simplify logic, adding test cases for all combinations of URLs that are regarded as secure context

2019-06-23 10:38:08 +02:00 · 2019-06-23 10:38:08 +02:00 · 40493dfb3a
commit 40493dfb3a
parent 61fde53de0
4 changed files with 63 additions and 50 deletions
--- a/js/privatebin.js
+++ b/js/privatebin.js
@ -4545,20 +4545,17 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            }
            // filter out actually secure connections over HTTP
-            if (
+            for (const tld of ['.onion', '.i2p']) {
-                url.hostname.endsWith('.onion') ||
+                if (url.hostname.endsWith(tld)) {
-                url.hostname.endsWith('.i2p')
+                    return false;
-            ) {
+                }
                return false;
            }
            // whitelist localhost for development
-            if (
+            for (const hostname of ['localhost', '127.0.0.1', '[::1]']) {
-                url.hostname === 'localhost' ||
+                if (url.hostname === hostname) {
-                url.hostname === '127.0.0.1' ||
+                    return false;
-                url.hostname === '[::1]'
+                }
            ) {
                return false;
            }
            // totally INSECURE http protocol!
--- a/js/test/InitialCheck.js
+++ b/js/test/InitialCheck.js
@ -28,46 +28,62 @@ describe('InitialCheck', function () {
                    return result1 && result2;
                }
            ),
-            {tests: 1});
+            {tests: 10});
        });
-        it('shows error, if no webcrypto is detected', function () {
+        jsc.property(
-            [true, false].map(
+            'shows error, if no webcrypto is detected',
-                function (secureProtocol) {
+            'bool',
-                    const clean = jsdom('', {
+            jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
-                        'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/'
+            jsc.nearray(common.jscA2zString()),
-                    });
+            jsc.elements(['.onion', '.i2p', '']),
-                    $('body').html(
+            function (secureProtocol, localhost, domain, tld) {
-                        '<html><body><div id="errormessage" class="hidden"></div>'+
+                const isDomain = localhost === '',
-                        '<div id="oldnotice" class="hidden"></div></body></html>'
+                      isSecureContext = secureProtocol || !isDomain || tld.length > 0,
-                    );
+                      clean = jsdom('', {
-                    const crypto = window.crypto;
+                          'url': (secureProtocol ? 'https' : 'http' ) + '://' +
-                    window.crypto = null;
+                                 (isDomain ? domain.join('') + tld : localhost) + '/'
-                    $.PrivateBin.Alert.init();
+                      });
-                    assert(!$.PrivateBin.InitialCheck.init());
+                $('body').html(
-                    assert(secureProtocol === $('#errormessage').hasClass('hidden'));
+                    '<html><body><div id="errormessage" class="hidden"></div>'+
-                    assert(!$('#oldnotice').hasClass('hidden'));
+                    '<div id="oldnotice" class="hidden"></div></body></html>'
-                    window.crypto = crypto;
+                );
-                    clean();
+                const crypto = window.crypto;
-                }
+                window.crypto = null;
-            );
+                $.PrivateBin.Alert.init();
-        });
+                const result1 = !$.PrivateBin.InitialCheck.init(),
                      result2 = isSecureContext === $('#errormessage').hasClass('hidden'),
                      result3 = !$('#oldnotice').hasClass('hidden');
                window.crypto = crypto;
                clean();
                return result1 && result2 && result3;
            }
        );
-        it('shows error, if HTTP only site is detected', function () {
+        jsc.property(
-            [true, false].map(
+            'shows error, if HTTP only site is detected',
-                function (secureProtocol) {
+            'bool',
-                    const clean = jsdom('', {
+            jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
-                        'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/'
+            jsc.nearray(common.jscA2zString()),
-                    });
+            jsc.elements(['.onion', '.i2p', '']),
-                    $('body').html(
+            function (secureProtocol, localhost, domain, tld) {
-                        '<html><body><div id="httpnotice" class="hidden"></div></body></html>'
+                const isDomain = localhost === '',
-                    );
+                      isSecureContext = secureProtocol || !isDomain || tld.length > 0,
-                    assert($.PrivateBin.InitialCheck.init());
+                      clean = jsdom('', {
-                    assert(secureProtocol === $('#httpnotice').hasClass('hidden'));
+                          'url': (secureProtocol ? 'https' : 'http' ) + '://' +
-                    clean();
+                               (isDomain ? domain.join('') + tld : localhost) + '/'
-                }
+                      });
-            );
+                $('body').html(
-        });
+                    '<html><body><div id="httpnotice" class="hidden"></div>'+
                    '</body></html>'
                );
                $.PrivateBin.Alert.init();
                const result1 = $.PrivateBin.InitialCheck.init(),
                      result2 = isSecureContext === $('#httpnotice').hasClass('hidden');
                clean();
                return result1 && result2;
            }
        );
    });
 });
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@ -72,7 +72,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-3ztSV/4pvPksAzHBo/tSKzDa6wLomQpV6gZgzHCwzS7DgRJ8ckw7oO1sxiNI/H3Imh4wGHFKNaqCkbYU7JTdRA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-V0v5OOCcrMFtPsP9xWbKjoaRBobWrMdKdiDPn1tK8Kq8uzbEOK8tY0JXCbEqVpPyJ3/hVrtfjdXhgGaxeMUj3g==" crossorigin="anonymous"></script>
 		<!--[if IE]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
 		<![endif]-->
--- a/tpl/page.php
+++ b/tpl/page.php
@ -50,7 +50,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-3ztSV/4pvPksAzHBo/tSKzDa6wLomQpV6gZgzHCwzS7DgRJ8ckw7oO1sxiNI/H3Imh4wGHFKNaqCkbYU7JTdRA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-V0v5OOCcrMFtPsP9xWbKjoaRBobWrMdKdiDPn1tK8Kq8uzbEOK8tY0JXCbEqVpPyJ3/hVrtfjdXhgGaxeMUj3g==" crossorigin="anonymous"></script>
 		<!--[if IE]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
 		<![endif]-->