From 0841fa712ec558d283f533690d2db50dfa1da8fc Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 30 Mar 2010 17:35:27 -0700 Subject: Ticket #1281: JID validation now more or less follows spec instead of calling e-mail validator Basic splitting/validation code submitted via http://status.net/wiki/XMPP/JID_validation -- Copyright 2009 Patrick Georgi Licensed under ISC-L, which is compatible with everything else that keeps the copyright notice intact. Added PEAR Net_IDNA package to extlib to handle IDN normalization (also used by Validate's email verifier if present). * added test suite, supplemented my own test cases with JID validation and normalization test cases from libpurple * follows XMPP rules for validation of name part * fixes for normalization with non-ASCII names * will do domain checks if $config['email']['check_domain'] is on, checking for an XMPP-server SRV record or any lookup. (We don't actually need to ping those direct though.) * some more obscure stringprep validation rules aren't quite followed yet, but we err on the side of permissiveness. * we still don't actually let you save your address with a resource on it, as we strip resources when looking up users who've sent us presence or message updates. I would recommend saving the outgoing resource as a separate field if/when we add that..? --- tests/JidValidateTest.php | 146 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 146 insertions(+) create mode 100644 tests/JidValidateTest.php (limited to 'tests/JidValidateTest.php') diff --git a/tests/JidValidateTest.php b/tests/JidValidateTest.php new file mode 100644 index 000000000..9f5901139 --- /dev/null +++ b/tests/JidValidateTest.php @@ -0,0 +1,146 @@ +assertEquals($validFull, jabber_valid_full_jid($jid), "validating as full or base JID"); + + $this->assertEquals($validBase, jabber_valid_base_jid($jid), "validating as base JID only"); + } + + /** + * @dataProvider normalizationCases + * + */ + public function testNormalize($jid, $expected) + { + $this->assertEquals($expected, jabber_normalize_jid($jid)); + } + + /** + * @dataProvider domainCheckCases() + */ + public function testDomainCheck($domain, $expected, $note) + { + $this->assertEquals($expected, jabber_check_domain($domain), $note); + } + + static public function validationCases() + { + $long1023 = "long1023" . str_repeat('x', 1023 - 8); + $long1024 = "long1024" . str_repeat('x', 1024 - 8); + return array( + // Our own test cases for standard things & those mentioned in bug reports + // (jid, valid_full, valid_base) + array('user@example.com', true, true), + array('user@example.com/resource', true, false), + array('user with spaces@example.com', false, false), // not kosher + + array('user.@example.com', true, true), // "common in intranets" + array('example.com', true, true), + array('example.com/resource', true, false), + array('jabchat', true, true), + + array("$long1023@$long1023/$long1023", true, false), // max 1023 "bytes" per portion per spec. Do they really mean bytes though? + array("$long1024@$long1023/$long1023", false, false), + array("$long1023@$long1024/$long1023", false, false), + array("$long1023@$long1023/$long1024", false, false), + + // Borrowed from test_jabber_jutil.c in libpurple + array("gmail.com", true, true), + array("gmail.com/Test", true, false), + array("gmail.com/Test@", true, false), + array("gmail.com/@", true, false), + array("gmail.com/Test@alkjaweflkj", true, false), + array("mark.doliner@gmail.com", true, true), + array("mark.doliner@gmail.com/Test12345", true, false), + array("mark.doliner@gmail.com/Test@12345", true, false), + array("mark.doliner@gmail.com/Te/st@12@//345", true, false), + array("わいど@conference.jabber.org", true, true), + array("まりるーむ@conference.jabber.org", true, true), + array("mark.doliner@gmail.com/まりるーむ", true, false), + array("mark.doliner@gmail/stuff.org", true, false), + array("stuart@nödåtXäYZ.se", true, true), + array("stuart@nödåtXäYZ.se/まりるーむ", true, false), + array("mark.doliner@わいど.org", true, true), + array("nick@まつ.おおかみ.net", true, true), + array("paul@10.0.42.230/s", true, false), + array("paul@[::1]", true, true), /* IPv6 */ + array("paul@[2001:470:1f05:d58::2]", true, true), + array("paul@[2001:470:1f05:d58::2]/foo", true, false), + array("pa=ul@10.0.42.230", true, true), + array("pa,ul@10.0.42.230", true, true), + + array("@gmail.com", false, false), + array("@@gmail.com", false, false), + array("mark.doliner@@gmail.com/Test12345", false, false), + array("mark@doliner@gmail.com/Test12345", false, false), + array("@gmail.com/Test@12345", false, false), + array("/Test@12345", false, false), + array("mark.doliner@", false, false), + array("mark.doliner/", false, false), + array("mark.doliner@gmail_stuff.org", false, false), + array("mark.doliner@gmail[stuff.org", false, false), + array("mark.doliner@gmail\\stuff.org", false, false), + array("paul@[::1]124", false, false), + array("paul@2[::1]124/as", false, false), + array("paul@まつ.おおかみ/\x01", false, false), + + /* + * RFC 3454 Section 6 reads, in part, + * "If a string contains any RandALCat character, the + * string MUST NOT contain any LCat character." + * The character is U+066D (ARABIC FIVE POINTED STAR). + */ + // Leaving this one commented out for the moment + // as it shouldn't hurt anything for our purposes. + //array("foo@example.com/٭simplexe٭", false, false) + ); + } + + static public function normalizationCases() + { + return array( + // Borrowed from test_jabber_jutil.c in libpurple + array('PaUL@DaRkRain42.org', 'paul@darkrain42.org'), + array('PaUL@DaRkRain42.org/', 'paul@darkrain42.org'), + array('PaUL@DaRkRain42.org/resource', 'paul@darkrain42.org'), + + // Also adapted from libpurple tests... + array('Ф@darkrain42.org', 'ф@darkrain42.org'), + array('paul@Өarkrain.org', 'paul@өarkrain.org'), + ); + } + + static public function domainCheckCases() + { + return array( + array('gmail.com', true, 'known SRV record'), + array('jabber.org', true, 'known SRV record'), + array('status.net', true, 'known SRV record'), + array('status.leuksman.com', true, 'known no SRV record but valid domain'), + ); + } + + +} + -- cgit v1.2.3-54-g00ecf