Mercurial > hg > ngx_http_auth_request_module
annotate t/auth_request.t @ 15:3ba414c109d5
Auth request: require auth_request in tests.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 23 Jul 2013 18:32:00 +0400 |
parents | 83bb29f1b173 |
children |
rev | line source |
---|---|
0 | 1 #!/usr/bin/perl |
2 | |
3 # (C) Maxim Dounin | |
4 | |
5 # Tests for auth request module. | |
6 | |
7 ############################################################################### | |
8 | |
9 use warnings; | |
10 use strict; | |
11 | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
12 use Socket qw/ CRLF /; |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
13 |
0 | 14 use Test::More; |
15 use Test::Nginx; | |
16 | |
17 ############################################################################### | |
18 | |
19 select STDERR; $| = 1; | |
20 select STDOUT; $| = 1; | |
21 | |
15
3ba414c109d5
Auth request: require auth_request in tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
13
diff
changeset
|
22 my $t = Test::Nginx->new() |
3ba414c109d5
Auth request: require auth_request in tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
13
diff
changeset
|
23 ->has(qw/http rewrite proxy fastcgi auth_basic auth_request/) |
10
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
24 ->plan(18); |
0 | 25 |
26 $t->write_file_expand('nginx.conf', <<'EOF'); | |
27 | |
6
70f3d876b569
Auth request: use test globals.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
28 %%TEST_GLOBALS%% |
70f3d876b569
Auth request: use test globals.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
29 |
0 | 30 master_process off; |
31 daemon off; | |
32 | |
33 events { | |
34 } | |
35 | |
36 http { | |
37 %%TEST_GLOBALS_HTTP%% | |
38 | |
39 server { | |
40 listen 127.0.0.1:8080; | |
41 server_name localhost; | |
42 | |
43 location / { | |
44 return 444; | |
45 } | |
46 | |
47 location /open { | |
48 auth_request /auth-open; | |
49 } | |
50 location = /auth-open { | |
51 return 204; | |
52 } | |
53 | |
54 location /open-static { | |
55 auth_request /auth-open-static; | |
56 } | |
57 location = /auth-open-static { | |
58 # nothing, use static file | |
59 } | |
60 | |
61 location /unauthorized { | |
62 auth_request /auth-unauthorized; | |
63 } | |
64 location = /auth-unauthorized { | |
65 return 401; | |
66 } | |
67 | |
68 location /forbidden { | |
69 auth_request /auth-forbidden; | |
70 } | |
71 location = /auth-forbidden { | |
72 return 403; | |
73 } | |
74 | |
75 location /error { | |
76 auth_request /auth-error; | |
77 } | |
78 location = /auth-error { | |
79 return 404; | |
80 } | |
81 | |
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
82 location /off { |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
83 auth_request off; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
84 } |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
85 |
0 | 86 location /proxy { |
87 auth_request /auth-proxy; | |
88 } | |
89 location = /auth-proxy { | |
90 proxy_pass http://127.0.0.1:8080/auth-basic; | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
91 proxy_pass_request_body off; |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
92 proxy_set_header Content-Length ""; |
0 | 93 } |
94 location = /auth-basic { | |
95 auth_basic "restricted"; | |
96 auth_basic_user_file %%TESTDIR%%/htpasswd; | |
97 } | |
98 | |
10
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
99 location = /proxy-double { |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
100 proxy_pass http://127.0.0.1:8080/auth-error; |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
101 proxy_intercept_errors on; |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
102 error_page 404 = /proxy-double-fallback; |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
103 client_body_buffer_size 4k; |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
104 } |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
105 location = /proxy-double-fallback { |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
106 auth_request /auth-proxy-double; |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
107 proxy_pass http://127.0.0.1:8080/auth-open; |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
108 } |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
109 location = /auth-proxy-double { |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
110 proxy_pass http://127.0.0.1:8080/auth-open; |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
111 proxy_pass_request_body off; |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
112 proxy_set_header Content-Length ""; |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
113 } |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
114 |
0 | 115 location /fastcgi { |
116 auth_request /auth-fastcgi; | |
117 } | |
118 location = /auth-fastcgi { | |
119 fastcgi_pass 127.0.0.1:8081; | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
120 fastcgi_pass_request_body off; |
0 | 121 } |
122 } | |
123 } | |
124 | |
125 EOF | |
126 | |
127 $t->write_file('htpasswd', 'user:zz1T8N4tWvmbE' . "\n"); | |
128 $t->write_file('auth-basic', 'INVISIBLE'); | |
129 $t->write_file('auth-open-static', 'INVISIBLE'); | |
130 $t->run(); | |
131 | |
132 ############################################################################### | |
133 | |
134 pass('runs'); | |
135 | |
136 like(http_get('/open'), qr/ 404 /, 'auth open'); | |
137 like(http_get('/unauthorized'), qr/ 401 /, 'auth unauthorized'); | |
138 like(http_get('/forbidden'), qr/ 403 /, 'auth forbidden'); | |
139 like(http_get('/error'), qr/ 500 /, 'auth error'); | |
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
140 like(http_get('/off'), qr/ 404 /, 'auth off'); |
0 | 141 |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
142 like(http_post('/open'), qr/ 404 /, 'auth post open'); |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
143 like(http_post('/unauthorized'), qr/ 401 /, 'auth post unauthorized'); |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
144 |
0 | 145 like(http_get('/open-static'), qr/ 404 /, 'auth open static'); |
146 unlike(http_get('/open-static'), qr/INVISIBLE/, 'auth static no content'); | |
147 | |
148 like(http_get('/proxy'), qr/ 401 /, 'proxy auth unauthorized'); | |
149 like(http_get('/proxy'), qr/WWW-Authenticate: Basic realm="restricted"/, | |
150 'proxy auth has www-authenticate'); | |
151 like(http_get_auth('/proxy'), qr/ 404 /, 'proxy auth pass'); | |
152 unlike(http_get_auth('/proxy'), qr/INVISIBLE/, 'proxy auth no content'); | |
153 | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
154 like(http_post('/proxy'), qr/ 401 /, 'proxy auth post'); |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
155 |
10
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
156 # Consider the following scenario: |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
157 # |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
158 # 1. proxy_pass reads request body, then goes to fallback via error_page |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
159 # 2. auth request uses proxy_pass, and upstream module closes request body file |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
160 # in ngx_http_upstream_send_response() |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
161 # 3. oops: fallback has no body |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
162 # |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
163 # To prevent this we always allocate fake request body for auth request. |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
164 # |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
165 # Note that this doesn't happen when using header_only as relevant code |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
166 # in ngx_http_upstream_send_response() isn't reached. It may be reached |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
167 # with proxy_cache or proxy_store, but they will shutdown client connection |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
168 # in case of header_only and hence do not work for us at all. |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
169 |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
170 like(http_post_big('/proxy-double'), qr/ 204 /, 'proxy auth with body read'); |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
171 |
0 | 172 SKIP: { |
173 eval { require FCGI; }; | |
174 skip 'FCGI not installed', 2 if $@; | |
175 | |
176 $t->run_daemon(\&fastcgi_daemon); | |
177 $t->waitforsocket('127.0.0.1:8081'); | |
178 | |
179 like(http_get('/fastcgi'), qr/ 404 /, 'fastcgi auth open'); | |
180 unlike(http_get('/fastcgi'), qr/INVISIBLE/, 'fastcgi auth no content'); | |
181 } | |
182 | |
183 ############################################################################### | |
184 | |
185 sub http_get_auth { | |
186 my ($url, %extra) = @_; | |
187 return http(<<EOF, %extra); | |
188 GET $url HTTP/1.0 | |
189 Host: localhost | |
190 Authorization: Basic dXNlcjpzZWNyZXQ= | |
191 | |
192 EOF | |
193 } | |
194 | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
195 sub http_post { |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
196 my ($url, %extra) = @_; |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
197 |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
198 my $p = "POST $url HTTP/1.0" . CRLF . |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
199 "Host: localhost" . CRLF . |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
200 "Content-Length: 10" . CRLF . |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
201 CRLF . |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
202 "1234567890"; |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
203 |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
204 return http($p, %extra); |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
205 } |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
206 |
10
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
207 sub http_post_big { |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
208 my ($url, %extra) = @_; |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
209 |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
210 my $p = "POST $url HTTP/1.0" . CRLF . |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
211 "Host: localhost" . CRLF . |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
212 "Content-Length: 10240" . CRLF . |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
213 CRLF . |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
214 ("1234567890" x 1024); |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
215 |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
216 return http($p, %extra); |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
217 } |
2b95417a1715
Auth request: fix body handling again.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6
diff
changeset
|
218 |
0 | 219 ############################################################################### |
220 | |
221 sub fastcgi_daemon { | |
222 my $socket = FCGI::OpenSocket('127.0.0.1:8081', 5); | |
223 my $request = FCGI::Request(\*STDIN, \*STDOUT, \*STDERR, \%ENV, | |
224 $socket); | |
225 | |
226 while ($request->Accept() >= 0) { | |
227 print <<EOF; | |
228 Content-Type: text/html | |
229 | |
230 INVISIBLE | |
231 EOF | |
232 } | |
233 | |
234 FCGI::CloseSocket($socket); | |
235 } | |
236 | |
237 ############################################################################### |