tests/mod-auth.t

   1 #!/usr/bin/env perl
   2 BEGIN {
   3         # add current source dir to the include-path
   4         # we need this for make distcheck
   5         (my $srcdir = $0) =~ s,/[^/]+$,/,;
   6         unshift @INC, $srcdir;
   7 }
   8
   9 use strict;
  10 use IO::Socket;
  11 use Test::More tests => 20;
  12 use LightyTest;
  13
  14 my $tf = LightyTest->new();
  15 my $t;
  16
  17 ok($tf->start_proc == 0, "Starting lighttpd") or die();
  18
  19 $t->{REQUEST}  = ( <<EOF
  20 GET /server-status HTTP/1.0
  21 EOF
  22  );
  23 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
  24 ok($tf->handle_http($t) == 0, 'Missing Auth-token');
  25
  26 $t->{REQUEST}  = ( <<EOF
  27 GET /server-config HTTP/1.0
  28 Authorization: Basic \x80mFuOmphb
  29 EOF
  30  );
  31 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
  32 ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token');
  33
  34 $t->{REQUEST}  = ( <<EOF
  35 GET /server-config HTTP/1.0
  36 Authorization: Basic bm90Oml0Cg==
  37 EOF
  38  );
  39 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
  40 ok($tf->handle_http($t) == 0, 'Basic-Auth: Wrong Auth-token');
  41
  42 $t->{REQUEST}  = ( <<EOF
  43 GET /server-config HTTP/1.0
  44 Authorization: Basic amFuOmphbg==
  45 EOF
  46  );
  47 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  48 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - plain');
  49
  50 $t->{REQUEST}  = ( <<EOF
  51 GET /server-config HTTP/1.0
  52 Host: auth-htpasswd.example.org
  53 Authorization: Basic ZGVzOmRlcw==
  54 EOF
  55  );
  56 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  57 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des)');
  58
  59 $t->{REQUEST}  = ( <<EOF
  60 GET /server-config HTTP/1.0
  61 Host: auth-htpasswd.example.org
  62 Authorization: basic ZGVzOmRlcw==
  63 EOF
  64  );
  65 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  66 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des) (lowercase)');
  67
  68 $t->{REQUEST}  = ( <<EOF
  69 GET /server-config HTTP/1.0
  70 Host: auth-htpasswd.example.org
  71 Authorization: Basic c2hhOnNoYQ==
  72 EOF
  73  );
  74 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  75 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (sha)');
  76
  77 $t->{REQUEST}  = ( <<EOF
  78 GET /server-config HTTP/1.0
  79 Host: auth-htpasswd.example.org
  80 Authorization: Basic c2hhOnNoYg==
  81 EOF
  82  );
  83 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
  84 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (sha, wrong password)');
  85
  86 $t->{REQUEST}  = ( <<EOF
  87 GET /server-config HTTP/1.0
  88 Host: auth-htpasswd.example.org
  89 Authorization: Basic YXByLW1kNTphcHItbWQ1
  90 EOF
  91  );
  92 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  93 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (apr-md5)');
  94
  95 $t->{REQUEST}  = ( <<EOF
  96 GET /server-config HTTP/1.0
  97 Host: auth-htpasswd.example.org
  98 Authorization: Basic YXByLW1kNTphcHItbWQ2
  99 EOF
 100  );
 101 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
 102 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (apr-md5, wrong password)');
 103
 104 SKIP: {
 105         skip "no crypt-md5 under cygwin", 1 if $^O eq 'cygwin';
 106         skip "no crypt-md5 under darwin", 1 if $^O eq 'darwin';
 107 $t->{REQUEST}  = ( <<EOF
 108 GET /server-config HTTP/1.0
 109 Host: auth-htpasswd.example.org
 110 Authorization: Basic bWQ1Om1kNQ==
 111 EOF
 112  );
 113 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
 114 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (crypt-md5)');
 115 }
 116
 117 $t->{REQUEST}  = ( <<EOF
 118 GET /server-config HTTP/1.0
 119 Authorization: Basic bWQ1Om1kNA==
 120 EOF
 121  );
 122 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
 123 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token');
 124
 125 ## this should not crash
 126 $t->{REQUEST}  = ( <<EOF
 127 GET /server-status HTTP/1.0
 128 User-Agent: Wget/1.9.1
 129 Authorization: Digest username="jan", realm="jan", nonce="9a5428ccc05b086a08d918e73b01fc6f",
 130                 uri="/server-status", response="ea5f7d9a30b8b762f9610ccb87dea74f"
 131 EOF
 132  );
 133 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
 134 ok($tf->handle_http($t) == 0, 'Digest-Auth: missing qop, no crash');
 135
 136 # (Note: test case is invalid; mismatch between request line and uri="..."
 137 #  is not what is intended to be tested here, but that is what is invalid)
 138 # https://redmine.lighttpd.net/issues/477
 139 ## this should not crash
 140 $t->{REQUEST}  = ( <<EOF
 141 GET /server-status HTTP/1.0
 142 User-Agent: Wget/1.9.1
 143 Authorization: Digest username="jan", realm="jan",
 144         nonce="b1d12348b4620437c43dd61c50ae4639",
 145         uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001",
 146         cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7",
 147         response="29B32C2953C763C6D033C8A49983B87E"
 148 EOF
 149  );
 150 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
 151 ok($tf->handle_http($t) == 0, 'Digest-Auth: missing nc (noncecount instead), no crash');
 152
 153 $t->{REQUEST}  = ( <<EOF
 154 GET /server-config HTTP/1.0
 155 Authorization: Basic =
 156 EOF
 157  );
 158 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
 159 ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid Base64');
 160
 161 $t->{REQUEST}  = ( <<EOF
 162 GET /server-status HTTP/1.0
 163 Authorization: Digest username="jan", realm="download archiv",
 164         nonce="b3b26457000000003a9b34a3cd56d26e48a52a498ac9765d4b",
 165         uri="/server-status", qop=auth, nc=00000001,
 166         algorithm="md5-sess", response="049b000fb00ab51dddea6f093a96aa2e"
 167 EOF
 168  );
 169 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
 170 ok($tf->handle_http($t) == 0, 'Digest-Auth: md5-sess + missing cnonce');
 171
 172  $t->{REQUEST}  = ( <<EOF
 173 GET /server-status HTTP/1.0
 174 Authorization: Digest username="jan", realm="download archiv",
 175         nonce="b3b26457000000003a9b34a3cd56d26e48a52a498ac9765d4b",
 176         uri="/server-status", qop=auth, nc=00000001, cnonce="65ee1b37",
 177         algorithm="md5", response="049b000fb00ab51dddea6f093a96aa2e"
 178 EOF
 179   );
 180 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401, 'WWW-Authenticate' => '/, stale=true$/' } ];
 181 ok($tf->handle_http($t) == 0, 'Digest-Auth: stale nonce');
 182
 183 $t->{REQUEST}  = ( <<EOF
 184 GET /server-status HTTP/1.0
 185 Authorization: Digest username="jan", realm="download archiv",
 186         nonce="b3b26457000000003a9b34a3cd56d26e48a52a498ac9765d4b",
 187         uri="/server-status", qop=auth, nc=00000001, cnonce="65ee1b37",
 188         algorithm="md5", response="049b000fb00ab51dddea6f093a96aa2e"
 189 EOF
 190  ); # note: trailing whitespace at end of request line above is intentional
 191 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401, 'WWW-Authenticate' => '/, stale=true$/' } ];
 192 ok($tf->handle_http($t) == 0, 'Digest-Auth: trailing WS, stale nonce');
 193
 194
 195
 196 ok($tf->stop_proc == 0, "Stopping lighttpd");
 197