| #! /bin/sh |
| |
| # some unit tests for the craft UI |
| |
| # save stdout to 3, dup stdout to a file |
| log=.testlog.$$ |
| ln -sf LOG $log |
| exec 3>&1 |
| exec >$log 2>&1 |
| |
| failcount=0 |
| passcount=0 |
| |
| fail() { |
| echo "FAIL: $*" >&3 |
| echo "FAIL: $*" |
| ((failcount++)) |
| } |
| |
| pass() { |
| echo "PASS: $*" >&3 |
| echo "PASS: $*" |
| ((passcount++)) |
| } |
| |
| testname() { |
| test="$*" |
| echo "" |
| echo "---------------------------------------------------------" |
| echo "starting test '$test'" |
| } |
| |
| check_success() { |
| status=$? |
| echo "check_success: last return code was $status, wanted 0" |
| if [ $status = 0 ]; then |
| pass $test |
| else |
| fail $test |
| fi |
| } |
| |
| check_failure() { |
| status=$? |
| echo "check_failure: last return code was $status, wanted not-0" |
| if [ $status != 0 ]; then |
| pass $test |
| else |
| fail $test |
| fi |
| } |
| |
| onexit() { |
| testname "process not running at exit" |
| kill -0 $pid1 |
| check_failure |
| |
| testname "end of script reached" |
| test "$eos" = 1 |
| check_success |
| |
| exec 1>&3 |
| echo "SUMMARY: pass=$passcount fail=$failcount" |
| if [ $failcount -eq 0 ]; then |
| echo "SUCCESS: $passcount tests passed." |
| else |
| echo "FAILURE: $failcount tests failed." |
| echo "details follow:" |
| cat $log |
| fi |
| rm -f $log |
| |
| exit $failcount |
| } |
| |
| run_tests() { |
| local http https url curl n arg curl_arg |
| |
| http=8888 |
| https=8889 |
| curl_ca="--cacert tmp-certs/rootCA.pem" |
| |
| testname "server not running" |
| curl -s http://localhost:8888/ |
| check_failure |
| |
| # add a signed cert (using our fake CA) |
| sh HOW.cert |
| for n in sim1 sim2; do |
| chmod 750 $n/tmp/ssl/* |
| cp tmp-certs/localhost.pem $n/tmp/ssl/certs/craftui.pem |
| cp tmp-certs/localhost.key $n/tmp/ssl/private/craftui.key |
| done |
| |
| ./craftui & |
| pid1=$! |
| ./craftui -2 & |
| pid2=$! |
| |
| testname "process running" |
| kill -0 $pid1 |
| check_success |
| |
| sleep 1 |
| |
| curl_noca="curl -v -s -m 1" |
| curl="$curl_noca $curl_ca" |
| |
| # verify localhost works |
| testname https localhost |
| $curl https://localhost:$https/status |& grep 'WWW-Authenticate: Digest' |
| check_success |
| |
| # but needs --cacert |
| testname https localhost without CA |
| $curl_noca https://localhost:$https/status |& |
| grep 'unable to get local issuer certificate' |
| check_success |
| |
| # and 127.0.0.1 fails due to cert name mismatch |
| testname https 127.0.0.1 |
| $curl https://127.0.0.1:$https/status |& |
| grep "certificate subject name 'localhost' does not match target host name" |
| check_success |
| |
| for url in http://localhost:$http https://localhost:$https; do |
| |
| testname "404 not found ($url)" |
| $curl $url/notexist |& grep '404: Not Found' |
| check_success |
| |
| baduser_auth="--digest --user root:admin" |
| badpass_auth="--digest --user guest:admin" |
| |
| for auth in "" "$baduser_auth" "$badpass_auth"; do |
| for n in status config content.json; do |
| testname "page $n bad auth ($url, $auth)" |
| $curl $auth $url/$n |& grep 'WWW-Authenticate: Digest' |
| check_success |
| done |
| done |
| |
| admin_auth="--digest --user admin:admin" |
| guest_auth="--digest --user guest:guest" |
| |
| # should fail with guest_auth |
| for auth in "$admin_auth"; do |
| testname "config web page ($url, $auth)" |
| $curl $auth $url/config |& grep 'WWW-Authenticate: Digest' |
| check_success |
| done |
| |
| # should work with no auth |
| for auth in ""; do |
| testname "welcome web page ($url)" |
| $curl $url/ |& grep welcome.thtml |
| check_success |
| done |
| |
| # should work with guest_auth |
| for auth in "$guest_auth"; do |
| testname "status web page ($url, $auth)" |
| $curl $auth $url/status |& grep status.thtml |
| check_success |
| |
| testname "json ($url, $auth)" |
| $curl $auth $url/content.json |& grep '"platform": "GFCH100"' |
| check_success |
| done |
| |
| # should work with admin_auth |
| for auth in "$admin_auth"; do |
| testname "status web page ($url, $auth)" |
| $curl $auth $url/status |& grep status.thtml |
| check_success |
| |
| testname "config web page ($url, $auth)" |
| $curl $auth $url/config |& grep config.thtml |
| check_success |
| |
| testname "json ($url, $auth)" |
| $curl $auth $url/content.json |& grep '"platform": "GFCH100"' |
| check_success |
| done |
| |
| testname "bad json to config page ($url)" |
| $curl $admin_auth -d 'duck' $url/content.json | grep "json format error" |
| check_success |
| |
| testname "good json config ($url)" |
| d='{"config":[{"peer_ipaddr":"192.168.99.99/24"}]}' |
| $curl $admin_auth -d $d $url/content.json |& grep '"error": 0}' |
| check_success |
| |
| testname "good json config, bad value ($url)" |
| d='{"config":[{"peer_ipaddr":"192.168.99.99/240"}]}' |
| $curl $admin_auth -d $d $url/content.json |& grep '"error": 1}' |
| check_success |
| |
| testname "good json config, guest access ($url)" |
| d='{"config":[{"peer_ipaddr":"192.168.99.99/24"}]}' |
| $curl $guest_auth -d $d $url/content.json |& grep '401 Unauthorized' |
| check_success |
| |
| testname "good json config, no auth ($url)" |
| d='{"config":[{"peer_ipaddr":"192.168.99.99/24"}]}' |
| $curl -d $d $url/content.json |& grep '401 Unauthorized' |
| check_success |
| |
| testname "password is base64 ($url)" |
| admin=$(echo -n admin | base64) |
| new=$(echo -n ducky | base64) |
| d='{ "config": [ { "password_guest": { |
| "admin": "'"$admin"'", |
| "new": "'"$new"'", |
| "confirm": "'"$new"'" |
| } } ] }' |
| $curl $admin_auth -d "$d" $url/content.json |& grep '"error": 0}' |
| check_success |
| |
| # TODO(edjames): duckduck does not fail. Need to catch that. |
| testname "password not base64 ($url)" |
| new=ducky |
| d='{ "config": [ { "password_guest": { |
| "admin": "'"$admin"'", |
| "new": "'"$new"'", |
| "confirm": "'"$new"'" |
| } } ] }' |
| $curl $admin_auth -d "$d" $url/content.json |& grep '"error": 1}' |
| check_success |
| |
| testname proxy read from peer |
| $curl $admin_auth $url/content.json'?peer=1' |& grep '"platform": "GFCH100"' |
| check_success |
| |
| testname proxy write to peer |
| d='{"config":[{"peer_ipaddr":"192.168.99.99/24"}]}' |
| $curl $admin_auth -d $d $url/content.json'?peer=1' |& grep '"error": 0}' |
| check_success |
| |
| done |
| |
| # verify insecure message is hidden on https and not on http |
| for peer in '' '?peer=1'; do |
| testname http warning $peer |
| $curl http://localhost:$http$peer |& grep 'hidden_on_https value=""' |
| check_success |
| |
| testname no https warning $peer |
| $curl https://localhost:$https$peer |& grep 'hidden_on_https value="hidden"' |
| check_success |
| done |
| |
| testname "process still running at end of test sequence" |
| kill -0 $pid1 |
| check_success |
| |
| # cleanup |
| t0=$(date +%s) |
| kill $pid1 |
| kill $pid2 |
| wait |
| t1=$(date +%s) |
| dt=$((t1 - t0)) |
| |
| testname "process stopped on TERM reasonably fast" |
| echo "process stopped in $dt seconds" |
| test "$dt" -lt 3 |
| check_success |
| } |
| |
| # |
| # main() |
| # |
| trap onexit 0 1 2 3 |
| |
| # sanity tests |
| testname true |
| true |
| check_success |
| |
| testname false |
| false |
| check_failure |
| |
| # run test suite |
| run_tests |
| |
| # If there's a syntax error in this script, trap 0 will call onexit, |
| # so indicate we really hit the end of the script. |
| eos=1 |
| # end of script, add more tests before this section |