movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-23 17:56:53 +03:00
Code Activity
nixpkgs/nixos/tests/nextcloud/with-postgresql-and-redis.nix
Maximilian Bosch 37d6961f33
nixos/nextcloud: add regression test for not delivering code anymore 
PR #277382 didn't fix just an issue with .mjs files for the `forms` app,
but an underlying, more problematic issue: for `/nix-apps` &
`/store-apps`, the fcgi config for PHP and the block for assets were
never reached.

That meant that e.g. `/nix-apps/notes/lib/AppInfo/Application.php`
returned the PHP source code as text/plain. Considering that there was
never a fundamental change to how this config's structure, I'm pretty
sure that the issue was pretty much there since the module exists.

After consulting the NixOS security team we agreed that this is most
likely harmless because you'd have to use private apps with secrets in
the raw PHP code of said app. However, this is still problematic because
one important assumption - that PHP code is never sent to the browser -
is broken which is why we decided on not mentioning this impact in the
previous PR from December 2023.

To make sure that we don't regress our nginx config, I decided to add
the reproducer which fails on 8bbbb228b4
as testcase to our integration tests.
2024-02-10 17:52:19 +01:00

98 lines
3.5 KiB
Nix
Raw Blame History

args@{ pkgs, nextcloudVersion ? 22, ... }:
(import ../make-test-python.nix ({ pkgs, ...}: let
adminpass = "hunter2";
adminuser = "custom-admin-username";
in {
name = "nextcloud-with-postgresql-and-redis";
meta = with pkgs.lib.maintainers; {
maintainers = [ eqyiel ];
};
nodes = {
# The only thing the client needs to do is download a file.
client = { ... }: {};
nextcloud = { config, pkgs, lib, ... }: {
networking.firewall.allowedTCPPorts = [ 80 ];
services.nextcloud = {
enable = true;
hostName = "nextcloud";
package = pkgs.${"nextcloud" + (toString nextcloudVersion)};
caching = {
apcu = false;
redis = true;
memcached = false;
};
database.createLocally = true;
config = {
dbtype = "pgsql";
inherit adminuser;
adminpassFile = toString (pkgs.writeText "admin-pass-file" ''
${adminpass}
'');
};
notify_push = {
enable = true;
logLevel = "debug";
};
extraAppsEnable = true;
extraApps = {
inherit (pkgs."nextcloud${lib.versions.major config.services.nextcloud.package.version}Packages".apps) notify_push notes;
};
settings.trusted_proxies = [ "::1" ];
};
services.redis.servers."nextcloud".enable = true;
services.redis.servers."nextcloud".port = 6379;
};
};
testScript = let
configureRedis = pkgs.writeScript "configure-redis" ''
#!${pkgs.runtimeShell}
nextcloud-occ config:system:set redis 'host' --value 'localhost' --type string
nextcloud-occ config:system:set redis 'port' --value 6379 --type integer
nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\Redis' --type string
nextcloud-occ config:system:set memcache.locking --value '\OC\Memcache\Redis' --type string
'';
withRcloneEnv = pkgs.writeScript "with-rclone-env" ''
#!${pkgs.runtimeShell}
export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav
export RCLONE_CONFIG_NEXTCLOUD_URL="http://nextcloud/remote.php/dav/files/${adminuser}"
export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud"
export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}"
export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})"
"''${@}"
'';
copySharedFile = pkgs.writeScript "copy-shared-file" ''
#!${pkgs.runtimeShell}
echo 'hi' | ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file
'';
diffSharedFile = pkgs.writeScript "diff-shared-file" ''
#!${pkgs.runtimeShell}
diff <(echo 'hi') <(${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file)
'';
in ''
start_all()
nextcloud.wait_for_unit("multi-user.target")
nextcloud.succeed("${configureRedis}")
nextcloud.succeed("curl -sSf http://nextcloud/login")
nextcloud.succeed(
"${withRcloneEnv} ${copySharedFile}"
)
client.wait_for_unit("multi-user.target")
client.execute("${pkgs.nextcloud-notify_push.passthru.test_client}/bin/test_client http://nextcloud ${adminuser} ${adminpass} >&2 &")
client.succeed(
"${withRcloneEnv} ${diffSharedFile}"
)
nextcloud.wait_until_succeeds("journalctl -u nextcloud-notify_push | grep -q \"Sending ping to ${adminuser}\"")
# redis cache should not be empty
nextcloud.fail('test "[]" = "$(redis-cli --json KEYS "*")"')
nextcloud.fail("curl -f http://nextcloud/nix-apps/notes/lib/AppInfo/Application.php")
'';
})) args
View git blame Copy permalink