123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698 |
- // Copyright (C) 2016 The Syncthing Authors.
- //
- // This Source Code Form is subject to the terms of the Mozilla Public
- // License, v. 2.0. If a copy of the MPL was not distributed with this file,
- // You can obtain one at https://mozilla.org/MPL/2.0/.
- package api
- import (
- "bytes"
- "compress/gzip"
- "context"
- "encoding/json"
- "fmt"
- "io"
- "net"
- "net/http"
- "net/http/httptest"
- "os"
- "path/filepath"
- "slices"
- "strconv"
- "strings"
- "testing"
- "time"
- "github.com/d4l3k/messagediff"
- "github.com/syncthing/syncthing/lib/assets"
- "github.com/syncthing/syncthing/lib/build"
- "github.com/syncthing/syncthing/lib/config"
- connmocks "github.com/syncthing/syncthing/lib/connections/mocks"
- "github.com/syncthing/syncthing/lib/db"
- "github.com/syncthing/syncthing/lib/db/backend"
- discovermocks "github.com/syncthing/syncthing/lib/discover/mocks"
- "github.com/syncthing/syncthing/lib/events"
- eventmocks "github.com/syncthing/syncthing/lib/events/mocks"
- "github.com/syncthing/syncthing/lib/fs"
- "github.com/syncthing/syncthing/lib/locations"
- "github.com/syncthing/syncthing/lib/logger"
- loggermocks "github.com/syncthing/syncthing/lib/logger/mocks"
- "github.com/syncthing/syncthing/lib/model"
- modelmocks "github.com/syncthing/syncthing/lib/model/mocks"
- "github.com/syncthing/syncthing/lib/protocol"
- "github.com/syncthing/syncthing/lib/rand"
- "github.com/syncthing/syncthing/lib/svcutil"
- "github.com/syncthing/syncthing/lib/sync"
- "github.com/syncthing/syncthing/lib/tlsutil"
- "github.com/syncthing/syncthing/lib/ur"
- "github.com/thejerf/suture/v4"
- )
- var (
- confDir = filepath.Join("testdata", "config")
- dev1 protocol.DeviceID
- apiCfg = newMockedConfig()
- testAPIKey = "foobarbaz"
- )
- func init() {
- dev1, _ = protocol.DeviceIDFromString("AIR6LPZ-7K4PTTV-UXQSMUU-CPQ5YWH-OEDFIIQ-JUG777G-2YQXXR5-YD6AWQR")
- apiCfg.GUIReturns(config.GUIConfiguration{APIKey: testAPIKey, RawAddress: "127.0.0.1:0"})
- }
- func TestMain(m *testing.M) {
- orig := locations.GetBaseDir(locations.ConfigBaseDir)
- locations.SetBaseDir(locations.ConfigBaseDir, confDir)
- exitCode := m.Run()
- locations.SetBaseDir(locations.ConfigBaseDir, orig)
- os.Exit(exitCode)
- }
- func TestStopAfterBrokenConfig(t *testing.T) {
- t.Parallel()
- cfg := config.Configuration{
- GUI: config.GUIConfiguration{
- RawAddress: "127.0.0.1:0",
- RawUseTLS: false,
- },
- }
- w := config.Wrap("/dev/null", cfg, protocol.LocalDeviceID, events.NoopLogger)
- mdb, _ := db.NewLowlevel(backend.OpenMemory(), events.NoopLogger)
- kdb := db.NewMiscDataNamespace(mdb)
- srv := New(protocol.LocalDeviceID, w, "", "syncthing", nil, nil, nil, events.NoopLogger, nil, nil, nil, nil, nil, nil, false, kdb).(*service)
- srv.started = make(chan string)
- sup := suture.New("test", svcutil.SpecWithDebugLogger(l))
- sup.Add(srv)
- ctx, cancel := context.WithCancel(context.Background())
- sup.ServeBackground(ctx)
- <-srv.started
- // Service is now running, listening on a random port on localhost. Now we
- // request a config change to a completely invalid listen address. The
- // commit will fail and the service will be in a broken state.
- newCfg := config.Configuration{
- GUI: config.GUIConfiguration{
- RawAddress: "totally not a valid address",
- RawUseTLS: false,
- },
- }
- if err := srv.VerifyConfiguration(cfg, newCfg); err == nil {
- t.Fatal("Verify config should have failed")
- }
- cancel()
- }
- func TestAssetsDir(t *testing.T) {
- t.Parallel()
- // For any given request to $FILE, we should return the first found of
- // - assetsdir/$THEME/$FILE
- // - compiled in asset $THEME/$FILE
- // - assetsdir/default/$FILE
- // - compiled in asset default/$FILE
- // The asset map contains compressed assets, so create a couple of gzip compressed assets here.
- buf := new(bytes.Buffer)
- gw := gzip.NewWriter(buf)
- gw.Write([]byte("default"))
- gw.Close()
- def := assets.Asset{
- Content: buf.String(),
- Gzipped: true,
- }
- buf = new(bytes.Buffer)
- gw = gzip.NewWriter(buf)
- gw.Write([]byte("foo"))
- gw.Close()
- foo := assets.Asset{
- Content: buf.String(),
- Gzipped: true,
- }
- e := &staticsServer{
- theme: "foo",
- mut: sync.NewRWMutex(),
- assetDir: "testdata",
- assets: map[string]assets.Asset{
- "foo/a": foo, // overridden in foo/a
- "foo/b": foo,
- "default/a": def, // overridden in default/a (but foo/a takes precedence)
- "default/b": def, // overridden in default/b (but foo/b takes precedence)
- "default/c": def,
- },
- }
- s := httptest.NewServer(e)
- defer s.Close()
- // assetsdir/foo/a exists, overrides compiled in
- expectURLToContain(t, s.URL+"/a", "overridden-foo")
- // foo/b is compiled in, default/b is overridden, return compiled in
- expectURLToContain(t, s.URL+"/b", "foo")
- // only exists as compiled in default/c so use that
- expectURLToContain(t, s.URL+"/c", "default")
- // only exists as overridden default/d so use that
- expectURLToContain(t, s.URL+"/d", "overridden-default")
- }
- func expectURLToContain(t *testing.T, url, exp string) {
- res, err := http.Get(url)
- if err != nil {
- t.Error(err)
- return
- }
- if res.StatusCode != 200 {
- t.Errorf("Got %s instead of 200 OK", res.Status)
- return
- }
- data, err := io.ReadAll(res.Body)
- res.Body.Close()
- if err != nil {
- t.Error(err)
- return
- }
- if string(data) != exp {
- t.Errorf("Got %q instead of %q on %q", data, exp, url)
- return
- }
- }
- func TestDirNames(t *testing.T) {
- t.Parallel()
- names := dirNames("testdata")
- expected := []string{"config", "default", "foo", "testfolder"}
- if diff, equal := messagediff.PrettyDiff(expected, names); !equal {
- t.Errorf("Unexpected dirNames return: %#v\n%s", names, diff)
- }
- }
- type httpTestCase struct {
- URL string // URL to check
- Code int // Expected result code
- Type string // Expected content type
- Prefix string // Expected result prefix
- Timeout time.Duration // Defaults to a second
- }
- func TestAPIServiceRequests(t *testing.T) {
- t.Parallel()
- baseURL, cancel, err := startHTTP(apiCfg)
- if err != nil {
- t.Fatal(err)
- }
- t.Cleanup(cancel)
- cases := []httpTestCase{
- // /rest/db
- {
- URL: "/rest/db/completion?device=" + protocol.LocalDeviceID.String() + "&folder=default",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- Timeout: 15 * time.Second,
- },
- {
- URL: "/rest/db/file?folder=default&file=something",
- Code: 404,
- },
- {
- URL: "/rest/db/ignores?folder=default",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/db/need?folder=default",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/db/status?folder=default",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/db/browse?folder=default",
- Code: 200,
- Type: "application/json",
- Prefix: "null",
- },
- {
- URL: "/rest/db/status?folder=default",
- Code: 200,
- Type: "application/json",
- Prefix: "",
- },
- // /rest/stats
- {
- URL: "/rest/stats/device",
- Code: 200,
- Type: "application/json",
- Prefix: "null",
- },
- {
- URL: "/rest/stats/folder",
- Code: 200,
- Type: "application/json",
- Prefix: "null",
- },
- // /rest/svc
- {
- URL: "/rest/svc/deviceid?id=" + protocol.LocalDeviceID.String(),
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/svc/lang",
- Code: 200,
- Type: "application/json",
- Prefix: "[",
- },
- {
- URL: "/rest/svc/report",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- Timeout: 5 * time.Second,
- },
- // /rest/system
- {
- URL: "/rest/system/browse?current=~",
- Code: 200,
- Type: "application/json",
- Prefix: "[",
- },
- {
- URL: "/rest/system/config",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/system/config/insync",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/system/connections",
- Code: 200,
- Type: "application/json",
- Prefix: "null",
- },
- {
- URL: "/rest/system/discovery",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/system/error?since=0",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/system/ping",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/system/status",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/system/version",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/system/debug",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/system/log?since=0",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/system/log.txt?since=0",
- Code: 200,
- Type: "text/plain",
- Prefix: "",
- },
- // /rest/config
- {
- URL: "/rest/config",
- Code: 200,
- Type: "application/json",
- Prefix: "",
- },
- {
- URL: "/rest/config/folders",
- Code: 200,
- Type: "application/json",
- Prefix: "",
- },
- {
- URL: "/rest/config/folders/missing",
- Code: 404,
- Type: "text/plain",
- Prefix: "",
- },
- {
- URL: "/rest/config/devices",
- Code: 200,
- Type: "application/json",
- Prefix: "",
- },
- {
- URL: "/rest/config/devices/illegalid",
- Code: 400,
- Type: "text/plain",
- Prefix: "",
- },
- {
- URL: "/rest/config/devices/" + protocol.GlobalDeviceID.String(),
- Code: 404,
- Type: "text/plain",
- Prefix: "",
- },
- {
- URL: "/rest/config/options",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/config/gui",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- {
- URL: "/rest/config/ldap",
- Code: 200,
- Type: "application/json",
- Prefix: "{",
- },
- }
- for _, tc := range cases {
- tc := tc
- t.Run(tc.URL, func(t *testing.T) {
- t.Parallel()
- testHTTPRequest(t, baseURL, tc, testAPIKey)
- })
- }
- }
- // testHTTPRequest tries the given test case, comparing the result code,
- // content type, and result prefix.
- func testHTTPRequest(t *testing.T, baseURL string, tc httpTestCase, apikey string) {
- timeout := time.Second
- if tc.Timeout > 0 {
- timeout = tc.Timeout
- }
- cli := &http.Client{
- Timeout: timeout,
- }
- req, err := http.NewRequest("GET", baseURL+tc.URL, nil)
- if err != nil {
- t.Errorf("Unexpected error requesting %s: %v", tc.URL, err)
- return
- }
- req.Header.Set("X-API-Key", apikey)
- resp, err := cli.Do(req)
- if err != nil {
- t.Errorf("Unexpected error requesting %s: %v", tc.URL, err)
- return
- }
- defer resp.Body.Close()
- if resp.StatusCode != tc.Code {
- t.Errorf("Get on %s should have returned status code %d, not %s", tc.URL, tc.Code, resp.Status)
- return
- }
- ct := resp.Header.Get("Content-Type")
- if !strings.HasPrefix(ct, tc.Type) {
- t.Errorf("The content type on %s should be %q, not %q", tc.URL, tc.Type, ct)
- return
- }
- data, err := io.ReadAll(resp.Body)
- if err != nil {
- t.Errorf("Unexpected error reading %s: %v", tc.URL, err)
- return
- }
- if !bytes.HasPrefix(data, []byte(tc.Prefix)) {
- t.Errorf("Returned data from %s does not have prefix %q: %s", tc.URL, tc.Prefix, data)
- return
- }
- }
- func hasSessionCookie(cookies []*http.Cookie) bool {
- for _, cookie := range cookies {
- if cookie.MaxAge >= 0 && strings.HasPrefix(cookie.Name, "sessionid") {
- return true
- }
- }
- return false
- }
- func httpGet(url string, basicAuthUsername string, basicAuthPassword string, xapikeyHeader string, authorizationBearer string, cookies []*http.Cookie, t *testing.T) *http.Response {
- req, err := http.NewRequest("GET", url, nil)
- for _, cookie := range cookies {
- req.AddCookie(cookie)
- }
- if err != nil {
- t.Fatal(err)
- }
- if basicAuthUsername != "" || basicAuthPassword != "" {
- req.SetBasicAuth(basicAuthUsername, basicAuthPassword)
- }
- if xapikeyHeader != "" {
- req.Header.Set("X-API-Key", xapikeyHeader)
- }
- if authorizationBearer != "" {
- req.Header.Set("Authorization", "Bearer "+authorizationBearer)
- }
- resp, err := http.DefaultClient.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- return resp
- }
- func httpPost(url string, body map[string]string, t *testing.T) *http.Response {
- bodyBytes, err := json.Marshal(body)
- if err != nil {
- t.Fatal(err)
- }
- req, err := http.NewRequest("POST", url, bytes.NewReader(bodyBytes))
- if err != nil {
- t.Fatal(err)
- }
- resp, err := http.DefaultClient.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- return resp
- }
- func TestHTTPLogin(t *testing.T) {
- t.Parallel()
- httpGetBasicAuth := func(url string, username string, password string) *http.Response {
- return httpGet(url, username, password, "", "", nil, t)
- }
- httpGetXapikey := func(url string, xapikeyHeader string) *http.Response {
- return httpGet(url, "", "", xapikeyHeader, "", nil, t)
- }
- httpGetAuthorizationBearer := func(url string, bearer string) *http.Response {
- return httpGet(url, "", "", "", bearer, nil, t)
- }
- testWith := func(sendBasicAuthPrompt bool, expectedOkStatus int, expectedFailStatus int, path string) {
- cfg := newMockedConfig()
- cfg.GUIReturns(config.GUIConfiguration{
- User: "üser",
- Password: "$2a$10$IdIZTxTg/dCNuNEGlmLynOjqg4B1FvDKuIV5e0BB3pnWVHNb8.GSq", // bcrypt of "räksmörgås" in UTF-8
- RawAddress: "127.0.0.1:0",
- APIKey: testAPIKey,
- SendBasicAuthPrompt: sendBasicAuthPrompt,
- })
- baseURL, cancel, err := startHTTP(cfg)
- if err != nil {
- t.Fatal(err)
- }
- t.Cleanup(cancel)
- url := baseURL + path
- t.Run(fmt.Sprintf("%d path", expectedOkStatus), func(t *testing.T) {
- t.Run("no auth is rejected", func(t *testing.T) {
- t.Parallel()
- resp := httpGetBasicAuth(url, "", "")
- if resp.StatusCode != expectedFailStatus {
- t.Errorf("Unexpected non-%d return code %d for unauthed request", expectedFailStatus, resp.StatusCode)
- }
- if hasSessionCookie(resp.Cookies()) {
- t.Errorf("Unexpected session cookie for unauthed request")
- }
- })
- t.Run("incorrect password is rejected", func(t *testing.T) {
- t.Parallel()
- resp := httpGetBasicAuth(url, "üser", "rksmrgs")
- if resp.StatusCode != expectedFailStatus {
- t.Errorf("Unexpected non-%d return code %d for incorrect password", expectedFailStatus, resp.StatusCode)
- }
- if hasSessionCookie(resp.Cookies()) {
- t.Errorf("Unexpected session cookie for incorrect password")
- }
- })
- t.Run("incorrect username is rejected", func(t *testing.T) {
- t.Parallel()
- resp := httpGetBasicAuth(url, "user", "räksmörgås") // string literals in Go source code are in UTF-8
- if resp.StatusCode != expectedFailStatus {
- t.Errorf("Unexpected non-%d return code %d for incorrect username", expectedFailStatus, resp.StatusCode)
- }
- if hasSessionCookie(resp.Cookies()) {
- t.Errorf("Unexpected session cookie for incorrect username")
- }
- })
- t.Run("UTF-8 auth works", func(t *testing.T) {
- t.Parallel()
- resp := httpGetBasicAuth(url, "üser", "räksmörgås") // string literals in Go source code are in UTF-8
- if resp.StatusCode != expectedOkStatus {
- t.Errorf("Unexpected non-%d return code %d for authed request (UTF-8)", expectedOkStatus, resp.StatusCode)
- }
- if !hasSessionCookie(resp.Cookies()) {
- t.Errorf("Expected session cookie for authed request (UTF-8)")
- }
- })
- t.Run("ISO-8859-1 auth works", func(t *testing.T) {
- t.Parallel()
- resp := httpGetBasicAuth(url, "\xfcser", "r\xe4ksm\xf6rg\xe5s") // escaped ISO-8859-1
- if resp.StatusCode != expectedOkStatus {
- t.Errorf("Unexpected non-%d return code %d for authed request (ISO-8859-1)", expectedOkStatus, resp.StatusCode)
- }
- if !hasSessionCookie(resp.Cookies()) {
- t.Errorf("Expected session cookie for authed request (ISO-8859-1)")
- }
- })
- t.Run("bad X-API-Key is rejected", func(t *testing.T) {
- t.Parallel()
- resp := httpGetXapikey(url, testAPIKey+"X")
- if resp.StatusCode != expectedFailStatus {
- t.Errorf("Unexpected non-%d return code %d for bad API key", expectedFailStatus, resp.StatusCode)
- }
- if hasSessionCookie(resp.Cookies()) {
- t.Errorf("Unexpected session cookie for bad API key")
- }
- })
- t.Run("good X-API-Key is accepted", func(t *testing.T) {
- t.Parallel()
- resp := httpGetXapikey(url, testAPIKey)
- if resp.StatusCode != expectedOkStatus {
- t.Errorf("Unexpected non-%d return code %d for API key", expectedOkStatus, resp.StatusCode)
- }
- if hasSessionCookie(resp.Cookies()) {
- t.Errorf("Unexpected session cookie for API key")
- }
- })
- t.Run("bad Bearer is rejected", func(t *testing.T) {
- t.Parallel()
- resp := httpGetAuthorizationBearer(url, testAPIKey+"X")
- if resp.StatusCode != expectedFailStatus {
- t.Errorf("Unexpected non-%d return code %d for bad Authorization: Bearer", expectedFailStatus, resp.StatusCode)
- }
- if hasSessionCookie(resp.Cookies()) {
- t.Errorf("Unexpected session cookie for bad Authorization: Bearer")
- }
- })
- t.Run("good Bearer is accepted", func(t *testing.T) {
- t.Parallel()
- resp := httpGetAuthorizationBearer(url, testAPIKey)
- if resp.StatusCode != expectedOkStatus {
- t.Errorf("Unexpected non-%d return code %d for Authorization: Bearer", expectedOkStatus, resp.StatusCode)
- }
- if hasSessionCookie(resp.Cookies()) {
- t.Errorf("Unexpected session cookie for bad Authorization: Bearer")
- }
- })
- })
- }
- testWith(true, http.StatusOK, http.StatusOK, "/")
- testWith(true, http.StatusOK, http.StatusUnauthorized, "/meta.js")
- testWith(true, http.StatusNotFound, http.StatusUnauthorized, "/any-path/that/does/nooooooot/match-any/noauth-pattern")
- testWith(false, http.StatusOK, http.StatusOK, "/")
- testWith(false, http.StatusOK, http.StatusForbidden, "/meta.js")
- testWith(false, http.StatusNotFound, http.StatusForbidden, "/any-path/that/does/nooooooot/match-any/noauth-pattern")
- }
- func TestHtmlFormLogin(t *testing.T) {
- t.Parallel()
- cfg := newMockedConfig()
- cfg.GUIReturns(config.GUIConfiguration{
- User: "üser",
- Password: "$2a$10$IdIZTxTg/dCNuNEGlmLynOjqg4B1FvDKuIV5e0BB3pnWVHNb8.GSq", // bcrypt of "räksmörgås" in UTF-8
- SendBasicAuthPrompt: false,
- })
- baseURL, cancel, err := startHTTP(cfg)
- if err != nil {
- t.Fatal(err)
- }
- t.Cleanup(cancel)
- loginUrl := baseURL + "/rest/noauth/auth/password"
- resourceUrl := baseURL + "/meta.js"
- resourceUrl404 := baseURL + "/any-path/that/does/nooooooot/match-any/noauth-pattern"
- performLogin := func(username string, password string) *http.Response {
- return httpPost(loginUrl, map[string]string{"username": username, "password": password}, t)
- }
- performResourceRequest := func(url string, cookies []*http.Cookie) *http.Response {
- return httpGet(url, "", "", "", "", cookies, t)
- }
- testNoAuthPath := func(noAuthPath string) {
- t.Run("auth is not needed for "+noAuthPath, func(t *testing.T) {
- t.Parallel()
- resp := httpGet(baseURL+noAuthPath, "", "", "", "", nil, t)
- if resp.StatusCode != http.StatusOK {
- t.Errorf("Unexpected non-200 return code %d at %s", resp.StatusCode, noAuthPath)
- }
- if hasSessionCookie(resp.Cookies()) {
- t.Errorf("Unexpected session cookie at " + noAuthPath)
- }
- })
- }
- testNoAuthPath("/index.html")
- testNoAuthPath("/rest/svc/lang")
- t.Run("incorrect password is rejected with 403", func(t *testing.T) {
- t.Parallel()
- resp := performLogin("üser", "rksmrgs") // string literals in Go source code are in UTF-8
- if resp.StatusCode != http.StatusForbidden {
- t.Errorf("Unexpected non-403 return code %d for incorrect password", resp.StatusCode)
- }
- if hasSessionCookie(resp.Cookies()) {
- t.Errorf("Unexpected session cookie for incorrect password")
- }
- resp = performResourceRequest(resourceUrl, resp.Cookies())
- if resp.StatusCode != http.StatusForbidden {
- t.Errorf("Unexpected non-403 return code %d for incorrect password", resp.StatusCode)
- }
- })
- t.Run("incorrect username is rejected with 403", func(t *testing.T) {
- t.Parallel()
- resp := performLogin("user", "räksmörgås") // string literals in Go source code are in UTF-8
- if resp.StatusCode != http.StatusForbidden {
- t.Errorf("Unexpected non-403 return code %d for incorrect username", resp.StatusCode)
- }
- if hasSessionCookie(resp.Cookies()) {
- t.Errorf("Unexpected session cookie for incorrect username")
- }
- resp = performResourceRequest(resourceUrl, resp.Cookies())
- if resp.StatusCode != http.StatusForbidden {
- t.Errorf("Unexpected non-403 return code %d for incorrect username", resp.StatusCode)
- }
- })
- t.Run("UTF-8 auth works", func(t *testing.T) {
- t.Parallel()
- // JSON is always UTF-8, so ISO-8859-1 case is not applicable
- resp := performLogin("üser", "räksmörgås") // string literals in Go source code are in UTF-8
- if resp.StatusCode != http.StatusNoContent {
- t.Errorf("Unexpected non-204 return code %d for authed request (UTF-8)", resp.StatusCode)
- }
- resp = performResourceRequest(resourceUrl, resp.Cookies())
- if resp.StatusCode != http.StatusOK {
- t.Errorf("Unexpected non-200 return code %d for authed request (UTF-8)", resp.StatusCode)
- }
- })
- t.Run("form login is not applicable to other URLs", func(t *testing.T) {
- t.Parallel()
- resp := httpPost(baseURL+"/meta.js", map[string]string{"username": "üser", "password": "räksmörgås"}, t)
- if resp.StatusCode != http.StatusForbidden {
- t.Errorf("Unexpected non-403 return code %d for incorrect form login URL", resp.StatusCode)
- }
- if hasSessionCookie(resp.Cookies()) {
- t.Errorf("Unexpected session cookie for incorrect form login URL")
- }
- })
- t.Run("invalid URL returns 403 before auth and 404 after auth", func(t *testing.T) {
- t.Parallel()
- resp := performResourceRequest(resourceUrl404, nil)
- if resp.StatusCode != http.StatusForbidden {
- t.Errorf("Unexpected non-403 return code %d for unauthed request", resp.StatusCode)
- }
- resp = performLogin("üser", "räksmörgås")
- if resp.StatusCode != http.StatusNoContent {
- t.Errorf("Unexpected non-204 return code %d for authed request", resp.StatusCode)
- }
- resp = performResourceRequest(resourceUrl404, resp.Cookies())
- if resp.StatusCode != http.StatusNotFound {
- t.Errorf("Unexpected non-404 return code %d for authed request", resp.StatusCode)
- }
- })
- }
- func TestApiCache(t *testing.T) {
- t.Parallel()
- cfg := newMockedConfig()
- cfg.GUIReturns(config.GUIConfiguration{
- RawAddress: "127.0.0.1:0",
- APIKey: testAPIKey,
- })
- baseURL, cancel, err := startHTTP(cfg)
- if err != nil {
- t.Fatal(err)
- }
- t.Cleanup(cancel)
- httpGet := func(url string, bearer string) *http.Response {
- return httpGet(url, "", "", "", bearer, nil, t)
- }
- t.Run("meta.js has no-cache headers", func(t *testing.T) {
- t.Parallel()
- url := baseURL + "/meta.js"
- resp := httpGet(url, testAPIKey)
- if resp.Header.Get("Cache-Control") != "max-age=0, no-cache, no-store" {
- t.Errorf("Expected no-cache headers at %s", url)
- }
- })
- t.Run("/rest/ has no-cache headers", func(t *testing.T) {
- t.Parallel()
- url := baseURL + "/rest/system/version"
- resp := httpGet(url, testAPIKey)
- if resp.Header.Get("Cache-Control") != "max-age=0, no-cache, no-store" {
- t.Errorf("Expected no-cache headers at %s", url)
- }
- })
- }
- func startHTTP(cfg config.Wrapper) (string, context.CancelFunc, error) {
- m := new(modelmocks.Model)
- assetDir := "../../gui"
- eventSub := new(eventmocks.BufferedSubscription)
- diskEventSub := new(eventmocks.BufferedSubscription)
- discoverer := new(discovermocks.Manager)
- connections := new(connmocks.Service)
- errorLog := new(loggermocks.Recorder)
- systemLog := new(loggermocks.Recorder)
- for _, l := range []*loggermocks.Recorder{errorLog, systemLog} {
- l.SinceReturns([]logger.Line{
- {
- When: time.Now(),
- Message: "Test message",
- },
- })
- }
- addrChan := make(chan string)
- mockedSummary := &modelmocks.FolderSummaryService{}
- mockedSummary.SummaryReturns(new(model.FolderSummary), nil)
- // Instantiate the API service
- urService := ur.New(cfg, m, connections, false)
- mdb, _ := db.NewLowlevel(backend.OpenMemory(), events.NoopLogger)
- kdb := db.NewMiscDataNamespace(mdb)
- svc := New(protocol.LocalDeviceID, cfg, assetDir, "syncthing", m, eventSub, diskEventSub, events.NoopLogger, discoverer, connections, urService, mockedSummary, errorLog, systemLog, false, kdb).(*service)
- svc.started = addrChan
- // Actually start the API service
- supervisor := suture.New("API test", suture.Spec{
- PassThroughPanics: true,
- })
- supervisor.Add(svc)
- ctx, cancel := context.WithCancel(context.Background())
- supervisor.ServeBackground(ctx)
- // Make sure the API service is listening, and get the URL to use.
- addr := <-addrChan
- tcpAddr, err := net.ResolveTCPAddr("tcp", addr)
- if err != nil {
- cancel()
- return "", cancel, fmt.Errorf("weird address from API service: %w", err)
- }
- host, _, _ := net.SplitHostPort(cfg.GUI().RawAddress)
- if host == "" || host == "0.0.0.0" {
- host = "127.0.0.1"
- }
- baseURL := fmt.Sprintf("http://%s", net.JoinHostPort(host, strconv.Itoa(tcpAddr.Port)))
- return baseURL, cancel, nil
- }
- func TestCSRFRequired(t *testing.T) {
- t.Parallel()
- baseURL, cancel, err := startHTTP(apiCfg)
- if err != nil {
- t.Fatal("Unexpected error from getting base URL:", err)
- }
- t.Cleanup(cancel)
- cli := &http.Client{
- Timeout: time.Minute,
- }
- // Getting the base URL (i.e. "/") should succeed.
- resp, err := cli.Get(baseURL)
- if err != nil {
- t.Fatal("Unexpected error from getting base URL:", err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- t.Fatal("Getting base URL should succeed, not", resp.Status)
- }
- // Find the returned CSRF token for future use
- var csrfTokenName, csrfTokenValue string
- for _, cookie := range resp.Cookies() {
- if strings.HasPrefix(cookie.Name, "CSRF-Token") {
- csrfTokenName = cookie.Name
- csrfTokenValue = cookie.Value
- break
- }
- }
- if csrfTokenValue == "" {
- t.Fatal("Failed to initialize CSRF test: no CSRF cookie returned from " + baseURL)
- }
- t.Run("/rest without a token should fail", func(t *testing.T) {
- t.Parallel()
- resp, err := cli.Get(baseURL + "/rest/system/config")
- if err != nil {
- t.Fatal("Unexpected error from getting /rest/system/config:", err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusForbidden {
- t.Fatal("Getting /rest/system/config without CSRF token should fail, not", resp.Status)
- }
- })
- t.Run("/rest with a token should succeed", func(t *testing.T) {
- t.Parallel()
- req, _ := http.NewRequest("GET", baseURL+"/rest/system/config", nil)
- req.Header.Set("X-"+csrfTokenName, csrfTokenValue)
- resp, err := cli.Do(req)
- if err != nil {
- t.Fatal("Unexpected error from getting /rest/system/config:", err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- t.Fatal("Getting /rest/system/config with CSRF token should succeed, not", resp.Status)
- }
- })
- t.Run("/rest with an incorrect API key should fail, X-API-Key version", func(t *testing.T) {
- t.Parallel()
- req, _ := http.NewRequest("GET", baseURL+"/rest/system/config", nil)
- req.Header.Set("X-API-Key", testAPIKey+"X")
- resp, err := cli.Do(req)
- if err != nil {
- t.Fatal("Unexpected error from getting /rest/system/config:", err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusForbidden {
- t.Fatal("Getting /rest/system/config with incorrect API token should fail, not", resp.Status)
- }
- })
- t.Run("/rest with an incorrect API key should fail, Bearer auth version", func(t *testing.T) {
- t.Parallel()
- req, _ := http.NewRequest("GET", baseURL+"/rest/system/config", nil)
- req.Header.Set("Authorization", "Bearer "+testAPIKey+"X")
- resp, err := cli.Do(req)
- if err != nil {
- t.Fatal("Unexpected error from getting /rest/system/config:", err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusForbidden {
- t.Fatal("Getting /rest/system/config with incorrect API token should fail, not", resp.Status)
- }
- })
- t.Run("/rest with the API key should succeed", func(t *testing.T) {
- t.Parallel()
- req, _ := http.NewRequest("GET", baseURL+"/rest/system/config", nil)
- req.Header.Set("X-API-Key", testAPIKey)
- resp, err := cli.Do(req)
- if err != nil {
- t.Fatal("Unexpected error from getting /rest/system/config:", err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- t.Fatal("Getting /rest/system/config with API key should succeed, not", resp.Status)
- }
- })
- t.Run("/rest with the API key as a bearer token should succeed", func(t *testing.T) {
- t.Parallel()
- req, _ := http.NewRequest("GET", baseURL+"/rest/system/config", nil)
- req.Header.Set("Authorization", "Bearer "+testAPIKey)
- resp, err := cli.Do(req)
- if err != nil {
- t.Fatal("Unexpected error from getting /rest/system/config:", err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- t.Fatal("Getting /rest/system/config with API key should succeed, not", resp.Status)
- }
- })
- }
- func TestRandomString(t *testing.T) {
- t.Parallel()
- baseURL, cancel, err := startHTTP(apiCfg)
- if err != nil {
- t.Fatal(err)
- }
- defer cancel()
- cli := &http.Client{
- Timeout: time.Second,
- }
- // The default should be to return a 32 character random string
- for _, url := range []string{"/rest/svc/random/string", "/rest/svc/random/string?length=-1", "/rest/svc/random/string?length=yo"} {
- req, _ := http.NewRequest("GET", baseURL+url, nil)
- req.Header.Set("X-API-Key", testAPIKey)
- resp, err := cli.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- var res map[string]string
- if err := json.NewDecoder(resp.Body).Decode(&res); err != nil {
- t.Fatal(err)
- }
- if len(res["random"]) != 32 {
- t.Errorf("Expected 32 random characters, got %q of length %d", res["random"], len(res["random"]))
- }
- }
- // We can ask for a different length if we like
- req, _ := http.NewRequest("GET", baseURL+"/rest/svc/random/string?length=27", nil)
- req.Header.Set("X-API-Key", testAPIKey)
- resp, err := cli.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- var res map[string]string
- if err := json.NewDecoder(resp.Body).Decode(&res); err != nil {
- t.Fatal(err)
- }
- if len(res["random"]) != 27 {
- t.Errorf("Expected 27 random characters, got %q of length %d", res["random"], len(res["random"]))
- }
- }
- func TestConfigPostOK(t *testing.T) {
- t.Parallel()
- cfg := bytes.NewBuffer([]byte(`{
- "version": 15,
- "folders": [
- {
- "id": "foo",
- "path": "TestConfigPostOK"
- }
- ]
- }`))
- resp, err := testConfigPost(cfg)
- if err != nil {
- t.Fatal(err)
- }
- if resp.StatusCode != http.StatusOK {
- t.Error("Expected 200 OK, not", resp.Status)
- }
- os.RemoveAll("TestConfigPostOK")
- }
- func TestConfigPostDupFolder(t *testing.T) {
- t.Parallel()
- cfg := bytes.NewBuffer([]byte(`{
- "version": 15,
- "folders": [
- {"id": "foo"},
- {"id": "foo"}
- ]
- }`))
- resp, err := testConfigPost(cfg)
- if err != nil {
- t.Fatal(err)
- }
- if resp.StatusCode != http.StatusBadRequest {
- t.Error("Expected 400 Bad Request, not", resp.Status)
- }
- }
- func testConfigPost(data io.Reader) (*http.Response, error) {
- baseURL, cancel, err := startHTTP(apiCfg)
- if err != nil {
- return nil, err
- }
- defer cancel()
- cli := &http.Client{
- Timeout: time.Second,
- }
- req, _ := http.NewRequest("POST", baseURL+"/rest/system/config", data)
- req.Header.Set("X-API-Key", testAPIKey)
- return cli.Do(req)
- }
- func TestHostCheck(t *testing.T) {
- t.Parallel()
- // An API service bound to localhost should reject non-localhost host Headers
- cfg := newMockedConfig()
- cfg.GUIReturns(config.GUIConfiguration{RawAddress: "127.0.0.1:0"})
- baseURL, cancel, err := startHTTP(cfg)
- if err != nil {
- t.Fatal(err)
- }
- defer cancel()
- // A normal HTTP get to the localhost-bound service should succeed
- resp, err := http.Get(baseURL)
- if err != nil {
- t.Fatal(err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- t.Error("Regular HTTP get: expected 200 OK, not", resp.Status)
- }
- // A request with a suspicious Host header should fail
- req, _ := http.NewRequest("GET", baseURL, nil)
- req.Host = "example.com"
- resp, err = http.DefaultClient.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusForbidden {
- t.Error("Suspicious Host header: expected 403 Forbidden, not", resp.Status)
- }
- // A request with an explicit "localhost:8384" Host header should pass
- req, _ = http.NewRequest("GET", baseURL, nil)
- req.Host = "localhost:8384"
- resp, err = http.DefaultClient.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- t.Error("Explicit localhost:8384: expected 200 OK, not", resp.Status)
- }
- // A request with an explicit "localhost" Host header (no port) should pass
- req, _ = http.NewRequest("GET", baseURL, nil)
- req.Host = "localhost"
- resp, err = http.DefaultClient.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- t.Error("Explicit localhost: expected 200 OK, not", resp.Status)
- }
- // A server with InsecureSkipHostCheck set behaves differently
- cfg = newMockedConfig()
- cfg.GUIReturns(config.GUIConfiguration{
- RawAddress: "127.0.0.1:0",
- InsecureSkipHostCheck: true,
- })
- baseURL, cancel, err = startHTTP(cfg)
- if err != nil {
- t.Fatal(err)
- }
- defer cancel()
- // A request with a suspicious Host header should be allowed
- req, _ = http.NewRequest("GET", baseURL, nil)
- req.Host = "example.com"
- resp, err = http.DefaultClient.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- t.Error("Incorrect host header, check disabled: expected 200 OK, not", resp.Status)
- }
- if !testing.Short() {
- // A server bound to a wildcard address also doesn't do the check
- cfg = newMockedConfig()
- cfg.GUIReturns(config.GUIConfiguration{
- RawAddress: "0.0.0.0:0",
- })
- baseURL, cancel, err = startHTTP(cfg)
- if err != nil {
- t.Fatal(err)
- }
- defer cancel()
- // A request with a suspicious Host header should be allowed
- req, _ = http.NewRequest("GET", baseURL, nil)
- req.Host = "example.com"
- resp, err = http.DefaultClient.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- t.Error("Incorrect host header, wildcard bound: expected 200 OK, not", resp.Status)
- }
- }
- // This should all work over IPv6 as well
- if runningInContainer() {
- // Working IPv6 in Docker can't be taken for granted.
- return
- }
- cfg = newMockedConfig()
- cfg.GUIReturns(config.GUIConfiguration{
- RawAddress: "[::1]:0",
- })
- baseURL, cancel, err = startHTTP(cfg)
- if err != nil {
- t.Fatal(err)
- }
- defer cancel()
- // A normal HTTP get to the localhost-bound service should succeed
- resp, err = http.Get(baseURL)
- if err != nil {
- t.Fatal(err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- t.Error("Regular HTTP get (IPv6): expected 200 OK, not", resp.Status)
- }
- // A request with a suspicious Host header should fail
- req, _ = http.NewRequest("GET", baseURL, nil)
- req.Host = "example.com"
- resp, err = http.DefaultClient.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusForbidden {
- t.Error("Suspicious Host header (IPv6): expected 403 Forbidden, not", resp.Status)
- }
- // A request with an explicit "localhost:8384" Host header should pass
- req, _ = http.NewRequest("GET", baseURL, nil)
- req.Host = "localhost:8384"
- resp, err = http.DefaultClient.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- t.Error("Explicit localhost:8384 (IPv6): expected 200 OK, not", resp.Status)
- }
- }
- func TestAddressIsLocalhost(t *testing.T) {
- t.Parallel()
- testcases := []struct {
- address string
- result bool
- }{
- // These are all valid localhost addresses
- {"localhost", true},
- {"LOCALHOST", true},
- {"localhost.", true},
- {"::1", true},
- {"127.0.0.1", true},
- {"127.23.45.56", true},
- {"localhost:8080", true},
- {"LOCALHOST:8000", true},
- {"localhost.:8080", true},
- {"[::1]:8080", true},
- {"127.0.0.1:8080", true},
- {"127.23.45.56:8080", true},
- {"www.localhost", true},
- {"www.localhost:8080", true},
- // These are all non-localhost addresses
- {"example.com", false},
- {"example.com:8080", false},
- {"localhost.com", false},
- {"localhost.com:8080", false},
- {"192.0.2.10", false},
- {"192.0.2.10:8080", false},
- {"0.0.0.0", false},
- {"0.0.0.0:8080", false},
- {"::", false},
- {"[::]:8080", false},
- {":8080", false},
- }
- for _, tc := range testcases {
- result := addressIsLocalhost(tc.address)
- if result != tc.result {
- t.Errorf("addressIsLocalhost(%q)=%v, expected %v", tc.address, result, tc.result)
- }
- }
- }
- func TestAccessControlAllowOriginHeader(t *testing.T) {
- t.Parallel()
- baseURL, cancel, err := startHTTP(apiCfg)
- if err != nil {
- t.Fatal(err)
- }
- defer cancel()
- cli := &http.Client{
- Timeout: time.Second,
- }
- req, _ := http.NewRequest("GET", baseURL+"/rest/system/status", nil)
- req.Header.Set("X-API-Key", testAPIKey)
- resp, err := cli.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- t.Fatal("GET on /rest/system/status should succeed, not", resp.Status)
- }
- if resp.Header.Get("Access-Control-Allow-Origin") != "*" {
- t.Fatal("GET on /rest/system/status should return a 'Access-Control-Allow-Origin: *' header")
- }
- }
- func TestOptionsRequest(t *testing.T) {
- t.Parallel()
- baseURL, cancel, err := startHTTP(apiCfg)
- if err != nil {
- t.Fatal(err)
- }
- defer cancel()
- cli := &http.Client{
- Timeout: time.Second,
- }
- req, _ := http.NewRequest("OPTIONS", baseURL+"/rest/system/status", nil)
- resp, err := cli.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- resp.Body.Close()
- if resp.StatusCode != http.StatusNoContent {
- t.Fatal("OPTIONS on /rest/system/status should succeed, not", resp.Status)
- }
- if resp.Header.Get("Access-Control-Allow-Origin") != "*" {
- t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Origin: *' header")
- }
- if resp.Header.Get("Access-Control-Allow-Methods") != "GET, POST, PUT, PATCH, DELETE, OPTIONS" {
- t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS' header")
- }
- if resp.Header.Get("Access-Control-Allow-Headers") != "Content-Type, X-API-Key" {
- t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Headers: Content-Type, X-API-KEY' header")
- }
- }
- func TestEventMasks(t *testing.T) {
- t.Parallel()
- cfg := newMockedConfig()
- defSub := new(eventmocks.BufferedSubscription)
- diskSub := new(eventmocks.BufferedSubscription)
- mdb, _ := db.NewLowlevel(backend.OpenMemory(), events.NoopLogger)
- kdb := db.NewMiscDataNamespace(mdb)
- svc := New(protocol.LocalDeviceID, cfg, "", "syncthing", nil, defSub, diskSub, events.NoopLogger, nil, nil, nil, nil, nil, nil, false, kdb).(*service)
- if mask := svc.getEventMask(""); mask != DefaultEventMask {
- t.Errorf("incorrect default mask %x != %x", int64(mask), int64(DefaultEventMask))
- }
- expected := events.FolderSummary | events.LocalChangeDetected
- if mask := svc.getEventMask("FolderSummary,LocalChangeDetected"); mask != expected {
- t.Errorf("incorrect parsed mask %x != %x", int64(mask), int64(expected))
- }
- expected = 0
- if mask := svc.getEventMask("WeirdEvent,something else that doesn't exist"); mask != expected {
- t.Errorf("incorrect parsed mask %x != %x", int64(mask), int64(expected))
- }
- if res := svc.getEventSub(DefaultEventMask); res != defSub {
- t.Errorf("should have returned the given default event sub")
- }
- if res := svc.getEventSub(DiskEventMask); res != diskSub {
- t.Errorf("should have returned the given disk event sub")
- }
- if res := svc.getEventSub(events.LocalIndexUpdated); res == nil || res == defSub || res == diskSub {
- t.Errorf("should have returned a valid, non-default event sub")
- }
- }
- func TestBrowse(t *testing.T) {
- t.Parallel()
- pathSep := string(os.PathSeparator)
- ffs := fs.NewFilesystem(fs.FilesystemTypeFake, rand.String(32)+"?nostfolder=true")
- _ = ffs.Mkdir("dir", 0o755)
- _ = fs.WriteFile(ffs, "file", []byte("hello"), 0o644)
- _ = ffs.Mkdir("MiXEDCase", 0o755)
- // We expect completion to return the full path to the completed
- // directory, with an ending slash.
- dirPath := "dir" + pathSep
- mixedCaseDirPath := "MiXEDCase" + pathSep
- cases := []struct {
- current string
- returns []string
- }{
- // The directory without slash is completed to one with slash.
- {"dir", []string{"dir" + pathSep}},
- // With slash it's completed to its contents.
- // Dirs are given pathSeps.
- // Files are not returned.
- {"", []string{mixedCaseDirPath, dirPath}},
- // Globbing is automatic based on prefix.
- {"d", []string{dirPath}},
- {"di", []string{dirPath}},
- {"dir", []string{dirPath}},
- {"f", nil},
- {"q", nil},
- // Globbing is case-insensitive
- {"mixed", []string{mixedCaseDirPath}},
- }
- for _, tc := range cases {
- ret := browseFiles(ffs, tc.current)
- if !slices.Equal(ret, tc.returns) {
- t.Errorf("browseFiles(%q) => %q, expected %q", tc.current, ret, tc.returns)
- }
- }
- }
- func TestPrefixMatch(t *testing.T) {
- t.Parallel()
- cases := []struct {
- s string
- prefix string
- expected int
- }{
- {"aaaA", "aaa", matchExact},
- {"AAAX", "BBB", noMatch},
- {"AAAX", "aAa", matchCaseIns},
- {"äÜX", "äü", matchCaseIns},
- }
- for _, tc := range cases {
- ret := checkPrefixMatch(tc.s, tc.prefix)
- if ret != tc.expected {
- t.Errorf("checkPrefixMatch(%q, %q) => %v, expected %v", tc.s, tc.prefix, ret, tc.expected)
- }
- }
- }
- func TestShouldRegenerateCertificate(t *testing.T) {
- // Self signed certificates expiring in less than a month are errored so we
- // can regenerate in time.
- crt, err := tlsutil.NewCertificateInMemory("foo.example.com", 29)
- if err != nil {
- t.Fatal(err)
- }
- if err := shouldRegenerateCertificate(crt); err == nil {
- t.Error("expected expiry error")
- }
- // Certificates with at least 31 days of life left are fine.
- crt, err = tlsutil.NewCertificateInMemory("foo.example.com", 31)
- if err != nil {
- t.Fatal(err)
- }
- if err := shouldRegenerateCertificate(crt); err != nil {
- t.Error("expected no error:", err)
- }
- if build.IsDarwin {
- // Certificates with too long an expiry time are not allowed on macOS
- crt, err = tlsutil.NewCertificateInMemory("foo.example.com", 1000)
- if err != nil {
- t.Fatal(err)
- }
- if err := shouldRegenerateCertificate(crt); err == nil {
- t.Error("expected expiry error")
- }
- }
- }
- func TestConfigChanges(t *testing.T) {
- t.Parallel()
- const testAPIKey = "foobarbaz"
- cfg := config.Configuration{
- GUI: config.GUIConfiguration{
- RawAddress: "127.0.0.1:0",
- RawUseTLS: false,
- APIKey: testAPIKey,
- },
- }
- tmpFile, err := os.CreateTemp("", "syncthing-testConfig-")
- if err != nil {
- panic(err)
- }
- defer os.Remove(tmpFile.Name())
- w := config.Wrap(tmpFile.Name(), cfg, protocol.LocalDeviceID, events.NoopLogger)
- tmpFile.Close()
- cfgCtx, cfgCancel := context.WithCancel(context.Background())
- go w.Serve(cfgCtx)
- defer cfgCancel()
- baseURL, cancel, err := startHTTP(w)
- if err != nil {
- t.Fatal("Unexpected error from getting base URL:", err)
- }
- defer cancel()
- cli := &http.Client{
- Timeout: time.Minute,
- }
- do := func(req *http.Request, status int) *http.Response {
- t.Helper()
- req.Header.Set("X-API-Key", testAPIKey)
- resp, err := cli.Do(req)
- if err != nil {
- t.Fatal(err)
- }
- if resp.StatusCode != status {
- t.Errorf("Expected status %v, got %v", status, resp.StatusCode)
- }
- return resp
- }
- mod := func(method, path string, data interface{}) {
- t.Helper()
- bs, err := json.Marshal(data)
- if err != nil {
- t.Fatal(err)
- }
- req, _ := http.NewRequest(method, baseURL+path, bytes.NewReader(bs))
- do(req, http.StatusOK).Body.Close()
- }
- get := func(path string) *http.Response {
- t.Helper()
- req, _ := http.NewRequest(http.MethodGet, baseURL+path, nil)
- return do(req, http.StatusOK)
- }
- dev1Path := "/rest/config/devices/" + dev1.String()
- // Create device
- mod(http.MethodPut, "/rest/config/devices", []config.DeviceConfiguration{{DeviceID: dev1}})
- // Check its there
- get(dev1Path).Body.Close()
- // Modify just a single attribute
- mod(http.MethodPatch, dev1Path, map[string]bool{"Paused": true})
- // Check that attribute
- resp := get(dev1Path)
- var dev config.DeviceConfiguration
- if err := unmarshalTo(resp.Body, &dev); err != nil {
- t.Fatal(err)
- }
- if !dev.Paused {
- t.Error("Expected device to be paused")
- }
- folder2Path := "/rest/config/folders/folder2"
- // Create a folder and add another
- mod(http.MethodPut, "/rest/config/folders", []config.FolderConfiguration{{ID: "folder1", Path: "folder1"}})
- mod(http.MethodPut, folder2Path, config.FolderConfiguration{ID: "folder2", Path: "folder2"})
- // Check they are there
- get("/rest/config/folders/folder1").Body.Close()
- get(folder2Path).Body.Close()
- // Modify just a single attribute
- mod(http.MethodPatch, folder2Path, map[string]bool{"Paused": true})
- // Check that attribute
- resp = get(folder2Path)
- var folder config.FolderConfiguration
- if err := unmarshalTo(resp.Body, &folder); err != nil {
- t.Fatal(err)
- }
- if !dev.Paused {
- t.Error("Expected folder to be paused")
- }
- // Delete folder2
- req, _ := http.NewRequest(http.MethodDelete, baseURL+folder2Path, nil)
- do(req, http.StatusOK)
- // Check folder1 is still there and folder2 gone
- get("/rest/config/folders/folder1").Body.Close()
- req, _ = http.NewRequest(http.MethodGet, baseURL+folder2Path, nil)
- do(req, http.StatusNotFound)
- mod(http.MethodPatch, "/rest/config/options", map[string]int{"maxSendKbps": 50})
- resp = get("/rest/config/options")
- var opts config.OptionsConfiguration
- if err := unmarshalTo(resp.Body, &opts); err != nil {
- t.Fatal(err)
- }
- if opts.MaxSendKbps != 50 {
- t.Error("Expected 50 for MaxSendKbps, got", opts.MaxSendKbps)
- }
- }
- func TestSanitizedHostname(t *testing.T) {
- cases := []struct {
- in, out string
- }{
- {"foo.BAR-baz", "foo.bar-baz"},
- {"~.~-Min 1:a Räksmörgås-dator 😀😎 ~.~-", "min1araksmorgas-dator"},
- {"Vicenç-PC", "vicenc-pc"},
- {"~.~-~.~-", ""},
- {"", ""},
- }
- for _, tc := range cases {
- res, err := sanitizedHostname(tc.in)
- if tc.out == "" && err == nil {
- t.Errorf("%q should cause error", tc.in)
- } else if res != tc.out {
- t.Errorf("%q => %q, expected %q", tc.in, res, tc.out)
- }
- }
- }
- // runningInContainer returns true if we are inside Docker or LXC. It might
- // be prone to false negatives if things change in the future, but likely
- // not false positives.
- func runningInContainer() bool {
- if !build.IsLinux {
- return false
- }
- bs, err := os.ReadFile("/proc/1/cgroup")
- if err != nil {
- return false
- }
- if bytes.Contains(bs, []byte("/docker/")) {
- return true
- }
- if bytes.Contains(bs, []byte("/lxc/")) {
- return true
- }
- return false
- }
|