Mercurial > hg > nginx-tests
view auth_basic.t @ 423:1ac74b568503
Tests: unbreak ssl_password_file.t with upcoming OpenSSL 1.0.2.
The 512-bit keys, as generated by default by "openssl genrsa" in older
versions, are rejected by OpenSSL library built from master branch (and
upcoming OpenSSL 1.0.2). This brokes the test if the "openssl" binary
is old (e.g., system one), but nginx is compiled against new OpenSSL.
Fix is to explicitly generate 2048 bit keys. This is also consistent to
what we generate in other places.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 03 Jul 2014 05:47:37 +0400 |
parents | a9621dbbd0d4 |
children | d5b541a8cf95 |
line wrap: on
line source
#!/usr/bin/perl # (C) Maxim Dounin # Tests for auth basic module. ############################################################################### use warnings; use strict; use Test::More; use MIME::Base64; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; my $t = Test::Nginx->new()->has(qw/http auth_basic/)->plan(19) ->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% daemon off; events { } http { %%TEST_GLOBALS_HTTP%% server { listen 127.0.0.1:8080; server_name localhost; location / { auth_basic "closed site"; auth_basic_user_file %%TESTDIR%%/htpasswd; } } } EOF my $d = $t->testdir(); $t->write_file('index.html', 'SEETHIS'); $t->write_file( 'htpasswd', 'crypt:' . crypt('password', 'salt') . "\n" . 'crypt1:' . crypt('password', '$1$salt$') . "\n" . 'crypt2:' . '$1$' . "\n" . 'apr1:' . '$apr1$salt$Xxd1irWT9ycqoYxGFn4cb.' . "\n" . 'apr12:' . '$apr1$' . "\n" . 'plain:' . '{PLAIN}password' . "\n" . 'ssha:' . '{SSHA}yI6cZwQadOA1e+/f+T+H3eCQQhRzYWx0' . "\n" . 'ssha2:' . '{SSHA}_____wQadOA1e+/f+T+H3eCQQhRzYWx0' . "\n" . 'ssha3:' . '{SSHA}Zm9vCg==' . "\n" . 'sha:' . '{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=' . "\n" . 'sha2:' . '{SHA}_____Mm5Pz8GgiULbPgzG37mj9g=' . "\n" . 'sha3:' . '{SHA}Zm9vCg==' . "\n" ); $t->run(); ############################################################################### like(http_get('/'), qr!401 Unauthorized!ms, 'rejects unathorized'); SKIP: { skip 'no crypt on win32', 5 if $^O eq 'MSWin32'; like(http_get_auth('/', 'crypt', 'password'), qr!SEETHIS!, 'normal crypt'); unlike(http_get_auth('/', 'crypt', '123'), qr!SEETHIS!, 'normal wrong'); like(http_get_auth('/', 'crypt1', 'password'), qr!SEETHIS!, 'crypt $1$ (md5)'); unlike(http_get_auth('/', 'crypt1', '123'), qr!SEETHIS!, 'crypt $1$ wrong'); like(http_get_auth('/', 'crypt2', '1'), qr!401 Unauthorized!, 'crypt $1$ broken'); } like(http_get_auth('/', 'apr1', 'password'), qr!SEETHIS!, 'apr1 md5'); like(http_get_auth('/', 'plain', 'password'), qr!SEETHIS!, 'plain password'); SKIP: { # SHA1 may not be available unless we have OpenSSL skip 'no sha1', 2 unless $t->has_module('--with-http_ssl_module') or $t->has_module('--with-sha1') or $t->has_module('--with-openssl'); like(http_get_auth('/', 'ssha', 'password'), qr!SEETHIS!, 'ssha'); like(http_get_auth('/', 'sha', 'password'), qr!SEETHIS!, 'sha'); } unlike(http_get_auth('/', 'apr1', '123'), qr!SEETHIS!, 'apr1 md5 wrong'); unlike(http_get_auth('/', 'plain', '123'), qr!SEETHIS!, 'plain wrong'); unlike(http_get_auth('/', 'ssha', '123'), qr!SEETHIS!, 'ssha wrong'); unlike(http_get_auth('/', 'sha', '123'), qr!SEETHIS!, 'sha wrong'); like(http_get_auth('/', 'apr12', '1'), qr!401 Unauthorized!, 'apr1 md5 broken'); like(http_get_auth('/', 'ssha2', '1'), qr!401 Unauthorized!, 'ssha broken 1'); like(http_get_auth('/', 'ssha3', '1'), qr!401 Unauthorized!, 'ssha broken 2'); like(http_get_auth('/', 'sha2', '1'), qr!401 Unauthorized!, 'sha broken 1'); like(http_get_auth('/', 'sha3', '1'), qr!401 Unauthorized!, 'sha broken 2'); ############################################################################### sub http_get_auth { my ($url, $user, $password) = @_; my $auth = encode_base64($user . ':' . $password); my $r = http(<<EOF); GET $url HTTP/1.0 Host: localhost Authorization: Basic $auth EOF } ###############################################################################