xref: /sqlite-3.40.0/test/auth3.test (revision dfe4e6bb) 
1# 2008 October 27
2#
3# The author disclaims copyright to this source code.  In place of
4# a legal notice, here is a blessing:
5#
6#    May you do good and not evil.
7#    May you find forgiveness for yourself and forgive others.
8#    May you share freely, never taking more than you give.
9#
10#***********************************************************************
11#
12# Test that the truncate optimization is disabled if the SQLITE_DELETE
13# authorization callback returns SQLITE_IGNORE.
14#
15# Test that authorizer is disabled during schema parsing.
16
17set testdir [file dirname $argv0]
18source $testdir/tester.tcl
19
20# disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
21# defined during compilation.
22if {[catch {db auth {}} msg]} {
23  finish_test
24  return
25}
26
27# Disable the statement cache for these tests.
28#
29db cache size 0
30
31db authorizer ::auth
32proc auth {code arg1 arg2 arg3 arg4 args} {
33  if {$code=="SQLITE_DELETE"} {
34    return $::authcode
35  }
36  return SQLITE_OK
37}
38
39#--------------------------------------------------------------------------
40# The following tests - auth3-1.* - test that return values of SQLITE_DENY,
41# SQLITE_IGNORE, SQLITE_OK and <invalid> are correctly handled when returned
42# by an SQLITE_DELETE authorization callback triggered by a
43# "DELETE FROM <table-name>" statement.
44#
45do_test auth3-1.1 {
46  execsql {
47    CREATE TABLE t1(a,b,c);
48    INSERT INTO t1 VALUES(1, 2, 3);
49    INSERT INTO t1 VALUES(4, 5, 6);
50  }
51} {}
52do_test auth3.1.2 {
53  set ::authcode SQLITE_DENY
54  catchsql { DELETE FROM t1 }
55} {1 {not authorized}}
56do_test auth3.1.3 {
57  set ::authcode SQLITE_INVALID
58  catchsql { DELETE FROM t1 }
59} {1 {authorizer malfunction}}
60do_test auth3.1.4 {
61  execsql { SELECT * FROM t1 }
62} {1 2 3 4 5 6}
63do_test auth3-1.5 {
64  set ::authcode SQLITE_IGNORE
65  execsql {
66    DELETE FROM t1;
67    SELECT * FROM t1;
68  }
69} {}
70do_test auth3-1.6 {
71  set ::authcode SQLITE_OK
72  execsql {
73    INSERT INTO t1 VALUES(1, 2, 3);
74    INSERT INTO t1 VALUES(4, 5, 6);
75    DELETE FROM t1;
76    SELECT * FROM t1;
77  }
78} {}
79
80#--------------------------------------------------------------------------
81# These tests - auth3-2.* - test that returning SQLITE_IGNORE really does
82# disable the truncate optimization.
83#
84do_test auth3-2.1 {
85  set ::authcode SQLITE_OK
86  execsql {
87    INSERT INTO t1 VALUES(1, 2, 3);
88    INSERT INTO t1 VALUES(4, 5, 6);
89  }
90  set sqlite_search_count 0
91  execsql {
92    DELETE FROM t1;
93  }
94  set sqlite_search_count
95} {0}
96
97do_test auth3-2.2 {
98  set ::authcode SQLITE_IGNORE
99  execsql {
100    INSERT INTO t1 VALUES(1, 2, 3);
101    INSERT INTO t1 VALUES(4, 5, 6);
102  }
103  set sqlite_search_count 0
104  execsql {
105    DELETE FROM t1;
106  }
107  set sqlite_search_count
108} {1}
109
110# 2016-07-28.  A problem report from a private client complaining about
111# an authorizer failure during an ALTER TABLE.  The solution (I think) is
112# to disable the authorizer during schema parsing.
113#
114proc auth {code args} {
115  if {$code=="SQLITE_READ" && [regexp {DoNotRead} $args]} {
116    return SQLITE_DENY
117  }
118  return SQLITE_OK
119}
120do_execsql_test auth3-3.0 {
121  CREATE TEMPORARY TABLE TempTable (
122      key TEXT NOT NULL ON CONFLICT FAIL UNIQUE ON CONFLICT REPLACE,
123      value TEXT NOT NULL ON CONFLICT FAIL);
124  ALTER TABLE TempTable RENAME TO DoNotRead;
125  SELECT name FROM sqlite_temp_master;
126} {DoNotRead sqlite_autoindex_DoNotRead_1}
127
128finish_test
129