From 33f8c4d9c135d8138e93c36ba97e694b42634c52 Mon Sep 17 00:00:00 2001 From: Juri Leino Date: Wed, 25 Oct 2023 11:18:57 +0200 Subject: [PATCH] fix(connection): misleading warning message When connecting to a remote DB over an encrypted channel users might be greeted with a warning: "Connecting to remote DB allowing invalid certificate." This is misleading in cases where `rejectUnauthorized` is not explicitly set. The added tests will connect to exist-db.org over https. They only check the connection is established and rejected as unauthorized. --- components/connection.js | 2 +- spec/tests/index.js | 26 ++++++++++++++++++++++++++ spec/tests/rest.js | 30 ++++++++++++++++++++++++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) diff --git a/components/connection.js b/components/connection.js index 64d9640..511ca3e 100644 --- a/components/connection.js +++ b/components/connection.js @@ -138,7 +138,7 @@ function mergeOptions (path, options) { if (!isSecureClient) { console.warn('Connecting to remote DB using an unencrypted channel.') } - if (!mergedOptions.rejectUnauthorized) { + if (('rejectUnauthorized' in mergedOptions) && !mergedOptions.rejectUnauthorized) { console.warn('Connecting to remote DB allowing invalid certificate.') } } diff --git a/spec/tests/index.js b/spec/tests/index.js index b39496a..95487e1 100644 --- a/spec/tests/index.js +++ b/spec/tests/index.js @@ -71,6 +71,32 @@ test('create insecure client using legacy option', function (t) { t.end() }) +test('create secure client to remote db', function (t) { + const host = 'exist-db.org' + const protocol = 'https:' + const remoteDb = port => connect({ host, protocol, port }) + const check = async function (db, st) { + st.equal(db.client.isSecure, true, 'secure client used') + + try { + const result = await db.resources.describe('/db') + st.fail(result, result) + } catch (e) { + st.equal(e.message, 'XML-RPC fault: Wrong password for user [guest] ', e) + } + + st.end() + } + + t.test('using standard port', async function (st) { + await check(remoteDb('443'), st) + }) + + t.test('using empty port', async function (st) { + await check(remoteDb(''), st) + }) +}) + test('get collection permissions', function (t) { const db = connect(envOptions) db.resources.getPermissions('/db') diff --git a/spec/tests/rest.js b/spec/tests/rest.js index 1dd42c2..c3894dd 100644 --- a/spec/tests/rest.js +++ b/spec/tests/rest.js @@ -412,3 +412,33 @@ test('with rest client over http', async function (t) { } }) }) + +test('with rest client connecting to exist-db.org as guest with standard port', async function (t) { + const rc = await getRestClient({ host: 'exist-db.org', port: 443 }) + + t.test('getting a collection listing is rejected as unauthorized', async function (st) { + try { + const res = await rc.get('db') + st.fail(res) + } catch (e) { + st.equal(e.response.statusCode, 401) + } + st.end() + }) +}) + +test('with rest client connecting to exist-db.org from URL', async function (t) { + const { protocol, hostname, port } = new URL('https://exist-db.org/') + // NOTE: that host is mapped to hostname + const rc = await getRestClient({ protocol, host: hostname, port }) + + t.test('getting a collection listing is rejected as unauthorized', async function (st) { + try { + const res = await rc.get('db') + st.fail(res) + } catch (e) { + st.equal(e.response.statusCode, 401) + } + st.end() + }) +})