summaryrefslogtreecommitdiff
path: root/data/lighttpd/lighttpd-1.4.53/tests/mod-auth.t
diff options
context:
space:
mode:
Diffstat (limited to 'data/lighttpd/lighttpd-1.4.53/tests/mod-auth.t')
-rwxr-xr-xdata/lighttpd/lighttpd-1.4.53/tests/mod-auth.t198
1 files changed, 198 insertions, 0 deletions
diff --git a/data/lighttpd/lighttpd-1.4.53/tests/mod-auth.t b/data/lighttpd/lighttpd-1.4.53/tests/mod-auth.t
new file mode 100755
index 000000000..55719b113
--- /dev/null
+++ b/data/lighttpd/lighttpd-1.4.53/tests/mod-auth.t
@@ -0,0 +1,198 @@
+#!/usr/bin/env perl
+BEGIN {
+ # add current source dir to the include-path
+ # we need this for make distcheck
+ (my $srcdir = $0) =~ s,/[^/]+$,/,;
+ unshift @INC, $srcdir;
+}
+
+use strict;
+use IO::Socket;
+use Test::More tests => 20;
+use LightyTest;
+
+my $tf = LightyTest->new();
+my $t;
+
+$tf->{CONFIGFILE} = 'mod-auth.conf';
+ok($tf->start_proc == 0, "Starting lighttpd") or die();
+
+$t->{REQUEST} = ( <<EOF
+GET /server-status HTTP/1.0
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
+ok($tf->handle_http($t) == 0, 'Missing Auth-token');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-config HTTP/1.0
+Authorization: Basic \x80mFuOmphb
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-config HTTP/1.0
+Authorization: Basic bm90Oml0Cg==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Wrong Auth-token');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-config HTTP/1.0
+Authorization: Basic amFuOmphbg==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - plain');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: Basic ZGVzOmRlcw==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des)');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: basic ZGVzOmRlcw==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des) (lowercase)');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: Basic c2hhOnNoYQ==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (sha)');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: Basic c2hhOnNoYg==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (sha, wrong password)');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: Basic YXByLW1kNTphcHItbWQ1
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (apr-md5)');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: Basic YXByLW1kNTphcHItbWQ2
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (apr-md5, wrong password)');
+
+SKIP: {
+ skip "no crypt-md5 under cygwin", 1 if $^O eq 'cygwin';
+ skip "no crypt-md5 under darwin", 1 if $^O eq 'darwin';
+$t->{REQUEST} = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: Basic bWQ1Om1kNQ==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (crypt-md5)');
+}
+
+$t->{REQUEST} = ( <<EOF
+GET /server-config HTTP/1.0
+Authorization: Basic bWQ1Om1kNA==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token');
+
+## this should not crash
+$t->{REQUEST} = ( <<EOF
+GET /server-status HTTP/1.0
+User-Agent: Wget/1.9.1
+Authorization: Digest username="jan", realm="jan", nonce="9a5428ccc05b086a08d918e73b01fc6f",
+ uri="/server-status", response="ea5f7d9a30b8b762f9610ccb87dea74f"
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
+ok($tf->handle_http($t) == 0, 'Digest-Auth: missing qop, no crash');
+
+# (Note: test case is invalid; mismatch between request line and uri="..."
+# is not what is intended to be tested here, but that is what is invalid)
+# https://redmine.lighttpd.net/issues/477
+## this should not crash
+$t->{REQUEST} = ( <<EOF
+GET /server-status HTTP/1.0
+User-Agent: Wget/1.9.1
+Authorization: Digest username="jan", realm="jan",
+ nonce="b1d12348b4620437c43dd61c50ae4639",
+ uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001",
+ cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7",
+ response="29B32C2953C763C6D033C8A49983B87E"
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
+ok($tf->handle_http($t) == 0, 'Digest-Auth: missing nc (noncecount instead), no crash');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-config HTTP/1.0
+Authorization: Basic =
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid Base64');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-status HTTP/1.0
+Authorization: Digest username="jan", realm="download archiv",
+ nonce="b3b26457000000003a9b34a3cd56d26e48a52a498ac9765d4b",
+ uri="/server-status", qop=auth, nc=00000001,
+ algorithm="md5-sess", response="049b000fb00ab51dddea6f093a96aa2e"
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
+ok($tf->handle_http($t) == 0, 'Digest-Auth: md5-sess + missing cnonce');
+
+ $t->{REQUEST} = ( <<EOF
+GET /server-status HTTP/1.0
+Authorization: Digest username="jan", realm="download archiv",
+ nonce="b3b26457000000003a9b34a3cd56d26e48a52a498ac9765d4b",
+ uri="/server-status", qop=auth, nc=00000001, cnonce="65ee1b37",
+ algorithm="md5", response="049b000fb00ab51dddea6f093a96aa2e"
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401, 'WWW-Authenticate' => '/, stale=true$/' } ];
+ok($tf->handle_http($t) == 0, 'Digest-Auth: stale nonce');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-status HTTP/1.0
+Authorization: Digest username="jan", realm="download archiv",
+ nonce="b3b26457000000003a9b34a3cd56d26e48a52a498ac9765d4b",
+ uri="/server-status", qop=auth, nc=00000001, cnonce="65ee1b37",
+ algorithm="md5", response="049b000fb00ab51dddea6f093a96aa2e"
+EOF
+ ); # note: trailing whitespace at end of request line above is intentional
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401, 'WWW-Authenticate' => '/, stale=true$/' } ];
+ok($tf->handle_http($t) == 0, 'Digest-Auth: trailing WS, stale nonce');
+
+
+
+ok($tf->stop_proc == 0, "Stopping lighttpd");
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 06:37:54 +0000