[catagits/Catalyst-Runtime.git] / t / unit_core_debug_filtering.t

use strict;
use warnings;
use Test::More tests=>15;

use Catalyst;
use HTTP::Headers;
my $c = Catalyst->new( {} );
$c->config(Debug => {param_filters => 'simple_str'});

isa_ok( $c, 'Catalyst' );
my $params = $c->_apply_parameter_debug_filters( 'query', {} );
is_deeply( $params, {}, 'empty param list' );
my $filter_str = '[FILTERED]';

$params = $c->_apply_parameter_debug_filters( 'body', { simple_str => 1, other_str => 2 } );
is( $params->{simple_str}, $filter_str, 'filtered simple_str' );
is( $params->{other_str},  '2',         "didn't filter other_str" );

$c->config( Debug => { param_filters => [qw(a b)] } );
$params = $c->_apply_parameter_debug_filters( 'query', { a => 1, b => 2, c => 3 }, );

is_deeply( $params, { a => $filter_str, b => $filter_str, c => 3 }, 'list of simple param names' );

$c->config( Debug => { param_filters => qr/^foo/ } );
$params = $c->_apply_parameter_debug_filters( 'query', { foo => 1, foobar => 2, c => 3 }, );
is_deeply( $params, { foo => $filter_str, foobar => $filter_str, c => 3 }, 'single regex' );

$c->config(Debug => {param_filters => [qr/^foo/, qr/bar/, 'simple']});
$params = $c->_apply_parameter_debug_filters( 'query', { foo => 1, foobar => 2, bar => 3, c => 3, simple => 4 }, );
is_deeply( $params, { foo => $filter_str, foobar => $filter_str, bar => $filter_str, c => 3, simple => $filter_str }, 'array of regexes and a simple filter' );

$c->config(
    Debug => {
        param_filters => sub { return unless shift eq 'password'; return '*' x 8 }
    }
);
$params = $c->_apply_parameter_debug_filters( 'query', { password => 'secret', other => 'public' }, );
is_deeply( $params, { other => 'public', password => '********' }, 'single CODE ref' );

$c->config( Debug => { param_filters => { body => qr// } } );
$params = $c->_apply_parameter_debug_filters( 'query', { a=>1, b=>2 } );
is_deeply( $params, { a=>1, b=>2 }, 'body filters do not modify query params' );
$params = $c->_apply_parameter_debug_filters( 'body', { a=>1, b=>2 } );
is_deeply( $params, { a => $filter_str, b => $filter_str }, 'all body params filtered' );

$c->config( Debug => { param_filters => undef } );
$c->config( Debug => { param_filters => { all => [qw(foo bar)] } } );
$params = $c->_apply_parameter_debug_filters( 'body', { foo=>1, bar=>2, baz=>3 } );
is_deeply( $params, { foo => $filter_str, bar => $filter_str, baz => 3 }, 'using the "all" type filter on body params' );
$params = $c->_apply_parameter_debug_filters( 'query', { foo=>1, bar=>2, baz=>3 } );
is_deeply( $params, { foo => $filter_str, bar => $filter_str, baz => 3 }, 'using the "all" type filter on query params' );

my $headers = HTTP::Headers->new(
    Content_type => 'text/html',
    Set_Cookie => 'session_id=abc123; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.org.',
    Set_Cookie => 'something_else=xyz890; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.org.',
);
$c->config(
    Debug => {
        response_header_filters => sub {
            my ( $n, $v ) = @_;
            return unless $n eq 'Set-Cookie';
            $v =~ s/session_id=.*?;/session_id=SECRET/;
            return $v;
        },
    }
);
my $filtered = $c->_apply_header_debug_filters(response => $headers);
is($filtered->header('Content-Type'), 'text/html', 'Content-Type header left alone');
like($filtered->as_string, qr/session_id=SECRET/, 'Set-Cookie value filtered');
like($filtered->as_string, qr/something_else=xyz890/, 'non-session_id cookie not filtered');
Commit	Line	Data
10f204e1	1	use strict;
	2	use warnings;
	3	use Test::More tests=>15;
	4
	5	use Catalyst;
	6	use HTTP::Headers;
	7	my $c = Catalyst->new( {} );
	8	$c->config(Debug => {param_filters => 'simple_str'});
	9
	10	isa_ok( $c, 'Catalyst' );
	11	my $params = $c->_apply_parameter_debug_filters( 'query', {} );
	12	is_deeply( $params, {}, 'empty param list' );
	13	my $filter_str = '[FILTERED]';
	14
	15	$params = $c->_apply_parameter_debug_filters( 'body', { simple_str => 1, other_str => 2 } );
	16	is( $params->{simple_str}, $filter_str, 'filtered simple_str' );
	17	is( $params->{other_str}, '2', "didn't filter other_str" );
	18
	19	$c->config( Debug => { param_filters => [qw(a b)] } );
	20	$params = $c->_apply_parameter_debug_filters( 'query', { a => 1, b => 2, c => 3 }, );
	21
	22	is_deeply( $params, { a => $filter_str, b => $filter_str, c => 3 }, 'list of simple param names' );
	23
	24	$c->config( Debug => { param_filters => qr/^foo/ } );
	25	$params = $c->_apply_parameter_debug_filters( 'query', { foo => 1, foobar => 2, c => 3 }, );
	26	is_deeply( $params, { foo => $filter_str, foobar => $filter_str, c => 3 }, 'single regex' );
	27
	28	$c->config(Debug => {param_filters => [qr/^foo/, qr/bar/, 'simple']});
	29	$params = $c->_apply_parameter_debug_filters( 'query', { foo => 1, foobar => 2, bar => 3, c => 3, simple => 4 }, );
	30	is_deeply( $params, { foo => $filter_str, foobar => $filter_str, bar => $filter_str, c => 3, simple => $filter_str }, 'array of regexes and a simple filter' );
	31
	32	$c->config(
	33	Debug => {
	34	param_filters => sub { return unless shift eq 'password'; return '*' x 8 }
	35	}
	36	);
	37	$params = $c->_apply_parameter_debug_filters( 'query', { password => 'secret', other => 'public' }, );
	38	is_deeply( $params, { other => 'public', password => '********' }, 'single CODE ref' );
	39
	40	$c->config( Debug => { param_filters => { body => qr// } } );
	41	$params = $c->_apply_parameter_debug_filters( 'query', { a=>1, b=>2 } );
	42	is_deeply( $params, { a=>1, b=>2 }, 'body filters do not modify query params' );
	43	$params = $c->_apply_parameter_debug_filters( 'body', { a=>1, b=>2 } );
	44	is_deeply( $params, { a => $filter_str, b => $filter_str }, 'all body params filtered' );
	45
	46	$c->config( Debug => { param_filters => undef } );
	47	$c->config( Debug => { param_filters => { all => [qw(foo bar)] } } );
	48	$params = $c->_apply_parameter_debug_filters( 'body', { foo=>1, bar=>2, baz=>3 } );
	49	is_deeply( $params, { foo => $filter_str, bar => $filter_str, baz => 3 }, 'using the "all" type filter on body params' );
	50	$params = $c->_apply_parameter_debug_filters( 'query', { foo=>1, bar=>2, baz=>3 } );
	51	is_deeply( $params, { foo => $filter_str, bar => $filter_str, baz => 3 }, 'using the "all" type filter on query params' );
	52
	53	my $headers = HTTP::Headers->new(
	54	Content_type => 'text/html',
	55	Set_Cookie => 'session_id=abc123; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.org.',
	56	Set_Cookie => 'something_else=xyz890; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.org.',
	57	);
	58	$c->config(
	59	Debug => {
	60	response_header_filters => sub {
	61	my ( $n, $v ) = @_;
	62	return unless $n eq 'Set-Cookie';
	63	$v =~ s/session_id=.*?;/session_id=SECRET/;
	64	return $v;
65	},
66	}
67	);
68	my $filtered = $c->_apply_header_debug_filters(response => $headers);
69	is($filtered->header('Content-Type'), 'text/html', 'Content-Type header left alone');
70	like($filtered->as_string, qr/session_id=SECRET/, 'Set-Cookie value filtered');
71	like($filtered->as_string, qr/something_else=xyz890/, 'non-session_id cookie not filtered');