Integrate the Zeus URL redirection test script into our regression test suite #2479

Closed
fmarier opened this Issue Sep 14, 2012 · 7 comments

Comments

Projects
None yet
5 participants
Member

fmarier commented Sep 14, 2012

Once prod is fixed and the tests pass, we should add this repo to our regression test suite:

https://github.com/fmarier/checkurl

@jrgm points out that it would be nice to preserve history (which has explanations for each test) when we add the test to the browserid repo. This should be easily doable with git-format-patch and git-am.

CCing @6a68 who probably knows where that script should go.

lloyd was assigned Sep 20, 2012

Owner

6a68 commented Feb 25, 2013

@gene1wood these tests might be useful in porting zeus behavior to ELB?

Member

fmarier commented Feb 25, 2013

When is the move to ELB happening?

The only concern I have is that I think we should complete the 3rd-party library review and give a bit of notice to RPs before we implement the changes in that test script. There might still be sites that use the wrong verifier URL (e.g. etherpad-lite) or include.js (e.g.jquery plugin).

Owner

6a68 commented Feb 25, 2013

The move is happening by end of Q1. We are aiming to do a 1-1 translation
of existing behavior into ELB.

On Sun, Feb 24, 2013 at 8:22 PM, Francois Marier
notifications@github.comwrote:

When is the move to ELB happening?

The only concern I have is that I think we should complete the 3rd-party
library review and give a bit of notice to RPs before we implement the
changes in that test script. There might still be sites that use the wrong
verifier URL (e.g. etherpad-lite) or include.js (e.g.jquery plugin).


Reply to this email directly or view it on GitHubhttps://github.com/mozilla/browserid/issues/2479#issuecomment-14025209.

Owner

gene1wood commented Feb 25, 2013

@6a68 Agreed, probably much better to just assert in the tests what behavior we want and then code the nginx logic against that and ignore the existing zeus logic.

Member

fmarier commented Feb 25, 2013

I can take a look at the script tomorrow and change the values to make most of the tests pass. Then we can go back to the current script when we're ready to block insecure redirects.

Does that sound useful?

Member

fmarier commented Feb 26, 2013

Alright, here's a version of the script that preserves what is currently working for RPs and IdPs: https://github.com/fmarier/checkurl/tree/no_security_improvements

It's not quite what we have in Zeus, but it's what we should have.

Owner

callahad commented Oct 31, 2014

Hi! To help us better focus, I'm "closing" all issues that have been open for more than six months. These have been tagged "cleanup-2014" so that we can go back and review them in the future.

For more information, check out this thread: http://thread.gmane.org/gmane.comp.mozilla.identity.devel/7394

If you believe this bug is still a major issue for you, please comment, submit a pull request, or discuss it on our mailing list: https://lists.mozilla.org/listinfo/dev-identity

Sorry for GitHub notification spam!

callahad closed this Oct 31, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment