• last updated 4 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Test ad_change_password

improved spelling

  1. … 2 more files in changeset.
Test all the cornercases of this api as intended, without using ad_tmpnam

Improve proc coverage

Make use of new API "ad_mktmpdir" and "ad_opentmpfile" instead of "ad_tmpnam"

  1. … 7 more files in changeset.
Centralize retrieval of the test URL

  1. … 5 more files in changeset.
tmpfile page contract filter reform:

do not allow acs-subsite TmpDir parameter to define where the tmpfolder is located anymore. This MUST be the one configured in the server-wide configuration. Tmpfiles cannot be in a subfolder of the tmpfolder, they MUST be direct children instead. A tmpfile MUST exist beforehand and be owned, be readable and writable by the user running the nsd process. This complies with the definition of a tmpfile by AolServer/NaviServer when they are created to store content coming from a file upload.

  1. … 4 more files in changeset.
Reimplement ad_page_contract_filter_proc_tmpfile using security::safe_tmpfile_p

Some of the features implemented by this filter have been ported into the api, namely the possibility to fetch the valid temp folders from the subsite TmpDir parameter and the possibility to relax the check and allow also files deeper in the tmpfolder hierachy.

Notably, the hardcoded tmpfolders "/var/tmp" and "/tmp" have NOT been ported. One should configure these values via the many available options. security::safe_tmpfile_p is also more restrictive when a file exists, because it checks for ownership and read and write permissions on the file.

  1. … 2 more files in changeset.
Add must_exist flag to enforce a safe tmpfile to already exist

  1. … 2 more files in changeset.
Introduce security::safe_tmpfile_p checking whether a file belongs to the configured tmpfolder and respects other constraints

The plan is to use it to improve input validations

  1. … 2 more files in changeset.
improve spelling

make listing of tested procs more complete

  1. … 18 more files in changeset.
Hack to force user agents logging in via the test api to exhibit a cookie based authentication

Test the use case supposedly supported by sec_change_user_auth_token: invalidate all existing login cookies (e.g. when the users change their password) so that all devices need to log in again

the test exposes a long standing regression (~17 years) where this was broken in order to support persistent login. See e.g. https://openacs.org/forums/message-view?message_id=1691183#msg_1691183

file security-procs.tcl was initially added on branch oacs-5-10.