em-websocket 0.3.7 → 0.5.2

data/spec/integration/gte_03_examples.rb

@@ -0,0 +1,42 @@
+shared_examples_for "a WebSocket server drafts 3 and above" do
+  it "should force close connections after a timeout if close handshake is not sent by the client" do
+    em {
+      server_onerror_fired = false
+      server_onclose_fired = false
+      client_got_close_handshake = false
+      
+      start_server(:close_timeout => 0.1) { |ws|
+        ws.onopen {
+          # 1: Send close handshake to client
+          EM.next_tick { ws.close(4999, "Close message") }
+        }
+        
+        ws.onerror { |e|
+          # 3: Client should receive onerror
+          e.class.should == EM::WebSocket::WSProtocolError
+          e.message.should == "Close handshake un-acked after 0.1s, closing tcp connection"
+          server_onerror_fired = true
+        }
+        
+        ws.onclose {
+          server_onclose_fired = true
+        }
+      }
+      start_client { |client|
+        client.onmessage { |msg|
+          # 2: Client does not respond to close handshake (the fake client 
+          # doesn't understand them at all hence this is in onmessage)
+          msg.should =~ /Close message/ if version >= 6
+          client_got_close_handshake = true
+        }
+        
+        client.onclose {
+          server_onerror_fired.should == true
+          server_onclose_fired.should == true
+          client_got_close_handshake.should == true
+          done
+        }
+      }
+    }
+  end
+end

data/spec/integration/shared_examples.rb

@@ -3,6 +3,125 @@
 # These tests are run against all draft versions
 #
 shared_examples_for "a websocket server" do
+  it "should expose the protocol version" do
+    em {
+      start_server { |ws|
+        ws.onopen { |handshake|
+          handshake.protocol_version.should == version
+          done
+        }
+      }
+
+      start_client
+    }
+  end
+
+  it "should expose the origin header" do
+    em {
+      start_server { |ws|
+        ws.onopen { |handshake|
+          handshake.origin.should == 'http://example.com'
+          done
+        }
+      }
+
+      start_client
+    }
+  end
+
+  it "should expose the remote IP address" do
+    em {
+      start_server { |ws|
+        ws.onopen {
+          ws.remote_ip.should == "127.0.0.1"
+          done
+        }
+      }
+
+      start_client
+    }
+  end
+
+  it "should send messages successfully" do
+    em {
+      start_server { |ws|
+        ws.onmessage { |message|
+          message.should == "hello server"
+          done
+        }
+      }
+
+      start_client { |client|
+        client.onopen {
+          client.send("hello server")
+        }
+      }
+    }
+  end
+
+  it "should allow connection to be closed with valid close code" do
+    em {
+      start_server { |ws|
+        ws.onopen {
+          ws.close(4004, "Bye bye")
+          done
+        }
+      }
+
+      start_client
+      # TODO: Use a real client which understands how to respond to closing
+      # handshakes, sending the handshake currently untested
+    }
+  end
+
+  it "should raise error if if invalid close code is used" do
+    em {
+      start_server { |ws|
+        ws.onopen {
+          lambda {
+            ws.close(2000)
+          }.should raise_error("Application code may only use codes from 1000, 3000-4999")
+          done
+        }
+      }
+
+      start_client
+    }
+  end
+
+  it "should call onclose with was_clean set to false if connection closed without closing handshake by server" do
+    em {
+      start_server { |ws|
+        ws.onopen {
+          # Close tcp connection (no close handshake)
+          ws.close_connection
+        }
+        ws.onclose { |event|
+          event.should == {:code => 1006, :was_clean => false}
+          done
+        }
+      }
+      start_client
+    }
+  end
+
+  it "should call onclose with was_clean set to false if connection closed without closing handshake by client" do
+    em {
+      start_server { |ws|
+        ws.onclose { |event|
+          event.should == {:code => 1006, :was_clean => false}
+          done
+        }
+      }
+      start_client { |client|
+        client.onopen {
+          # Close tcp connection (no close handshake)
+          client.close_connection
+        }
+      }
+    }
+  end
+
   it "should call onerror if an application error raised in onopen" do
     em {
       start_server { |ws|

data/spec/unit/framing_spec.rb

@@ -1,3 +1,5 @@
+# encoding: BINARY
+
 require 'helper'
 
 describe EM::WebSocket::Framing03 do
@@ -13,7 +15,7 @@ describe EM::WebSocket::Framing03 do
 
     def <<(data)
       @data << data
-      process_data(data)
+      process_data
     end
     
     def debug(*args); end
@@ -138,7 +140,7 @@ describe EM::WebSocket::Framing04 do
 
     def <<(data)
       @data << data
-      process_data(data)
+      process_data
     end
 
     def debug(*args); end
@@ -207,7 +209,7 @@ describe EM::WebSocket::Framing07 do
 
     def <<(data)
       @data << data
-      process_data(data)
+      process_data
     end
 
     def debug(*args); end
@@ -265,7 +267,7 @@ describe EM::WebSocket::Framing07 do
       lambda {
         # Opcode 3 is not supported by this draft
         @f << "\x83\x05Hello"
-      }.should raise_error(EventMachine::WebSocket::WSProtocolError, "Unknown opcode")
+      }.should raise_error(EventMachine::WebSocket::WSProtocolError, "Unknown opcode 3")
     end
 
     it "should accept a fragmented unmasked text message in 3 frames" do
@@ -274,5 +276,23 @@ describe EM::WebSocket::Framing07 do
       @f << "\x00\x02lo"
       @f << "\x80\x06 world"
     end
+
+    it "should raise if non-fin frame is followed by a non-continuation data frame (continuation frame would be expected)" do
+      lambda {
+        @f << 0b00000001 # Not fin, text
+        @f << 0b00000001 # Length 1
+        @f << 'f'
+        @f << 0b10000001 # fin, text (continutation expected)
+        @f << 0b00000001 # Length 1
+        @f << 'b'
+      }.should raise_error(EM::WebSocket::WebSocketError, 'Continuation frame expected')
+    end
+
+    it "should raise on non-fin control frames (control frames must not be fragmented)" do
+      lambda {
+        @f << 0b00001010 # Not fin, pong (opcode 10)
+        @f << 0b00000000 # Length 1
+      }.should raise_error(EM::WebSocket::WebSocketError, 'Control frames must not be fragmented')
+    end
   end
 end

data/spec/unit/handshake_spec.rb

@@ -0,0 +1,216 @@
+require 'helper'
+
+describe EM::WebSocket::Handshake do
+  def handshake(request, secure = false)
+    handshake = EM::WebSocket::Handshake.new(secure)
+    handshake.receive_data(format_request(request))
+    handshake
+  end
+  
+  before :each do
+    @request = {
+      :port => 80,
+      :method => "GET",
+      :path => "/demo",
+      :headers => {
+        'Host' => 'example.com',
+        'Connection' => 'Upgrade',
+        'Sec-WebSocket-Key2' => '12998 5 Y3 1  .P00',
+        'Sec-WebSocket-Protocol' => 'sample',
+        'Upgrade' => 'WebSocket',
+        'Sec-WebSocket-Key1' => '4 @1  46546xW%0l 1 5',
+        'Origin' => 'http://example.com'
+      },
+      :body => '^n:ds[4U'
+    }
+    @secure_request = @request.merge(:port => 443)
+
+    @response = {
+      :headers => {
+        "Upgrade" => "WebSocket",
+        "Connection" => "Upgrade",
+        "Sec-WebSocket-Location" => "ws://example.com/demo",
+        "Sec-WebSocket-Origin" => "http://example.com",
+        "Sec-WebSocket-Protocol" => "sample"
+      },
+      :body => "8jKS\'y:G*Co,Wxa-"
+    }
+    @secure_response = @response.merge(:headers => @response[:headers].merge('Sec-WebSocket-Location' => "wss://example.com/demo"))
+  end
+  
+  it "should handle good request" do
+    handshake(@request).should succeed_with_upgrade(@response)
+  end
+  
+  it "should handle good request to secure default port if secure mode is enabled" do
+    handshake(@secure_request, true).
+      should succeed_with_upgrade(@secure_response)
+  end
+  
+  it "should not handle good request to secure default port if secure mode is disabled" do
+    handshake(@secure_request, false).
+      should_not succeed_with_upgrade(@secure_response)
+  end
+  
+  it "should handle good request on nondefault port" do
+    @request[:port] = 8081
+    @request[:headers]['Host'] = 'example.com:8081'
+    @response[:headers]['Sec-WebSocket-Location'] =
+      'ws://example.com:8081/demo'
+
+    handshake(@request).should succeed_with_upgrade(@response)
+  end
+  
+  it "should handle good request to secure nondefault port" do
+    @secure_request[:port] = 8081
+    @secure_request[:headers]['Host'] = 'example.com:8081'
+    @secure_response[:headers]['Sec-WebSocket-Location'] = 'wss://example.com:8081/demo'
+    
+    handshake(@secure_request, true).
+      should succeed_with_upgrade(@secure_response)
+  end
+  
+  it "should handle good request with no protocol" do
+    @request[:headers].delete('Sec-WebSocket-Protocol')
+    @response[:headers].delete("Sec-WebSocket-Protocol")
+
+    handshake(@request).should succeed_with_upgrade(@response)
+  end
+  
+  it "should handle extra headers by simply ignoring them" do
+    @request[:headers]['EmptyValue'] = ""
+    @request[:headers]['AKey'] = "AValue"
+
+    handshake(@request).should succeed_with_upgrade(@response)
+  end
+  
+  it "should raise error on HTTP request" do
+    @request[:headers] = {
+      'Host' => 'www.google.com',
+      'User-Agent' => 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 GTB6 GTBA',
+      'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+      'Accept-Language' => 'en-us,en;q=0.5',
+      'Accept-Encoding' => 'gzip,deflate',
+      'Accept-Charset' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
+      'Keep-Alive' => '300',
+      'Connection' => 'keep-alive',
+    }
+    
+    handshake(@request).should fail_with_error(EM::WebSocket::HandshakeError)
+  end
+  
+  it "should raise error on wrong method" do
+    @request[:method] = 'POST'
+
+    handshake(@request).should fail_with_error(EM::WebSocket::HandshakeError)
+  end
+  
+  it "should raise error if upgrade header incorrect" do
+    @request[:headers]['Upgrade'] = 'NonWebSocket'
+
+    handshake(@request).should fail_with_error(EM::WebSocket::HandshakeError)
+  end
+  
+  it "should raise error if Sec-WebSocket-Protocol is empty" do
+    @request[:headers]['Sec-WebSocket-Protocol'] = ''
+
+    handshake(@request).should fail_with_error(EM::WebSocket::HandshakeError)
+  end
+  
+  %w[Sec-WebSocket-Key1 Sec-WebSocket-Key2].each do |header|
+    it "should raise error if #{header} has zero spaces" do
+      @request[:headers][header] = 'nospaces'
+
+      handshake(@request).
+        should fail_with_error(EM::WebSocket::HandshakeError, 'Websocket Key1 or Key2 does not contain spaces - this is a symptom of a cross-protocol attack')
+    end
+  end
+  
+  it "should raise error if Sec-WebSocket-Key1 is missing" do
+    @request[:headers].delete("Sec-WebSocket-Key1")
+
+    # The error message isn't correct since key1 is used to heuristically
+    # determine the protocol version in use, however this test at least checks
+    # that the handshake does correctly fail
+    handshake(@request).
+      should fail_with_error(EM::WebSocket::HandshakeError, 'Extra bytes after header')
+  end
+
+  it "should raise error if Sec-WebSocket-Key2 is missing" do
+    @request[:headers].delete("Sec-WebSocket-Key2")
+
+    handshake(@request).
+      should fail_with_error(EM::WebSocket::HandshakeError, 'WebSocket key1 or key2 is missing')
+  end
+
+  it "should raise error if spaces do not divide numbers in Sec-WebSocket-Key* " do
+    @request[:headers]['Sec-WebSocket-Key2'] = '12998 5 Y3 1.P00'
+
+    handshake(@request).
+      should fail_with_error(EM::WebSocket::HandshakeError, 'Invalid Key "12998 5 Y3 1.P00"')
+  end
+  
+  it "should raise error if the HTTP header is empty" do
+    handshake = EM::WebSocket::Handshake.new(false)
+    handshake.receive_data("\r\n\r\nfoobar")
+    
+    handshake.
+      should fail_with_error(EM::WebSocket::HandshakeError, 'Invalid HTTP header: Could not parse data entirely (4 != 10)')
+  end
+
+  # This might seems crazy, but very occasionally we saw multiple "Upgrade:
+  # WebSocket" headers in the wild. RFC 4.2.1 isn't particularly clear on this
+  # point, so for now I have decided not to accept --@mloughran
+  it "should raise error on multiple upgrade headers" do
+    handshake = EM::WebSocket::Handshake.new(false)
+
+    # Add a duplicate upgrade header
+    headers = format_request(@request)
+    upgrade_header = "Upgrade: WebSocket\r\n"
+    headers.gsub!(upgrade_header, "#{upgrade_header}#{upgrade_header}")
+
+    handshake.receive_data(headers)
+
+    handshake.errback { |e|
+      e.class.should == EM::WebSocket::HandshakeError
+      e.message.should == 'Invalid upgrade header: ["WebSocket", "WebSocket"]'
+    }
+  end
+  
+  it "should cope with requests where the header is split" do
+    request = format_request(@request)
+    incomplete_request = request[0...(request.length / 2)]
+    rest = request[(request.length / 2)..-1]
+    handshake = EM::WebSocket::Handshake.new(false)
+    handshake.receive_data(incomplete_request)
+    
+    handshake.instance_variable_get(:@deferred_status).should == nil
+    
+    # Send the remaining header
+    handshake.receive_data(rest)
+    
+    handshake(@request).should succeed_with_upgrade(@response)
+  end
+  
+  it "should cope with requests where the third key is split" do
+    request = format_request(@request)
+    # Removes last two bytes of the third key
+    incomplete_request = request[0..-3]
+    rest = request[-2..-1]
+    handshake = EM::WebSocket::Handshake.new(false)
+    handshake.receive_data(incomplete_request)
+    
+    handshake.instance_variable_get(:@deferred_status).should == nil
+    
+    # Send the remaining third key
+    handshake.receive_data(rest)
+    
+    handshake(@request).should succeed_with_upgrade(@response)
+  end
+
+  it "should fail if the request URI is invalid" do
+    @request[:path] = "/%"
+    handshake(@request).should \
+      fail_with_error(EM::WebSocket::HandshakeError, 'Invalid request URI: /%')
+  end
+end

data/spec/unit/masking_spec.rb

@@ -23,5 +23,7 @@ describe EM::WebSocket::MaskedString do
     t.getbyte(4).should == 0x03
     t.read_mask
     t.getbyte(4).should == 0x01
+    t.unset_mask
+    t.getbyte(4).should == 0x03
   end
 end