From 1d1c7dd86c35dc0f138393dee7aaf8431c3e0ce7 Mon Sep 17 00:00:00 2001
From: Shane Tomlinson <stomlinson@mozilla.com>
Date: Mon, 24 Sep 2012 14:13:23 +0100
Subject: [PATCH] Clean up the dialog unit tests.
* Further use of the testExpectGetFailure, testExpectGetSuccess, testRelativeURLNotAllowed and testMustBeAbsolutePath
---
.../test/cases/dialog/js/modules/dialog.js | 398 ++++--------------
1 file changed, 81 insertions(+), 317 deletions(-)
diff --git a/resources/static/test/cases/dialog/js/modules/dialog.js b/resources/static/test/cases/dialog/js/modules/dialog.js
index ee9fb9eaa..ca94b8128 100644
--- a/resources/static/test/cases/dialog/js/modules/dialog.js
+++ b/resources/static/test/cases/dialog/js/modules/dialog.js
@@ -72,13 +72,13 @@
});
}
- function testExpectGetFailure(options, expectedErrorMessage) {
+ function testExpectGetFailure(options, expectedErrorMessage, domain) {
_.extend(options, {
ready: function() {
testMessageNotExpected("kpi_data");
testMessageNotExpected("start");
- var retval = controller.get(HTTPS_TEST_DOMAIN, options);
+ var retval = controller.get(domain || HTTPS_TEST_DOMAIN, options);
if (expectedErrorMessage) {
equal(retval, expectedErrorMessage, "expected error: " + expectedErrorMessage);
@@ -87,6 +87,9 @@
ok(retval, "error message returned");
}
+ // If a parameter is not properly escaped, scriptRun will be true.
+ equal(typeof window.scriptRun, "undefined", "script was not run");
+
testErrorVisible();
start();
}
@@ -102,7 +105,7 @@
testExpectGetFailure(options, "must be an absolute path: (" + path + ")");
}
- function testExpectGetSuccess(options, expected) {
+ function testExpectGetSuccess(options, expected, domain, done) {
createController({
ready: function() {
var startInfo;
@@ -110,11 +113,14 @@
startInfo = info;
});
- var retval = controller.get(HTTP_TEST_DOMAIN, options);
+ var retval = controller.get(domain || HTTPS_TEST_DOMAIN, options);
testHelpers.testObjectValuesEqual(startInfo, expected);
equal(typeof retval, "undefined", "no error expected");
testErrorNotVisible();
+
+ done && done();
+
start();
}
});
@@ -263,154 +269,66 @@
asyncTest("get with relative termsOfService & valid privacyPolicy - print error screen", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- termsOfService: "relative.html",
- privacyPolicy: "/privacy.html"
- });
- equal(retval, "relative urls not allowed: (relative.html)", "expected error");
- testErrorVisible();
- start();
- }
- });
+ testRelativeURLNotAllowed({
+ termsOfService: "relative.html",
+ privacyPolicy: "/privacy.html"
+ }, "relative.html");
});
asyncTest("get with script containing termsOfService - print error screen", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- termsOfService: "relative.html<script>window.scriptRun=true;</script>",
- privacyPolicy: "/privacy.html"
- });
-
- // If termsOfService is not properly escaped, scriptRun will be true.
- equal(typeof window.scriptRun, "undefined", "script was not run");
- equal(retval, "relative urls not allowed: (relative.html<script>window.scriptRun=true;</script>)", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var URL = "relative.html<script>window.scriptRun=true;</script>";
+ testRelativeURLNotAllowed({
+ termsOfService: URL,
+ privacyPolicy: "/privacy.html"
+ }, URL);
});
asyncTest("get with valid termsOfService & relative privacyPolicy - print error screen", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- termsOfService: "/tos.html",
- privacyPolicy: "relative.html"
- });
- equal(retval, "relative urls not allowed: (relative.html)", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var URL = "relative.html";
+ testRelativeURLNotAllowed({
+ termsOfService: "/tos.html",
+ privacyPolicy: URL
+ }, URL);
});
asyncTest("get with valid termsOfService & privacyPolicy='/' - print error screen", function() {
+ var URL = "/";
testRelativeURLNotAllowed({
termsOfService: "/tos.html",
- privacyPolicy: "/"
- }, "/");
+ privacyPolicy: URL
+ }, URL);
});
asyncTest("get with valid termsOfService='/' and valid privacyPolicy - print error screen", function() {
+ var URL = "/"
testRelativeURLNotAllowed({
- termsOfService: "/",
+ termsOfService: URL,
privacyPolicy: "/privacy.html"
- }, "/");
+ }, URL);
});
asyncTest("get with script containing privacyPolicy - print error screen", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- termsOfService: "/tos.html",
- privacyPolicy: "relative.html<script>window.scriptRun=true;</script>"
- });
-
- // If privacyPolicy is not properly escaped, scriptRun will be true.
- equal(typeof window.scriptRun, "undefined", "script was not run");
- equal(retval, "relative urls not allowed: (relative.html<script>window.scriptRun=true;</script>)", "expected error");
- testErrorVisible();
- start();
- }
- });
- });
-
- asyncTest("get with privacyPolicy - print error screen", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- termsOfService: "/tos.html",
- privacyPolicy: "relative.html<script>window.scriptRun=true;</script>"
- });
-
- // If privacyPolicy is not properly escaped, scriptRun will be true.
- equal(typeof window.scriptRun, "undefined", "script was not run");
- equal(retval, "relative urls not allowed: (relative.html<script>window.scriptRun=true;</script>)", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var URL = "relative.html<script>window.scriptRun=true;</script>";
+ testRelativeURLNotAllowed({
+ termsOfService: "/tos.html",
+ privacyPolicy: URL
+ }, URL);
});
asyncTest("get with javascript protocol for privacyPolicy - print error screen", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- termsOfService: "/tos.html",
- privacyPolicy: "javascript:alert(1)"
- });
-
- equal(retval, "relative urls not allowed: (javascript:alert(1))", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var URL = "javascript:alert(1)";
+ testRelativeURLNotAllowed({
+ termsOfService: "/tos.html",
+ privacyPolicy: URL
+ }, URL);
});
asyncTest("get with invalid httpg protocol for privacyPolicy - print error screen", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- termsOfService: "/tos.html",
- privacyPolicy: "httpg://testdomain.com/privacy.html"
- });
-
- equal(retval, "relative urls not allowed: (httpg://testdomain.com/privacy.html)", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var URL = "httpg://testdomain.com/privacy.html";
+ testRelativeURLNotAllowed({
+ termsOfService: "/tos.html",
+ privacyPolicy: URL
+ }, URL);
});
@@ -420,8 +338,8 @@
privacyPolicy: "/privacy.html"
},
{
- termsOfService: HTTP_TEST_DOMAIN + "/tos.html",
- privacyPolicy: HTTP_TEST_DOMAIN + "/privacy.html"
+ termsOfService: HTTPS_TEST_DOMAIN + "/tos.html",
+ privacyPolicy: HTTPS_TEST_DOMAIN + "/privacy.html"
});
});
@@ -456,159 +374,51 @@
privacyURL: "/privacy_deprecated.html"
},
{
- termsOfService: HTTP_TEST_DOMAIN + "/tos.html",
- privacyPolicy: HTTP_TEST_DOMAIN + "/privacy.html"
+ termsOfService: HTTPS_TEST_DOMAIN + "/tos.html",
+ privacyPolicy: HTTPS_TEST_DOMAIN + "/privacy.html"
});
});
asyncTest("get with relative siteLogo - not allowed", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- siteLogo: "logo.png",
- });
-
- equal(retval, "must be an absolute path: (logo.png)", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var URL = "logo.png";
+ testMustBeAbsolutePath({ siteLogo: URL }, URL);
});
asyncTest("get with javascript: siteLogo - not allowed", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- siteLogo: "javascript:alert('xss')",
- });
-
- equal(retval, "must be an absolute path: (javascript:alert('xss'))", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var URL = "javascript:alert('xss')";
+ testMustBeAbsolutePath({ siteLogo: URL }, URL);
});
asyncTest("get with data-uri: siteLogo - not allowed", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- siteLogo: "data:image/png,FAKEDATA",
- });
-
- equal(retval, "must be an absolute path: (data:image/png,FAKEDATA)", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var URL = "data:image/png,FAKEDATA";
+ testMustBeAbsolutePath({ siteLogo: URL }, URL);
});
asyncTest("get with http: siteLogo - not allowed", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- siteLogo: HTTP_TEST_DOMAIN + "://logo.png",
- });
-
- equal(retval, "must be an absolute path: (" + HTTP_TEST_DOMAIN + "://logo.png)", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var URL = HTTP_TEST_DOMAIN + "://logo.png";
+ testMustBeAbsolutePath({ siteLogo: URL }, URL);
});
asyncTest("get with https: siteLogo - not allowed", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- siteLogo: HTTPS_TEST_DOMAIN + "://logo.png",
- });
-
- equal(retval, "must be an absolute path: (" + HTTPS_TEST_DOMAIN + "://logo.png)", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var URL = HTTPS_TEST_DOMAIN + "://logo.png";
+ testMustBeAbsolutePath({ siteLogo: URL }, URL);
});
asyncTest("get with absolute path and http RP - not allowed", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var siteLogo = '/i/card.png';
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- siteLogo: siteLogo
- });
-
- equal(retval, "only https sites can specify a siteLogo", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var siteLogo = '/i/card.png';
+ testExpectGetFailure({ siteLogo: siteLogo }, "only https sites can specify a siteLogo", HTTP_TEST_DOMAIN);
});
asyncTest("get with absolute path that is too long - not allowed", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- // create a logo path that is one character too long
- var siteLogo = '/' + testHelpers.generateString(bid.PATH_MAX_LENGTH);
- var retval = controller.get(HTTPS_TEST_DOMAIN, {
- siteLogo: siteLogo
- });
-
- equal(retval, "path portion of a url must be < " + bid.PATH_MAX_LENGTH + " characters");
- testErrorVisible();
- start();
- }
- });
+ var siteLogo = '/' + testHelpers.generateString(bid.PATH_MAX_LENGTH);
+ testExpectGetFailure({ siteLogo: siteLogo }, "path portion of a url must be < " + bid.PATH_MAX_LENGTH + " characters");
});
asyncTest("get with absolute path causing too long of a URL - not allowed", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var shortHTTPSDomain = "https://test.com";
- // create a URL that is one character too long
- var siteLogo = '/' + testHelpers.generateString(bid.URL_MAX_LENGTH - shortHTTPSDomain.length);
- var retval = controller.get(shortHTTPSDomain, {
- siteLogo: siteLogo
- });
-
- equal(retval, "urls must be < " + bid.URL_MAX_LENGTH + " characters");
- testErrorVisible();
- start();
- }
- });
+ var shortHTTPSDomain = "https://test.com";
+ // create a URL that is one character too long
+ var siteLogo = '/' + testHelpers.generateString(bid.URL_MAX_LENGTH - shortHTTPSDomain.length);
+ testExpectGetFailure({ siteLogo: siteLogo }, "urls must be < " + bid.URL_MAX_LENGTH + " characters");
});
asyncTest("get with absolute path and https RP - allowed URL but is properly escaped", function() {
@@ -635,82 +445,36 @@
});
asyncTest("get with a scheme-relative siteLogo URL - not allowed", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "start should not have been called");
- });
-
- var retval = controller.get(HTTPS_TEST_DOMAIN, {
- siteLogo: "//example.com/image.png"
- });
-
- equal(retval, "must be an absolute path: (//example.com/image.png)", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var URL = "//example.com/image.png";
+ testMustBeAbsolutePath({ siteLogo: URL }, URL);
});
asyncTest("get with siteLogo='/' URL - not allowed", function() {
testMustBeAbsolutePath({ siteLogo: "/" }, "/");
});
- asyncTest("get with fully qualified URL for returnTo - not allowed", function() {
- createController({
- ready: function() {
- var URL = HTTP_TEST_DOMAIN + "/path";
-
- mediator.subscribe("start", function(msg, info) {
- ok(false, "unexpected start");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- returnTo: URL
- });
-
- equal(retval, "must be an absolute path: (" + URL + ")", "expected error");
- testErrorVisible();
- start();
- }
- });
+ asyncTest("get with fully qualified returnTo - not allowed", function() {
+ var URL = HTTPS_TEST_DOMAIN + "/path";
+ testMustBeAbsolutePath({ returnTo: URL }, URL);
});
asyncTest("get with a scheme-relative returnTo URL - not allowed", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- ok(false, "unexpected start");
- });
-
- var retval = controller.get(HTTP_TEST_DOMAIN, {
- returnTo: '//example.com/return'
- });
-
- equal(retval, "must be an absolute path: (//example.com/return)", "expected error");
- testErrorVisible();
- start();
- }
- });
+ var URL = '//example.com/return';
+ testMustBeAbsolutePath({ returnTo: URL }, URL);
});
asyncTest("get with absolute path returnTo - allowed", function() {
- createController({
- ready: function() {
- mediator.subscribe("start", function(msg, info) {
- equal(user.getReturnTo(), HTTPS_TEST_DOMAIN + "/path", "returnTo correctly set");
- start();
- });
-
- var retval = controller.get(HTTPS_TEST_DOMAIN, {
- returnTo: "/path"
- });
- }
+ testExpectGetSuccess({ returnTo: "/path"}, {}, undefined, function() {
+ equal(user.getReturnTo(),
+ HTTPS_TEST_DOMAIN + "/path", "returnTo correctly set");
});
});
asyncTest("get with returnTo='/' - allowed", function() {
- testExpectGetSuccess({ returnTo: "/"}, {});
+ testExpectGetSuccess({ returnTo: "/"}, {}, undefined, function() {
+ equal(user.getReturnTo(),
+ HTTPS_TEST_DOMAIN + "/", "returnTo correctly set");
+ });
});
asyncTest("get with valid rp_api - allowed", function() {
--
GitLab