You are viewing a plain text version of this content. The canonical link for it is here.
Posted to test-cvs@httpd.apache.org by ge...@apache.org on 2004/10/14 20:26:03 UTC
cvs commit: httpd-test/perl-framework/t/modules digest.t
geoff 2004/10/14 11:26:03
Modified: perl-framework/t/conf extra.conf.in
Added: perl-framework/t/modules digest.t
Log:
AuthDigestEnableQueryStringHack tests I had sitting around
Revision Changes Path
1.53 +23 -0 httpd-test/perl-framework/t/conf/extra.conf.in
Index: extra.conf.in
===================================================================
RCS file: /home/cvs/httpd-test/perl-framework/t/conf/extra.conf.in,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- extra.conf.in 12 Oct 2004 13:53:41 -0000 1.52
+++ extra.conf.in 14 Oct 2004 18:26:03 -0000 1.53
@@ -396,6 +396,29 @@
</Directory>
##
+## Digest test config
+##
+<IfDefine APACHE2>
+ <IfModule mod_auth_digest.c>
+ Alias /digest @DocumentRoot@
+ <Location /digest>
+ Require valid-user
+ AuthType Digest
+ AuthName realm1
+ # 2.0
+ <IfModule mod_auth.c>
+ AuthDigestFile realm1
+ </IfModule>
+ # 2.1
+ <IfModule mod_authn_file.c>
+ AuthUserFile realm1
+ </IfModule>
+ </Location>
+ SetEnvIf X-Browser "MSIE" AuthDigestEnableQueryStringHack=On
+ </IfModule>
+</IfDefine>
+
+##
## ErrorDocument handling
## create it's own virtual host so it doesn't interfere
## with other tests for 404 messages
1.1 httpd-test/perl-framework/t/modules/digest.t
Index: digest.t
===================================================================
use strict;
use warnings FATAL => 'all';
use Apache::Test;
use Apache::TestRequest;
use Apache::TestUtil qw(t_cmp t_write_file);
use File::Spec;
plan tests => 13, need need_lwp,
need_module('mod_auth_digest'),
need_min_apache_version('2.0.51');
my ($no_query_auth, $query_auth, $bad_query);
# write out the authentication file
my $file = File::Spec->catfile(Apache::Test::vars('serverroot'), 'realm1');
t_write_file($file, <DATA>);
my $url = '/digest/index.html';
my $query = 'try=til%7Ede';
{
my $response = GET $url;
ok t_cmp($response->code,
401,
'no user to authenticate');
}
{
# bad pass
my $response = GET $url,
username => 'user1', password => 'foo';
ok t_cmp($response->code,
401,
'user1:foo not found');
}
{
# authenticated
my $response = GET $url,
username => 'user1', password => 'password1';
ok t_cmp($response->code,
200,
'user1:password1 found');
# set up for later
$no_query_auth = $response->request->headers->authorization;
}
# now that we know normal digest auth works, play with the query string
{
# add a query string
my $response = GET "$url?$query",
username => 'user1', password => 'password1';
ok t_cmp($response->code,
200,
'user1:password1 with query string found');
# set up for later
$query_auth = $response->request->headers->authorization;
}
{
# do the auth header ourselves
my $response = GET "$url?$query", Authorization => $query_auth;
ok t_cmp($response->code,
200,
'manual Authorization header query string');
}
{
# remove the query string from the uri - bang!
(my $noquery = $query_auth) =~ s!$query!!;
my $response = GET "$url?$query",
Authorization => $noquery;
ok t_cmp($response->code,
400,
'manual Authorization with no query string in header');
}
{
# same with changing the query string in the header
($bad_query = $query_auth) =~ s!$query!something=else!;
my $response = GET "$url?$query",
Authorization => $bad_query;
ok t_cmp($response->code,
400,
'manual Authorization header with mismatched query string');
}
{
# another mismatch
my $response = GET $url,
Authorization => $query_auth;
ok t_cmp($response->code,
400,
'manual Authorization header with mismatched query string');
}
# finally, the MSIE tests
{
# fake current MSIE behavior - this should work as of 2.0.51
my $response = GET "$url?$query",
Authorization => $no_query_auth,
'X-Browser' => 'MSIE';
ok t_cmp($response->code,
200,
'manual Authorization with no query string in header + MSIE');
}
{
# pretend MSIE fixed itself
my $response = GET "$url?$query",
username => 'user1', password => 'password1',
'X-Browser' => 'MSIE';
ok t_cmp($response->code,
200,
'a compliant response coming from MSIE');
}
{
# this still bombs
my $response = GET "$url?$query",
Authorization => $bad_query,
'X-Browser' => 'MSIE';
ok t_cmp($response->code,
400,
'manual Authorization header with mismatched query string + MSIE');
}
{
# as does this
my $response = GET $url,
Authorization => $query_auth,
'X-Browser' => 'MSIE';
ok t_cmp($response->code,
400,
'manual Authorization header with mismatched query string + MSIE');
}
{
# no hack required
my $response = GET $url,
username => 'user1', password => 'password1',
'X-Browser' => 'MSIE';
ok t_cmp($response->code,
200,
'no query string + MSIE');
}
__DATA__
# user1/password1
user1:realm1:4b5df5ee44449d6b5fbf026a7756e6ee