To make it possible to serve both HTTPS and HTTP-only clients at the same time.
Consistent with web-stomp and web-mqtt plugins.
References #563.
[#156776853]
Add new configuration parameter login_session_timeout.
Add login_session_timeout to whoami response.
Use it as an expiration timeout for auth cookie.
[#157940664]
This character is neither reserved nor unreserved and thus is an unsafe
character according to RFC 1738 and RFC 3986. Therefore it should be
percent-encoded.
Many implementations accept and/or produce URLs with raw `^`. However,
the URI parser in Erlang 21 is strict and will refuse that character.
Therefore, we now percent-encode it in the testsuite.
[#157964874]
The meaning is the same. However, the RFC recommends to use uppercase in
percent-encoded characters. Morever, the new URI normalization in Erlang
21 would transform the percent-encoded characters to uppercase.
And because our `rabbit_web_dispatch_util:relativise()` uses exact
matches, it will consider e.g `%2f` and `%2F` to be different
characters. Therefore when we use Erlang 21, the relative redirection
returned by the management plugin will be different than the one
returned with Erlang 20 if we use lowercase percent-encoded `/`.
Thus the easy fix is to use uppercase.
A better fix would be to improve `relativise()` and the testsuite to
compare percent-decoded components.
[#157964874]
This commit removes a call to xmerl_ucs:from_utf8 which was used
for two purposes: converting the binary payload into an Erlang
Unicode string (a list of integer code points), and validating
that the payload is indeed utf8.
The call was necessary when it was introduced because mochijson
only supported Unicode strings. Nowadays JSON libraries also
support utf8 binaries so converting is not necessary.
The function also starts by doing a binary_to_list/1 call which
creates a lot of garbage and can lead to OOM situations when the
queue is large. We ended up with the payload binary, the temporary
list and the final Unicode string in memory. With this patch we
only ever have the binary in memory and the memory consumption
is divided by more or less 3.
To validate that the payload is utf8 and keep the functionality
intact a small function was added that makes use of the /utf8
binary matching specifier.
Since this was the only xmerl function used in the management
plugin I have also removed xmerl from the LOCAL_DEPS.
I have added a test for the different encodings that can be
requested to make sure that nothing was broken when doing
the change.
(cherry picked from commit 6a08e3d1f8)
Administrator should be able to restart vhosts if they believe
it can be recovered.
Added buttons to vhost status tables and
the new HTTP API endpoint: /vhosts/:vhost/start/:node
Part of rabbitmq/rabbitmq-server#1321
[#149484305]
This way an administrator without any permissions can access every form
on pages such as user permission management. Some users and RabbitMQ team
members administrators should have unconditional access to all vhosts.
Closes#461 as well as a number of similar issues.
DELETE with a payload doesn't have prescribed semantics and at least
older version of the HTTP spec prescribe that the request uri should
full identify the resource to be deleted.
This change introduces a /users/bulk-delete resource to which we POST the
users that are to be deleted.
[#149484991]
When specified, hostname, port, username and password
are taken from the URI. URI path is intentionally ignored
because AMQP(S) URIs use path to configure target virtual host
but HTTP APIs typically use URI paths to specify an endpoint
prefix (--path-prefix in rabbitmqadmin).
To avoid confusion we log a warning and ask the user to
specify --vhost and/or --path-prefix explicitly.
Closes#437.
This is a temporary measure.
Since rabbitmq/rabbitmq-server@0872a15a05,
`total` has no relationship with the other counters: total is the
resident memory footprint of the OS process (so pages in physical
memory), but the other counters are based on what was actually
allocated. Those counters should be compared to the total reported by
erlang:memory() instead.
* This is a valid case for environments where external
authn mechanisms (x509 certificates) or backends (e.g. HTTP) are used.
* We already allow this for existing users.
Closes#383.
Validation code in place, how to display?
Take existing queue count into consideration
Server-side validation takes existing queue count into consideration. Improve error message sent back to web application.
Improve messaging, remove unused template
Take existing queues into account when importing definitions for all vhosts. Fix test suite.
... instead of polling it once after 200 ms. This was failing from time
to time because of that timer:sleep() was sometimes too short.
Signed-off-by: Karl Nilsson <knilsson@pivotal.io>
This header is required for its `amqp_msg` record.
rabbit_framing.hrl should be included too, for all the AMQP method
records, but it is already included from amqp_client.hrl and
rabbit_framing.hrl doesn't protect itself against multiple inclusions.
This commit fixes the build of the testsuite after the move of
rabbit_mgmt_test.hrl to rabbitmq-ct-helpers.
Reversing initial fix in 47a5ea7b1c
Usages of `with_decode` closed over the ReqData and returned the
instance before the bode decode. This had the effect of causing an error
after a POST or PUT request had been issues on the same keep-alive
connection.
Samples didn't match averages as were reporting total times. Also,
rates do not make sense on time per operation so are all replaced
by the average.
rabbitmq-management#384
[#144393857]
One of the low-hanging fruits in HTTP API optimization.
E.g. serializing information about 10000 queues:
- For JSON it takes 2 seconds on my machine and more than 1GB of RAM
- For BERT it takes 0.2 seconds and negligible amount of RAM
... instead of using binary_to_list() on <<<"ööö"/utf8>>.
Erlang R16B03 took the "ö" individual bytes (from the two-byte encoded
UTF-8 character) and converted them to UTF-8. The queue was created with
the correct name because the correct UTF-8 string was passed to Python
and later to the management API. But because of the wrong conversion of
the expected queue name, the verification failed.
`>` is unallowed in URI path segments according to RFC 3986. This
character must be percent-encoded.
Newer versions of Cowboy are stricter about this.
[#136779967]
(cherry picked from commit 85128761eb)
We must use `-include().` for a local file, not `-include_lib().`. Also,
fix the path to the header itself.
Reported by Syntastic.
(cherry picked from commit e09f94efc9)
`>` is unallowed in URI path segments according to RFC 3986. This
character must be percent-encoded.
Newer versions of Cowboy are stricter about this.
[#136779967]
Previously when no password or password hash were provided, a user with
generated credentials was created with the intent to later update
the user's credentials. Should anything fail after that, the user record
would be "leaked." The tests we had turned a blind eye on that scenario.
Credentials are never sent with preflight requests, and preflight
requests are only accepted if they return successfully (eg 200).
We returned a 401 when credentials were missing so browsers rejected
the response.
Credentials are never sent with preflight requests, and preflight
requests are only accepted if they return successfully (eg 200).
We returned a 401 when credentials were missing so browsers rejected
the response.
Two new options: cors_allow_origins and cors_max_age.
* cors_allow_origins: list of origins allowed, for example
["http://rabbitmq.com", "http://pivotal.com"];
or ["*"] to allow everything.
* cors_max_age: time in seconds that clients may cache
preflight requests. It defaults to 30 minutes.
This also fixes an issue with compressed replies where
"accept-encoding" was not added to the "vary" header.
(cherry picked from commit d10ed61736)
As part of a push to reduce the number of dependencies from the
RabbitMQ project, the management plugin needed to be converted
from Webmachine to Cowboy REST.
Most of this commit is about the conversion from Webmachine to
Cowboy. The main differences are in the POST handling where Cowboy
and Webmachine differ, but also in the conversion from string to
binary as Webmachine uses the former and Cowboy the latter.
The logging mechanism has been moved to the Web Dispatch plugin.
The mochiweb_util has been added for now, as it is currently still
required for some functionality missing from Cowboy. It can be
refactored out in the future.
The responses to POST and PUT requests may give a different result
under Cowboy compared to Webmachine. In particular, where Webmachine
used to return 204 No Content for all PUT requests, Cowboy may
return either 201 Created or 204 No Content. The test suite had to
be heavily updated to take this into account, but most clients will
have no problem with it since they only check for 2xx. And more
information can be considered a definite improvement.
(cherry picked from commit 242843ac9c)
Squashed commit of the following:
commit b104a7f84474e247dfef27cd389d6fac554ab634
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Thu Jun 23 18:14:28 2016 +0300
Finish migration to CT
Note: this intentionally deletes several tests that depend on ETS
table state and clash with "real" stats GC processes running in parallel.
Some of them are covered in other test suites, e.g. rabbit-hole, others
can only really be tested with a separate simulation test suite.
Per discussion with the team.
commit 7585883e0f9432fd3360d18d340bcf599ad8d51f
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Thu Jun 23 15:50:53 2016 +0300
Down to 3 failing tests
commit 3243f0efed7033229803404a431c1c6404c25677
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Tue Jun 21 01:02:42 2016 +0300
Attempts to simplify a few tests for CT
commit 997c2b3782b4ce38708658dc90883980a267a461
Merge: 122c7b7 0ce4f6b
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Fri Jun 17 14:45:06 2016 +0300
Merge branch 'stable' into common_test
commit 122c7b7116778e9aff244822933eaf95567dc59d
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Thu Jun 16 18:19:28 2016 +0300
Begin porting test_db_SUITE
commit 872f3e82966999cebd8ba966daac9410badaca09
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Thu Jun 16 13:54:34 2016 +0300
Makes clustering_SUITE pass
commit c8d6c89bda6e7571877221ed6b2513e53b1ebc46
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Thu Jun 16 03:48:54 2016 +0300
Towards clustering_SUITE
commit 7fcb6c834039d6cdf15371ce8640f6dfd9bdf939
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Thu Jun 16 02:59:24 2016 +0300
Initial clustering_SUITE test passes
commit 11205579e86bad4563e027d025b94f0e57ee8386
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Thu Jun 16 02:59:12 2016 +0300
Add mochiweb to test dependencies
commit 895ff82e6e6567336c2ac56532f82427a2c4f705
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Thu Jun 16 01:09:46 2016 +0300
Refactor
commit 6d9200cc8516ee5ea0676fbb0e9b3c88fb2a40a7
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Thu Jun 16 00:55:08 2016 +0300
open_unmanaged_connection/1 is now available in rabbit_ct_client_helpers
commit 40d03cd2fa2a6bc1d4c7c4a1eeb332c5182e1317
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Wed Jun 15 23:51:31 2016 +0300
All http_SUITE tests now pass
commit 81e08ef36a08884c02fabd51662018751035b5b6
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Wed Jun 15 17:12:27 2016 +0300
More tests pass with Common Test
commit aaea771db14624df0db944b4c4d0eb42191fb961
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Tue Jun 14 17:41:09 2016 +0300
Continue adapting to Common Test
commit 0a57f3256a828a835ce44ef02b2e93a3cfe34ccf
Author: Michael Klishin <michael@clojurewerkz.org>
Date: Tue Jun 14 15:28:19 2016 +0300
Begin moving test suite to Common Test
Two new options: cors_allow_origins and cors_max_age.
* cors_allow_origins: list of origins allowed, for example
["http://rabbitmq.com", "http://pivotal.com"];
or ["*"] to allow everything.
* cors_max_age: time in seconds that clients may cache
preflight requests. It defaults to 30 minutes.
This also fixes an issue with compressed replies where
"accept-encoding" was not added to the "vary" header.
Two new options: cors_allow_origins and cors_max_age.
* cors_allow_origins: list of origins allowed, for example
["http://rabbitmq.com", "http://pivotal.com"];
or ["*"] to allow everything.
* cors_max_age: time in seconds that clients may cache
preflight requests. It defaults to 30 minutes.
Michael Klishin
John W Higgins
Daniil Fedotov
Michael Klishin
Diana Corbacho
Michael Klishin
kjnilsson
Gerhard Lazu
Luke Bakken
Jean-Sébastien Pédron
Loïc Hoguin
Luke Bakken
Daniil Fedotov
Daniil Fedotov
Karl Nilsson
Jean-Sébastien Pédron
Gabriele Santomaggio
Alexey Lebedeff
Gerhard Lazu
Arnaud Cogoluègnes
Diana Corbacho