Mercurial > hg > nginx-tests
comparison auth_basic.t @ 229:9969fcf1f27e
Tests: corrupted password entries tests.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 10 Aug 2012 20:51:43 +0400 |
| parents | f9325406df0b |
| children | 8d58b624a142 |
comparison
equal
deleted
inserted
replaced
| 228:5c9e43547b71 | 229:9969fcf1f27e |
|---|---|
| 21 ############################################################################### | 21 ############################################################################### |
| 22 | 22 |
| 23 select STDERR; $| = 1; | 23 select STDERR; $| = 1; |
| 24 select STDOUT; $| = 1; | 24 select STDOUT; $| = 1; |
| 25 | 25 |
| 26 my $t = Test::Nginx->new()->has(qw/http auth_basic/)->plan(11) | 26 my $t = Test::Nginx->new()->has(qw/http auth_basic/)->plan(15) |
| 27 ->write_file_expand('nginx.conf', <<'EOF'); | 27 ->write_file_expand('nginx.conf', <<'EOF'); |
| 28 | 28 |
| 29 %%TEST_GLOBALS%% | 29 %%TEST_GLOBALS%% |
| 30 | 30 |
| 31 daemon off; | 31 daemon off; |
| 55 | 55 |
| 56 $t->write_file( | 56 $t->write_file( |
| 57 'htpasswd', | 57 'htpasswd', |
| 58 'crypt:' . crypt('password', 'salt') . "\n" . | 58 'crypt:' . crypt('password', 'salt') . "\n" . |
| 59 'crypt1:' . crypt('password', '$1$salt$') . "\n" . | 59 'crypt1:' . crypt('password', '$1$salt$') . "\n" . |
| 60 'crypt2:' . '$1$' . "\n" . | |
| 60 'apr1:' . '$apr1$salt$Xxd1irWT9ycqoYxGFn4cb.' . "\n" . | 61 'apr1:' . '$apr1$salt$Xxd1irWT9ycqoYxGFn4cb.' . "\n" . |
| 62 'apr12:' . '$apr1$' . "\n" . | |
| 61 'plain:' . '{PLAIN}password' . "\n" . | 63 'plain:' . '{PLAIN}password' . "\n" . |
| 62 'ssha:' . '{SSHA}yI6cZwQadOA1e+/f+T+H3eCQQhRzYWx0' . "\n" | 64 'ssha:' . '{SSHA}yI6cZwQadOA1e+/f+T+H3eCQQhRzYWx0' . "\n" . |
| 65 'ssha2:' . '{SSHA}_____wQadOA1e+/f+T+H3eCQQhRzYWx0' . "\n" . | |
| 66 'ssha3:' . '{SSHA}Zm9vCg==' . "\n" | |
| 63 ); | 67 ); |
| 64 | 68 |
| 65 $t->run(); | 69 $t->run(); |
| 66 | 70 |
| 67 ############################################################################### | 71 ############################################################################### |
| 75 like(http_get_auth('/', 'crypt', 'password'), qr!SEETHIS!, 'normal crypt'); | 79 like(http_get_auth('/', 'crypt', 'password'), qr!SEETHIS!, 'normal crypt'); |
| 76 unlike(http_get_auth('/', 'crypt', '123'), qr!SEETHIS!, 'normal wrong'); | 80 unlike(http_get_auth('/', 'crypt', '123'), qr!SEETHIS!, 'normal wrong'); |
| 77 | 81 |
| 78 like(http_get_auth('/', 'crypt1', 'password'), qr!SEETHIS!, 'crypt $1$ (md5)'); | 82 like(http_get_auth('/', 'crypt1', 'password'), qr!SEETHIS!, 'crypt $1$ (md5)'); |
| 79 unlike(http_get_auth('/', 'crypt1', '123'), qr!SEETHIS!, 'crypt $1$ wrong'); | 83 unlike(http_get_auth('/', 'crypt1', '123'), qr!SEETHIS!, 'crypt $1$ wrong'); |
| 84 | |
| 85 like(http_get_auth('/', 'crypt2', '1'), qr!401 Unauthorized!, | |
| 86 'crypt $1$ broken'); | |
| 80 | 87 |
| 81 } | 88 } |
| 82 | 89 |
| 83 like(http_get_auth('/', 'apr1', 'password'), qr!SEETHIS!, 'apr1 md5'); | 90 like(http_get_auth('/', 'apr1', 'password'), qr!SEETHIS!, 'apr1 md5'); |
| 84 like(http_get_auth('/', 'plain', 'password'), qr!SEETHIS!, 'plain password'); | 91 like(http_get_auth('/', 'plain', 'password'), qr!SEETHIS!, 'plain password'); |
| 95 | 102 |
| 96 unlike(http_get_auth('/', 'apr1', '123'), qr!SEETHIS!, 'apr1 md5 wrong'); | 103 unlike(http_get_auth('/', 'apr1', '123'), qr!SEETHIS!, 'apr1 md5 wrong'); |
| 97 unlike(http_get_auth('/', 'plain', '123'), qr!SEETHIS!, 'plain wrong'); | 104 unlike(http_get_auth('/', 'plain', '123'), qr!SEETHIS!, 'plain wrong'); |
| 98 unlike(http_get_auth('/', 'ssha', '123'), qr!SEETHIS!, 'ssha wrong'); | 105 unlike(http_get_auth('/', 'ssha', '123'), qr!SEETHIS!, 'ssha wrong'); |
| 99 | 106 |
| 107 like(http_get_auth('/', 'apr12', '1'), qr!401 Unauthorized!, 'apr1 md5 broken'); | |
| 108 | |
| 109 SKIP: { | |
| 110 skip 'unsafe', 2 unless $ENV{TEST_NGINX_UNSAFE}; | |
| 111 local $TODO = 'not yet'; | |
| 112 | |
| 113 like(http_get_auth('/', 'ssha2', '1'), qr!401 Unauthorized!, 'ssha broken 1'); | |
| 114 like(http_get_auth('/', 'ssha3', '1'), qr!401 Unauthorized!, 'ssha broken 2'); | |
| 115 | |
| 116 } | |
| 117 | |
| 100 ############################################################################### | 118 ############################################################################### |
| 101 | 119 |
| 102 sub http_get_auth { | 120 sub http_get_auth { |
| 103 my ($url, $user, $password) = @_; | 121 my ($url, $user, $password) = @_; |
| 104 | 122 |