# HG changeset patch # User Maxim Dounin # Date 1344617503 -14400 # Node ID 9969fcf1f27ec163bf09adf4c4d01c1d8e35197b # Parent 5c9e43547b719b91c60b90826772e624139d8ed9 Tests: corrupted password entries tests. diff --git a/auth_basic.t b/auth_basic.t --- a/auth_basic.t +++ b/auth_basic.t @@ -23,7 +23,7 @@ use Test::Nginx; select STDERR; $| = 1; select STDOUT; $| = 1; -my $t = Test::Nginx->new()->has(qw/http auth_basic/)->plan(11) +my $t = Test::Nginx->new()->has(qw/http auth_basic/)->plan(15) ->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% @@ -57,9 +57,13 @@ my $d = $t->testdir(); 'htpasswd', 'crypt:' . crypt('password', 'salt') . "\n" . 'crypt1:' . crypt('password', '$1$salt$') . "\n" . + 'crypt2:' . '$1$' . "\n" . 'apr1:' . '$apr1$salt$Xxd1irWT9ycqoYxGFn4cb.' . "\n" . + 'apr12:' . '$apr1$' . "\n" . 'plain:' . '{PLAIN}password' . "\n" . - 'ssha:' . '{SSHA}yI6cZwQadOA1e+/f+T+H3eCQQhRzYWx0' . "\n" + 'ssha:' . '{SSHA}yI6cZwQadOA1e+/f+T+H3eCQQhRzYWx0' . "\n" . + 'ssha2:' . '{SSHA}_____wQadOA1e+/f+T+H3eCQQhRzYWx0' . "\n" . + 'ssha3:' . '{SSHA}Zm9vCg==' . "\n" ); $t->run(); @@ -78,6 +82,9 @@ unlike(http_get_auth('/', 'crypt', '123' like(http_get_auth('/', 'crypt1', 'password'), qr!SEETHIS!, 'crypt $1$ (md5)'); unlike(http_get_auth('/', 'crypt1', '123'), qr!SEETHIS!, 'crypt $1$ wrong'); +like(http_get_auth('/', 'crypt2', '1'), qr!401 Unauthorized!, + 'crypt $1$ broken'); + } like(http_get_auth('/', 'apr1', 'password'), qr!SEETHIS!, 'apr1 md5'); @@ -97,6 +104,17 @@ unlike(http_get_auth('/', 'apr1', '123') unlike(http_get_auth('/', 'plain', '123'), qr!SEETHIS!, 'plain wrong'); unlike(http_get_auth('/', 'ssha', '123'), qr!SEETHIS!, 'ssha wrong'); +like(http_get_auth('/', 'apr12', '1'), qr!401 Unauthorized!, 'apr1 md5 broken'); + +SKIP: { +skip 'unsafe', 2 unless $ENV{TEST_NGINX_UNSAFE}; +local $TODO = 'not yet'; + +like(http_get_auth('/', 'ssha2', '1'), qr!401 Unauthorized!, 'ssha broken 1'); +like(http_get_auth('/', 'ssha3', '1'), qr!401 Unauthorized!, 'ssha broken 2'); + +} + ############################################################################### sub http_get_auth {