mirror of
https://github.com/iv-org/invidious.git
synced 2025-11-04 14:18:30 -06:00
40fb17791e
Commit the whole ./lib/ folder which stores the Crystal dependencies. This has a few benefits: - Allows to build the project without a connection to the Internet to retrieve dependencies. - Makes the project resistant against dependency re-tags which might include malicious code.
102 lines
3.5 KiB
Crystal
102 lines
3.5 KiB
Crystal
require "../spec_helper"
|
|
|
|
# The following specs requires specific lines in the local pg_hba.conf file
|
|
# * crystal_md5 user with md5 method
|
|
# * and if the line is trust for everything, it needs to be restricted to
|
|
# just your user
|
|
# Because of this, most of these specs are disabled by default. To enable them
|
|
# place an empty file called .run_auth_specs in /spec
|
|
|
|
private def test_role(role, pass)
|
|
db = PG_DB.query_one("select current_database()", &.read)
|
|
url = "postgres://#{role}:#{pass}@127.0.0.1/#{db}"
|
|
DB.open(url) do |db|
|
|
db.query_one("select 1", &.read).should eq(1)
|
|
end
|
|
end
|
|
|
|
describe PQ::Connection, "nologin role" do
|
|
it "raises" do
|
|
PG_DB.exec("drop role if exists crystal_test")
|
|
PG_DB.exec("create role crystal_test nologin")
|
|
expect_raises(DB::ConnectionRefused) {
|
|
DB.open("postgres://crystal_test@localhost")
|
|
}
|
|
PG_DB.exec("drop role if exists crystal_test")
|
|
end
|
|
end
|
|
|
|
if File.exists?(File.join(File.dirname(__FILE__), "../.run_auth_specs"))
|
|
describe PQ::Connection, "scram auth" do
|
|
it "works when given the correct password" do
|
|
PG_DB.exec("drop role if exists crystal_scram")
|
|
PG_DB.exec("set password_encryption='scram-sha-256'")
|
|
PG_DB.exec("create role crystal_scram login encrypted password 'pass'")
|
|
|
|
test_role("crystal_scram", "pass")
|
|
|
|
PG_DB.exec("drop role if exists crystal_scram")
|
|
end
|
|
|
|
it "fails with a bad password" do
|
|
PG_DB.exec("drop role if exists crystal_scram")
|
|
PG_DB.exec("set password_encryption='scram-sha-256'")
|
|
PG_DB.exec("create role crystal_scram login encrypted password 'pass'")
|
|
|
|
expect_raises(DB::ConnectionRefused) {
|
|
test_role("crystal_scram", "wrong")
|
|
}
|
|
|
|
expect_raises(DB::ConnectionRefused) {
|
|
test_role("crystal_scram", "")
|
|
}
|
|
|
|
PG_DB.exec("drop role if exists crystal_scram")
|
|
end
|
|
end if Helper.db_version_gte(10)
|
|
|
|
describe PQ::Connection, "md5 auth" do
|
|
it "works when given the correct password" do
|
|
PG_DB.exec("drop role if exists crystal_md5")
|
|
PG_DB.exec("set password_encryption='md5'") if Helper.db_version_gte(10)
|
|
PG_DB.exec("create role crystal_md5 login encrypted password 'pass'")
|
|
test_role("crystal_md5", "pass")
|
|
PG_DB.exec("drop role if exists crystal_md5")
|
|
end
|
|
|
|
it "fails when given the wrong password" do
|
|
PG_DB.exec("drop role if exists crystal_md5")
|
|
PG_DB.exec("set password_encryption='md5'") if Helper.db_version_gte(10)
|
|
PG_DB.exec("create role crystal_md5 login encrypted password 'pass'")
|
|
|
|
expect_raises(DB::ConnectionRefused) {
|
|
test_role("crystal_md5", "bad")
|
|
}
|
|
|
|
expect_raises(DB::ConnectionRefused) {
|
|
test_role("crystal_md5", "")
|
|
}
|
|
|
|
PG_DB.exec("drop role if exists crystal_md5")
|
|
end
|
|
end
|
|
|
|
describe PQ::Connection, "ssl clientcert auth" do
|
|
it "works when using ssl clientcert" do
|
|
PG_DB.exec("drop role if exists crystal_ssl")
|
|
PG_DB.exec("create role crystal_ssl login encrypted password 'pass'")
|
|
db = PG_DB.query_one("select current_database()", &.read)
|
|
certs = File.join Dir.current, ".cert"
|
|
uri = "postgres://crystal_ssl@127.0.0.1/#{db}?sslmode=verify-full&sslcert=#{certs}/crystal_ssl.crt&sslkey=#{certs}/crystal_ssl.key&sslrootcert=#{certs}/root.crt"
|
|
DB.open(uri) do |db|
|
|
db.query_one("select current_user", &.read).should eq("crystal_ssl")
|
|
end
|
|
PG_DB.exec("drop role if exists crystal_ssl")
|
|
end
|
|
end
|
|
else
|
|
describe "auth specs" do
|
|
pending "skipped: see file for details" { }
|
|
end
|
|
end
|