xref: /sqlite-3.40.0/test/auth3.test (revision 067b92ba) 
1# 2008 October 27
2#
3# The author disclaims copyright to this source code.  In place of
4# a legal notice, here is a blessing:
5#
6#    May you do good and not evil.
7#    May you find forgiveness for yourself and forgive others.
8#    May you share freely, never taking more than you give.
9#
10#***********************************************************************
11#
12# Test that the truncate optimization is disabled if the SQLITE_DELETE
13# authorization callback returns SQLITE_IGNORE.
14#
15# Test that authorizer is disabled during schema parsing.
16
17set testdir [file dirname $argv0]
18source $testdir/tester.tcl
19
20# disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
21# defined during compilation.
22if {[catch {db auth {}} msg]} {
23  finish_test
24  return
25}
26
27# Disable the statement cache for these tests.
28#
29db cache size 0
30
31db authorizer ::auth
32proc auth {code arg1 arg2 arg3 arg4 args} {
33  if {$code=="SQLITE_DELETE"} {
34    return $::authcode
35  }
36  return SQLITE_OK
37}
38
39#--------------------------------------------------------------------------
40# The following tests - auth3-1.* - test that return values of SQLITE_DENY,
41# SQLITE_IGNORE, SQLITE_OK and <invalid> are correctly handled when returned
42# by an SQLITE_DELETE authorization callback triggered by a
43# "DELETE FROM <table-name>" statement.
44#
45do_test auth3-1.1 {
46  execsql {
47    CREATE TABLE t1(a,b,c);
48    INSERT INTO t1 VALUES(1, 2, 3);
49    INSERT INTO t1 VALUES(4, 5, 6);
50  }
51} {}
52do_test auth3.1.2 {
53  set ::authcode SQLITE_DENY
54  catchsql { DELETE FROM t1 }
55} {1 {not authorized}}
56# EVIDENCE-OF: R-64962-58611 If the authorizer callback returns any
57# value other than SQLITE_IGNORE, SQLITE_OK, or SQLITE_DENY then the
58# sqlite3_prepare_v2() or equivalent call that triggered the authorizer
59# will fail with an error message.
60do_test auth3.1.3 {
61  set ::authcode SQLITE_INVALID
62  catchsql { DELETE FROM t1 }
63} {1 {authorizer malfunction}}
64do_test auth3.1.4 {
65  execsql { SELECT * FROM t1 }
66} {1 2 3 4 5 6}
67do_test auth3-1.5 {
68  set ::authcode SQLITE_IGNORE
69  execsql {
70    DELETE FROM t1;
71    SELECT * FROM t1;
72  }
73} {}
74do_test auth3-1.6 {
75  set ::authcode SQLITE_OK
76  execsql {
77    INSERT INTO t1 VALUES(1, 2, 3);
78    INSERT INTO t1 VALUES(4, 5, 6);
79    DELETE FROM t1;
80    SELECT * FROM t1;
81  }
82} {}
83
84#--------------------------------------------------------------------------
85# These tests - auth3-2.* - test that returning SQLITE_IGNORE really does
86# disable the truncate optimization.
87#
88do_test auth3-2.1 {
89  set ::authcode SQLITE_OK
90  execsql {
91    INSERT INTO t1 VALUES(1, 2, 3);
92    INSERT INTO t1 VALUES(4, 5, 6);
93  }
94  set sqlite_search_count 0
95  execsql {
96    DELETE FROM t1;
97  }
98  set sqlite_search_count
99} {0}
100
101do_test auth3-2.2 {
102  set ::authcode SQLITE_IGNORE
103  execsql {
104    INSERT INTO t1 VALUES(1, 2, 3);
105    INSERT INTO t1 VALUES(4, 5, 6);
106  }
107  set sqlite_search_count 0
108  execsql {
109    DELETE FROM t1;
110  }
111  set sqlite_search_count
112} {1}
113
114# 2016-07-28.  A problem report from a private client complaining about
115# an authorizer failure during an ALTER TABLE.  The solution (I think) is
116# to disable the authorizer during schema parsing.
117#
118proc auth {code args} {
119  if {$code=="SQLITE_READ" && [regexp {DoNotRead} $args]} {
120    return SQLITE_DENY
121  }
122  return SQLITE_OK
123}
124do_execsql_test auth3-3.0 {
125  CREATE TEMPORARY TABLE TempTable (
126      key TEXT NOT NULL ON CONFLICT FAIL UNIQUE ON CONFLICT REPLACE,
127      value TEXT NOT NULL ON CONFLICT FAIL);
128  ALTER TABLE TempTable RENAME TO DoNotRead;
129  SELECT name FROM temp.sqlite_master;
130} {DoNotRead sqlite_autoindex_DoNotRead_1}
131
132finish_test
133