Permalink
Browse files

Item14061: Cache was cleared by non-admin

  • Loading branch information...
1 parent 5df1654 commit e11b033f688684e90762ac33a907830daf9fd372 @gac410 gac410 committed May 1, 2016
Showing with 110 additions and 18 deletions.
  1. +108 −13 UnitTestContrib/test/unit/CacheTests.pm
  2. +2 −5 core/lib/Foswiki/PageCache.pm
@@ -63,7 +63,10 @@ sub fixture_groups {
\@page,
[ 'view', 'rest' ],
[ 'NoCompress', 'Compress' ],
- [ 'refresh_fire', 'refresh_on', 'refresh_cache', 'timing' ],
+ [
+ 'refresh_all', 'refresh_cache', 'refresh_fire', 'refresh_on',
+ 'timing'
+ ],
);
}
@@ -303,14 +306,18 @@ sub check_refresh {
my $pathinfo = shift;
my $refresh = shift;
+ my $user =
+ ( $refresh eq 'all' )
+ ? $Foswiki::cfg{AdminUserLogin}
+ : $this->{test_user_login};
+
$UI_FN ||= $this->getUIFn( $this->{uifn} );
$Foswiki::cfg{Cache}{Debug} = 1;
my $query = Unit::Request->new( { skin => ['none'], } );
$query->path_info($pathinfo);
$query->method('GET');
- $this->createNewFoswikiSession( $this->{test_user_login},
- $query, { $this->{uifn} => 1 } );
+ $this->createNewFoswikiSession( $user, $query, { $this->{uifn} => 1 } );
# This first request should *not* be satisfied from the cache, but
# the cache should be populated with the result.
@@ -324,8 +331,7 @@ sub check_refresh {
}
);
- $this->createNewFoswikiSession( $this->{test_user_login},
- $query, { $this->{uifn} => 1 } );
+ $this->createNewFoswikiSession( $user, $query, { $this->{uifn} => 1 } );
# This second request should be satisfied from the cache
# How do we know it was?
@@ -342,8 +348,7 @@ sub check_refresh {
$query = Unit::Request->new( { skin => ['none'], refresh => $refresh, } );
$query->path_info($pathinfo);
$query->method('GET');
- $this->createNewFoswikiSession( $this->{test_user_login},
- $query, { $this->{uifn} => 1 } );
+ $this->createNewFoswikiSession( $user, $query, { $this->{uifn} => 1 } );
# This third request with refresh should not be satisfied from the cache
# How do we know it was?
@@ -382,6 +387,11 @@ sub check_refresh {
return;
}
+sub refresh_all {
+ my $this = shift;
+ $this->{refresh} = 'all';
+}
+
sub refresh_on {
my $this = shift;
$this->{refresh} = 'on';
@@ -447,45 +457,99 @@ sub verify_utf8_topic {
sub test_refresh_all {
my $this = shift;
- SQLite();
+ SQLite(); # Initialized the cache
$Foswiki::cfg{Cache}{Enabled} = 1;
- my $pathinfo = "/";
+ my $pathinfo = "/System/FileAttribute";
$UI_FN ||= $this->getUIFn("view");
$Foswiki::cfg{Cache}{Debug} = 1;
- my $query = Unit::Request->new( { skin => ['none'], refresh => 'all', } );
+ # First, make sure the topic is in the cache.
+
+ my $query = Unit::Request->new( { skin => ['none'] } );
$query->path_info($pathinfo);
$query->method('GET');
$this->createNewFoswikiSession( $this->{test_user_login},
$query, { view => 1 } );
- my ( $one, $result, $stdout, $stderr ) = $this->capture(
+ my ( $junk, $result, $stdout, $stderr ) = $this->capture(
+ sub {
+ no strict 'refs';
+ &{$UI_FN}( $this->{session} );
+ use strict 'refs';
+ $Foswiki::engine->finalize( $this->{session}{response},
+ $this->{session}{request} );
+ }
+ );
+
+ # Now attempt a refresh=all, from a non-admin user
+ # it should fail with an oops exception
+
+ $query = Unit::Request->new( { skin => ['none'], refresh => 'all', } );
+ $query->path_info($pathinfo);
+ $query->method('GET');
+
+ #$this->createNewFoswikiSession( $Foswiki::cfg{AdminUserLogin},
+ $this->createNewFoswikiSession( $this->{test_user_login},
+ $query, { view => 1 } );
+
+ ( my $one, $result, $stdout, $stderr ) = $this->capture(
sub {
try {
no strict 'refs';
&{$UI_FN}( $this->{session} );
use strict 'refs';
$Foswiki::engine->finalize( $this->{session}{response},
$this->{session}{request} );
+ $this->assert( 0, "refresh=all allowed by a non-admin user!" );
}
catch Foswiki::OopsException with {
my $e = shift;
$this->assert_str_equals( "cache_refresh", $e->{def},
$e->stringify() );
$this->assert_str_equals( "accessdenied", $e->{template},
$e->stringify() );
- };
+ }
+ }
+ );
+
+ # Make sure that the page is still cached, that it wasn't removed
+ # during the oops processing
+
+ $query = Unit::Request->new( { skin => ['none'], } );
+ $query->path_info($pathinfo);
+ $query->method('GET');
+ $this->createNewFoswikiSession( $this->{test_user_login},
+ $query, { view => 1 } );
+
+ ( my $two, $result, $stdout, $stderr ) = $this->capture(
+ sub {
+ no strict 'refs';
+ &{$UI_FN}( $this->{session} );
+ use strict 'refs';
+ $Foswiki::engine->finalize( $this->{session}{response},
+ $this->{session}{request} );
}
);
+ $this->assert( $two =~ s/\r//g, 'Failed to remove \r' );
+ $this->assert( $two =~ s/^(.*?)\n\n+//s, 'Failed to remove HTTP headers' );
+ my $two_heads = $1;
+ $this->assert_matches( qr/X-Foswiki-Pagecache: 1/i, $two_heads );
+
+ # Now refresh the cache as an admin
+
+ $query = Unit::Request->new( { skin => ['none'], refresh => 'all', } );
+ $query->path_info($pathinfo);
+ $query->method('GET');
+
$this->createNewFoswikiSession( $Foswiki::cfg{AdminUserLogin},
$query, { view => 1 } );
- ( my $two, $result, $stdout, $stderr ) = $this->capture(
+ ( my $three, $result, $stdout, $stderr ) = $this->capture(
sub {
try {
no strict 'refs';
@@ -501,6 +565,37 @@ sub test_refresh_all {
}
);
+
+ $this->assert( $three =~ s/\r//g, 'Failed to remove \r' );
+ $this->assert( $three =~ s/^(.*?)\n\n+//s,
+ 'Failed to remove HTTP headers' );
+ my $three_heads = $1;
+ $this->assert_does_not_match( qr/X-Foswiki-Pagecache: 1/i, $three_heads );
+
+ # Make sure that the page is not cached
+
+ $query = Unit::Request->new( { skin => ['none'], } );
+ $query->path_info($pathinfo);
+ $query->method('GET');
+
+ $this->createNewFoswikiSession( $this->{test_user_login},
+ $query, { view => 1 } );
+
+ ( my $four, $result, $stdout, $stderr ) = $this->capture(
+ sub {
+ no strict 'refs';
+ &{$UI_FN}( $this->{session} );
+ use strict 'refs';
+ $Foswiki::engine->finalize( $this->{session}{response},
+ $this->{session}{request} );
+ }
+ );
+
+ $this->assert( $four =~ s/\r//g, 'Failed to remove \r' );
+ $this->assert( $four =~ s/^(.*?)\n\n+//s, 'Failed to remove HTTP headers' );
+ my $four_heads = $1;
+ $this->assert_does_not_match( qr/X-Foswiki-Pagecache: 1/i, $four_heads );
+
}
1;
@@ -222,8 +222,8 @@ sub cachePage {
my $refresh = $request->param('refresh') || '';
my $variationKey = $this->genVariationKey();
- # remove old entries
- if ( $refresh =~ m/^(on|cache|all)$/ ) {
+ # remove old entries. Note refresh=all handled in getPage
+ if ( $refresh =~ m/^(on|cache)$/ ) {
$this->deletePage( $web, $topic ); # removes all variations
}
else {
@@ -335,13 +335,10 @@ sub getPage {
if ( $refresh eq 'fire' ) { # simulates a "save" of the current topic
$this->fireDependency( $web, $topic );
-
- #return undef;
}
if ( $refresh =~ m/^(on|cache)$/ ) {
$this->deletePage( $web, $topic ); # removes all variations
- #return undef;
}
# check cacheability

0 comments on commit e11b033

Please sign in to comment.