📄 auth.test
字号:
set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK } execsql {ATTACH DATABASE ':memory:' AS test1} catchsql { DETACH DATABASE test1; }} {0 {}}do_test auth-1.258 { lindex [execsql {PRAGMA database_list}] 7} {}do_test auth-1.259 { execsql {ATTACH DATABASE ':memory:' AS test1} proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DETACH"} { set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK } catchsql { DETACH DATABASE test1; }} {0 {}}ifcapable tempdb { ifcapable schema_pragmas { do_test auth-1.260 { lindex [execsql {PRAGMA database_list}] 7 } {test1} } ;# ifcapable schema_pragmas do_test auth-1.261 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DETACH"} { set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK } catchsql { DETACH DATABASE test1; } } {1 {not authorized}} ifcapable schema_pragmas { do_test auth-1.262 { lindex [execsql {PRAGMA database_list}] 7 } {test1} } ;# ifcapable schema_pragmas db authorizer {} execsql {DETACH DATABASE test1} db authorizer ::auth # Authorization for ALTER TABLE. These tests are omitted if the library # was built without ALTER TABLE support. ifcapable altertable { do_test auth-1.263 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_ALTER_TABLE"} { set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK } catchsql { ALTER TABLE t1 RENAME TO t1x } } {0 {}} do_test auth-1.264 { execsql {SELECT name FROM sqlite_temp_master WHERE type='table'} } {t1x} do_test auth-1.265 { set authargs } {temp t1 {} {}} do_test auth-1.266 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_ALTER_TABLE"} { set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK } catchsql { ALTER TABLE t1x RENAME TO t1 } } {0 {}} do_test auth-1.267 { execsql {SELECT name FROM sqlite_temp_master WHERE type='table'} } {t1x} do_test auth-1.268 { set authargs } {temp t1x {} {}} do_test auth-1.269 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_ALTER_TABLE"} { set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK } catchsql { ALTER TABLE t1x RENAME TO t1 } } {1 {not authorized}} do_test auth-1.270 { execsql {SELECT name FROM sqlite_temp_master WHERE type='table'} } {t1x} } ;# ifcapable altertable do_test auth-1.271 { set authargs } {temp t1x {} {}}} else { db authorizer {} db eval { DETACH DATABASE test1; }}ifcapable altertable {db authorizer {}catchsql {ALTER TABLE t1x RENAME TO t1}db authorizer ::authdo_test auth-1.272 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_ALTER_TABLE"} { set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK } catchsql { ALTER TABLE t2 RENAME TO t2x }} {0 {}}do_test auth-1.273 { execsql {SELECT name FROM sqlite_master WHERE type='table'}} {t2x}do_test auth-1.274 { set authargs} {main t2 {} {}}do_test auth-1.275 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_ALTER_TABLE"} { set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK } catchsql { ALTER TABLE t2x RENAME TO t2 }} {0 {}}do_test auth-1.276 { execsql {SELECT name FROM sqlite_master WHERE type='table'}} {t2x}do_test auth-1.277 { set authargs} {main t2x {} {}}do_test auth-1.278 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_ALTER_TABLE"} { set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK } catchsql { ALTER TABLE t2x RENAME TO t2 }} {1 {not authorized}}do_test auth-1.279 { execsql {SELECT name FROM sqlite_master WHERE type='table'}} {t2x}do_test auth-1.280 { set authargs} {main t2x {} {}}db authorizer {}catchsql {ALTER TABLE t2x RENAME TO t2}} ;# ifcapable altertable# Test the authorization callbacks for the REINDEX command.ifcapable reindex {proc auth {code args} { if {$code=="SQLITE_REINDEX"} { set ::authargs [concat $::authargs $args] } return SQLITE_OK}db authorizer authdo_test auth-1.281 { execsql { CREATE TABLE t3(a PRIMARY KEY, b, c); CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY); CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE); }} {}do_test auth-1.282 { set ::authargs {} execsql { REINDEX t3_idx1; } set ::authargs} {t3_idx1 {} main {}}do_test auth-1.283 { set ::authargs {} execsql { REINDEX BINARY; } set ::authargs} {t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}}do_test auth-1.284 { set ::authargs {} execsql { REINDEX NOCASE; } set ::authargs} {t3_idx2 {} main {}}do_test auth-1.285 { set ::authargs {} execsql { REINDEX t3; } set ::authargs} {t3_idx2 {} main {} t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}}do_test auth-1.286 { execsql { DROP TABLE t3; }} {}ifcapable tempdb { do_test auth-1.287 { execsql { CREATE TEMP TABLE t3(a PRIMARY KEY, b, c); CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY); CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE); } } {} do_test auth-1.288 { set ::authargs {} execsql { REINDEX temp.t3_idx1; } set ::authargs } {t3_idx1 {} temp {}} do_test auth-1.289 { set ::authargs {} execsql { REINDEX BINARY; } set ::authargs } {t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}} do_test auth-1.290 { set ::authargs {} execsql { REINDEX NOCASE; } set ::authargs } {t3_idx2 {} temp {}} do_test auth-1.291 { set ::authargs {} execsql { REINDEX temp.t3; } set ::authargs } {t3_idx2 {} temp {} t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}} proc auth {code args} { if {$code=="SQLITE_REINDEX"} { set ::authargs [concat $::authargs $args] return SQLITE_DENY } return SQLITE_OK } do_test auth-1.292 { set ::authargs {} catchsql { REINDEX temp.t3; } } {1 {not authorized}} do_test auth-1.293 { execsql { DROP TABLE t3; } } {}}} ;# ifcapable reindex ifcapable analyze { proc auth {code args} { if {$code=="SQLITE_ANALYZE"} { set ::authargs [concat $::authargs $args] } return SQLITE_OK } do_test auth-1.294 { set ::authargs {} execsql { CREATE TABLE t4(a,b,c); CREATE INDEX t4i1 ON t4(a); CREATE INDEX t4i2 ON t4(b,a,c); INSERT INTO t4 VALUES(1,2,3); ANALYZE; } set ::authargs } {t4 {} main {}} do_test auth-1.295 { execsql { SELECT count(*) FROM sqlite_stat1; } } 2 proc auth {code args} { if {$code=="SQLITE_ANALYZE"} { set ::authargs [concat $::authargs $args] return SQLITE_DENY } return SQLITE_OK } do_test auth-1.296 { set ::authargs {} catchsql { ANALYZE; } } {1 {not authorized}} do_test auth-1.297 { execsql { SELECT count(*) FROM sqlite_stat1; } } 2} ;# ifcapable analyzedo_test auth-2.1 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} { return SQLITE_DENY } return SQLITE_OK } db authorizer ::auth execsql {CREATE TABLE t3(x INTEGER PRIMARY KEY, y, z)} catchsql {SELECT * FROM t3}} {1 {access to t3.x is prohibited}}do_test auth-2.1 { catchsql {SELECT y,z FROM t3}} {0 {}}do_test auth-2.2 { catchsql {SELECT ROWID,y,z FROM t3}} {1 {access to t3.x is prohibited}}do_test auth-2.3 { catchsql {SELECT OID,y,z FROM t3}} {1 {access to t3.x is prohibited}}do_test auth-2.4 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} { return SQLITE_IGNORE } return SQLITE_OK } execsql {INSERT INTO t3 VALUES(44,55,66)} catchsql {SELECT * FROM t3}} {0 {{} 55 66}}do_test auth-2.5 { catchsql {SELECT rowid,y,z FROM t3}} {0 {{} 55 66}}do_test auth-2.6 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="ROWID"} { return SQLITE_IGNORE } return SQLITE_OK } catchsql {SELECT * FROM t3}} {0 {44 55 66}}do_test auth-2.7 { catchsql {SELECT ROWID,y,z FROM t3}} {0 {44 55 66}}do_test auth-2.8 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} { return SQLITE_IGNORE } return SQLITE_OK } catchsql {SELECT ROWID,b,c FROM t2}} {0 {{} 2 33 {} 8 9}}do_test auth-2.9.1 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} { return bogus } return SQLITE_OK } catchsql {SELECT ROWID,b,c FROM t2}} {1 {illegal return value (999) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}do_test auth-2.9.2 { db errorcode} {1}do_test auth-2.10 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_SELECT"} { return bogus } return SQLITE_OK } catchsql {SELECT ROWID,b,c FROM t2}} {1 {illegal return value (1) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}do_test auth-2.11.1 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg2=="a"} { return SQLITE_IGNORE } return SQLITE_OK } catchsql {SELECT * FROM t2, t3}} {0 {{} 2 33 44 55 66 {} 8 9 44 55 66}}do_test auth-2.11.2 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg2=="x"} { return SQLITE_IGNORE } return SQLITE_OK } catchsql {SELECT * FROM t2, t3}} {0 {11 2 33 {} 55 66 7 8 9 {} 55 66}}# Make sure the OLD and NEW pseudo-tables of a trigger get authorized.#ifcapable trigger {do_test auth-3.1 { proc auth {code arg1 arg2 arg3 arg4} { return SQLITE_OK } execsql { CREATE TABLE tx(a1,a2,b1,b2,c1,c2); CREATE TRIGGER r1 AFTER UPDATE ON t2 FOR EACH ROW BEGIN INSERT INTO tx VALUES(OLD.a,NEW.a,OLD.b,NEW.b,OLD.c,NEW.c); END; UPDATE t2 SET a=a+1; SELECT * FROM tx; }} {11 12 2 2 33 33 7 8 8 8 9 9}do_test auth-3.2 { proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="c"} { return SQLITE_IGNORE } return SQLITE_OK } execsql { DELETE FROM tx; UPDATE t2 SET a=a+100; SELECT * FROM tx; }} {12 112 2 2 {} {} 8 108 8 8 {} {}}} ;# ifcapable trigger# Make sure the names of views and triggers are passed on on arg4.#ifcapable trigger {do_test auth-4.1 { proc auth {code arg1 arg2 arg3 arg4} { lappend ::authargs $code $arg1 $arg2 $arg3 $arg4 return SQLITE_OK } set authargs {} execsql { UPDATE t2 SET a=a+1; } set authargs} [list \ SQLITE_READ t2 a main {} \ SQLITE_UPDATE t2 a main {} \ SQLITE_INSERT tx {} main r1 \ SQLITE_READ t2 a main r1 \ SQLITE_READ t2 a main r1 \ SQLITE_READ t2 b main r1 \ SQLITE_READ t2 b main r1 \ SQLITE_READ t2 c main r1 \ SQLITE_READ t2 c main r1]}ifcapable {view && trigger} {do_test auth-4.2 { execsql { CREATE VIEW v1 AS SELECT a+b AS x FROM t2; CREATE TABLE v1chng(x1,x2); CREATE TRIGGER r2 INSTEAD OF UPDATE ON v1 BEGIN INSERT INTO v1chng VALUES(OLD.x,NEW.x); END; SELECT * FROM v1; }} {115 117}do_test auth-4.3 { set authargs {} execsql { UPDATE v1 SET x=1 WHERE x=117 } set authargs} [list \ SQLITE_UPDATE v1 x main {} \ SQLITE_READ v1 x main {} \ SQLITE_SELECT {} {} {} v1 \ SQLITE_READ t2 a main v1 \ SQLITE_READ t2 b main v1 \ SQLITE_INSERT v1chng {} main r2 \ SQLITE_READ v1 x main r2 \ SQLITE_READ v1 x main r2]do_test auth-4.4 { execsql { CREATE TRIGGER r3 INSTEAD OF DELETE ON v1 BEGIN INSERT INTO v1chng VALUES(OLD.x,NULL); END; SELECT * FROM v1; }} {115 117}do_test auth-4.5 { set authargs {} execsql { DELETE FROM v1 WHERE x=117 } set authargs} [list \ SQLITE_DELETE v1 {} main {} \ SQLITE_READ v1 x main {} \ SQLITE_SELECT {} {} {} v1 \ SQLITE_READ t2 a main v1 \ SQLITE_READ t2 b main v1 \ SQLITE_INSERT v1chng {} main r3 \ SQLITE_READ v1 x main r3]} ;# ifcapable view && trigger# Ticket #1338: Make sure authentication works in the presence of an AS# clause.#do_test auth-5.1 { proc auth {code arg1 arg2 arg3 arg4} { return SQLITE_OK } execsql { SELECT count(a) AS cnt FROM t4 ORDER BY cnt }} {1}rename proc {}rename proc_real procfinish_test⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -