aboutsummaryrefslogtreecommitdiffstats
path: root/spec
Commit message (Collapse)AuthorAgeFilesLines
* mod_disco: Advertise disco#info and #items on bare JIDs to fix #1664Kim Alvefur2023-12-171-0/+26
| | | | | | | | Having to add these in *there* places seems less than ideal. I would also think that advertising disco#info is a bit redundant, since it is a requirement for everything in XMPP and if it was missing you would get an error back.
* net.http.parser: Reject overlarge header section earlierKim Alvefur2023-08-231-0/+27
| | | | This case would eventually be rejected by the buffer size limit.
* util.array: Fix new() library functionKim Alvefur2023-07-221-0/+7
| | | | Backport of ffe4adbd2af9 since new was added in the 0.12 branch
* net.http.parser: Fix off-by-one error in chunk parserMatthew Wild2023-02-171-3/+50
|
* net.http.parser: Improve handling of responses without content-lengthMatthew Wild2023-02-091-3/+3
| | | | | | This ensures that we support responses without a content-length header, and allow streaming them through the streaming handler interface. An example of such a response would be Server-Sent Events streams.
* util.json: Accept empty arrays with whitespace (fixes #1782)Matthew Wild2022-11-041-0/+8
|
* util.jsonschema: Ignore test case for JavaScript specific detailKim Alvefur2022-10-091-0/+1
| | | | Also touching on how arrays are indistinguishable from tables in Lua
* util.jsonschema: Ignore some further test cases for URI referencesKim Alvefur2022-10-091-0/+5
| | | | Full-URI references are not implemented
* util.jsonschema: Sort test cases to skipKim Alvefur2022-10-091-7/+7
| | | | Piped trough `sort -g`
* storage tests: Add test for the archive:summary APIKim Alvefur2022-07-221-0/+17
| | | | | Passes with memory, internal, sqlite Fails with postgres as in #1766
* mod_bookmarks: Reduce error about not having bookmarks to debug (thanks tom)Kim Alvefur2022-07-261-0/+27
| | | | | | | | | | | | | | | This is happens if the account is new and doesn't have any bookmarks yet, which is not a problem. Rarely seen since most clients currently use the older version of XEP-0084 stored in XEP-0049 rather than in PEP, but at least one (Converse.js )does. One scenario in which this would show up often is with Converse.js as a guest chat using anonymous authentication, where all "accounts" would always be new and not have any bookmarks. This scenario probably does not need to have mod_bookmarks at all, but if enabled globally it would likely become loaded onto the VirtualHost unless explicitly disabled.
* util.datamapper: Improve handling of schemas with non-obvious "type"Kim Alvefur2022-07-081-3/+5
| | | | | | | | | | | | The JSON Schema specification says that schemas are objects or booleans, and that the 'type' property is optional and can be an array. This module previously allowed bare type names as schemas and did not really handle booleans. It now handles missing 'type' properties and boolean 'true' as a schema. Objects and arrays are guessed based on the presence of 'properties' or 'items' field.
* util.jsonschema: Fix validation to not assume presence of "type" fieldKim Alvefur2022-07-081-0/+102
| | | | | | | | | | | | | | | | | | | | | | MattJ reported a curious issue where validation did not work as expected. Primarily that the "type" field was expected to be mandatory, and thus leaving it out would result in no checks being performed. This was likely caused by misreading during initial development. Spent some time testing against https://github.com/json-schema-org/JSON-Schema-Test-Suite.git and discovered a multitude of issues, far too many to bother splitting into separate commits. More than half of them fail. Many because of features not implemented, which have been marked NYI. For example, some require deep comparisons e.g. when objects or arrays are present in enums fields. Some because of quirks with how Lua differs from JavaScript, e.g. no distinct array or object types. Tests involving fractional floating point numbers. We're definitely not going to follow references to remote resources. Or deal with UTF-16 sillyness. One test asserted that 1.0 is an integer, where Lua 5.3+ will disagree.
* util.jsonpointer: Add basic testsKim Alvefur2022-05-081-0/+38
| | | | Example values from RFC 6901
* util.argparse: Revise 553c6204fe5b with a different approachMatthew Wild2022-04-251-1/+1
| | | | | | The second return value is (not insensibly) assumed to be an error. Instead of returning a value there in the success case, copy the positional arguments into the existing opts table.
* Spelling: Fix various spelling mistakes (thanks timeless)Kim Alvefur2022-03-072-5/+5
| | | | | | Words, sometimes I wonder how they even work Maybe I missed something.
* util.bitcompat: Add some simple testsMatthew Wild2022-03-041-0/+27
|
* net.stun: tests: Remove stray print() from debuggingMatthew Wild2022-03-041-3/+0
|
* net.stun: Add tests for serialization/deserializationMatthew Wild2022-03-041-0/+100
|
* util.hex: Deprecate to/from in favour of encode/decode, for consistency!Matthew Wild2022-03-042-20/+20
|
* util.xml: Add an option to allow <?processing instructions?>Kim Alvefur2022-02-041-0/+7
| | | | | These should generally be safe to just ignore, which should be the default behavior of Expat and LuaExpat
* util.format: Skip control code escaping when doing full serializationKim Alvefur2022-01-271-2/+7
| | | | | | Fixes that a multi-line string ended up "like\ \9this" instead of "like\nthis" as can be demonstrated by somehow initiating a connection to a HTTP server.
* util.jid: Explicitly check for nil rather than falsyKim Alvefur2022-01-151-0/+11
| | | | A boolean false should blow up.
* util.xml: Do not allow doctypes, comments or processing instructionsJonas Schäfer2022-01-101-1/+33
| | | | | | | | | | | | | | | | | | Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.
* util.pubsub: Fix item store resize to "max"Kim Alvefur2022-01-061-0/+20
| | | | | Previously this would end up passing the "max" directly to the underlying storage.
* util.stanza: Cover :find method in testsKim Alvefur2021-12-311-0/+12
| | | | This method is a bit complex so good to have some test coverage
* util.stanza: Increase test coverage to cover validation errorsKim Alvefur2021-12-311-0/+25
|
* util_datamapper: Fix typo in unit testsKim Alvefur2021-12-291-1/+1
|
* util.datamapper: Add support for $ref pointersKim Alvefur2021-12-291-1/+3
| | | | Allows reuse of repetitive definitions in schemas.
* mod_tombstones: Add a very basic test caseKim Alvefur2021-12-232-0/+41
|
* mod_roster: pass correct username to roster-item-removedJonas Schäfer2021-12-221-0/+75
| | | | | | | | | | | The other invocations use it that way, and the only listener in trunk which uses it (in mod_presence) expects it that way. Passing the username of the JID from the removed entry causes incorrect unavailable presence stanzas to be sent, allegedly kicking people off MUCs. Fixes #1121.
* util.smqueue: Simplify compat table, fix dependent modules (thanks Martin)Kim Alvefur2021-12-161-0/+26
| | | | | | There was an off-by-one in the modulo calculation. Switching to a plain old array-table makes the apparent size of the queue wrong, but since some of the queue may not be available this is likely for the best.
* util.smqueue: Abstract queue with acknowledgements and overflowKim Alvefur2021-12-141-0/+55
| | | | | | | | Meant to be used in mod_smacks for XEP-0198 Meant to have a larger virtual size than actual number of items stored, on the theory that in most cases, the excess will be acked before needed for a resumption event.
* util.format: Ensure metatable __tostring results are also sanitizedKim Alvefur2021-12-131-0/+16
|
* util.format: Fix some formats expecting positive numbers in Lua 5.2Kim Alvefur2021-12-111-4/+4
| | | | Amazing how string.format behaves differently under each Lua version
* util.format: ALL THE TESTS!!!Kim Alvefur2021-12-111-0/+842
| | | | | | The more tests I made, the more Lua 5.1 quirks I discovered. Tests generated using a tool plus some touch-up.
* util.format: Also handle the %p format added in Lua 5.4Kim Alvefur2021-12-111-0/+9
|
* util.format: Ensure sanitation of strings passed to wrong formatKim Alvefur2021-12-111-0/+1
| | | | | | | | | Ie. log("debug", "%d", "\1\2\3") should not result in garbage. Also optimizing for the common case of ASCII string passed to %s and early returns everywhere. Returning nil from a gsub callback keeps the original substring.
* util.format: Escape invalid UTF-8 by passing trough serializationKim Alvefur2021-12-101-0/+4
| | | | | | Should prevent invalid UTF-8 from making it into the logs, which can cause trouble with terminals or log viewers or other tools, such as when grep determines that log files are binary.
* MUC: Remove <{muc}x> tags in some errorsKim Alvefur2021-12-082-4/+0
| | | | | Including the payload of the stanza that caused the error is optional and we're generally not doing it anywhere else.
* MUC: Remove remaining deprecated numeric error codesKim Alvefur2021-12-081-1/+1
| | | | | | The numeric error codes seems to have been removed from the examples in XEP-0045 version 1.24, and were deprecated even by RFC 3920 in 2004, only allowed for backwards compatibility.
* util.async tests: Explicitly import match from luassert (luacheck)Matthew Wild2021-11-291-0/+1
|
* util.async: Add next-tick configurationMatthew Wild2021-11-291-0/+46
| | | | | | | | Running woken runners in the next iteration of the event loop prevents unexpected recursion, unexpected tracebacks, and is generally more predictable. The pattern is borrowed from util.promise, where we're now doing the same.
* util.async: Add sleep() method with configurable scheduling backendMatthew Wild2021-11-291-0/+54
| | | | | | | | | No scheduler set by default, so it will error (we plan to initialize it in util.startup). We wanted to avoid a hard dependency on util.timer (which in turn depends on network backends, etc.), and we didn't add timer.sleep() because we didn't want to add a hard dependency on util.async for things that don't need it.
* util.promise: Fix testKim Alvefur2021-11-261-1/+1
| | | | | Could not reproduce locally but it complained in CI that > spec/util_promise_spec.lua:676: Cannot spy on type 'nil', only on functions or callable elements
* util.promise: Support delayed promise executionKim Alvefur2019-01-051-0/+14
|
* util.human.io: Fix cutting of UTF-8 into piecesKim Alvefur2021-11-121-0/+19
| | | | Down the rabbit hole we go...
* util.dataforms: Ensure larger integers are serialized as suchKim Alvefur2021-10-281-0/+6
| | | | | | | Assumes that most number fields are integers, as most numeric types listed in XEP-0122 are, as are all such fields in Prosody as of this. Otherwise %g produces something like 1.1259e+15
* util.dataforms: Scope integer handling testsKim Alvefur2021-10-261-26/+29
| | | | | So they're separate from the datetime tests, and any future validation tests
* util.dataforms: Turn number values into timestamps for datetime fieldsKim Alvefur2021-10-261-1/+1
| | | | Makes it symmetric with parsing.