader, + } + s.testServer.Handler.ServeHTTP(resp, req) + + c.Check(resp.Code, check.Equals, http.StatusOK) + c.Check(resp.Body.String(), check.Matches, `{"health":"OK"}\n`) +}