Mercurial > hg > ngx_http_auth_request_module
annotate t/auth-request.t @ 9:4385a10a836f
Auth request: add note that proxy_cache and friends do not work.
With r->header_only set upstream module will shutdown client connection
in case it needs to do cache/store. Probably it's good idea to avoid setting
r->header_only on auth subrequest to make cache work. On the other hand,
auth subrequest then will be required to return responses with empty body in
all cases, even on errors.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 24 Mar 2010 07:09:18 +0300 |
parents | 70f3d876b569 |
children | 2b95417a1715 |
rev | line source |
---|---|
0 | 1 #!/usr/bin/perl |
2 | |
3 # (C) Maxim Dounin | |
4 | |
5 # Tests for auth request module. | |
6 | |
7 ############################################################################### | |
8 | |
9 use warnings; | |
10 use strict; | |
11 | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
12 use Socket qw/ CRLF /; |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
13 |
0 | 14 use Test::More; |
15 use Test::Nginx; | |
16 | |
17 ############################################################################### | |
18 | |
19 select STDERR; $| = 1; | |
20 select STDOUT; $| = 1; | |
21 | |
22 my $t = Test::Nginx->new()->has(qw/http rewrite proxy fastcgi auth_basic/) | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
23 ->plan(17); |
0 | 24 |
25 $t->write_file_expand('nginx.conf', <<'EOF'); | |
26 | |
6
70f3d876b569
Auth request: use test globals.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
27 %%TEST_GLOBALS%% |
70f3d876b569
Auth request: use test globals.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
28 |
0 | 29 master_process off; |
30 daemon off; | |
31 | |
32 events { | |
33 } | |
34 | |
35 http { | |
36 %%TEST_GLOBALS_HTTP%% | |
37 | |
38 server { | |
39 listen 127.0.0.1:8080; | |
40 server_name localhost; | |
41 | |
42 location / { | |
43 return 444; | |
44 } | |
45 | |
46 location /open { | |
47 auth_request /auth-open; | |
48 } | |
49 location = /auth-open { | |
50 return 204; | |
51 } | |
52 | |
53 location /open-static { | |
54 auth_request /auth-open-static; | |
55 } | |
56 location = /auth-open-static { | |
57 # nothing, use static file | |
58 } | |
59 | |
60 location /unauthorized { | |
61 auth_request /auth-unauthorized; | |
62 } | |
63 location = /auth-unauthorized { | |
64 return 401; | |
65 } | |
66 | |
67 location /forbidden { | |
68 auth_request /auth-forbidden; | |
69 } | |
70 location = /auth-forbidden { | |
71 return 403; | |
72 } | |
73 | |
74 location /error { | |
75 auth_request /auth-error; | |
76 } | |
77 location = /auth-error { | |
78 return 404; | |
79 } | |
80 | |
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
81 location /off { |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
82 auth_request off; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
83 } |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
84 |
0 | 85 location /proxy { |
86 auth_request /auth-proxy; | |
87 } | |
88 location = /auth-proxy { | |
89 proxy_pass http://127.0.0.1:8080/auth-basic; | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
90 proxy_pass_request_body off; |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
91 proxy_set_header Content-Length ""; |
0 | 92 } |
93 location = /auth-basic { | |
94 auth_basic "restricted"; | |
95 auth_basic_user_file %%TESTDIR%%/htpasswd; | |
96 } | |
97 | |
98 location /fastcgi { | |
99 auth_request /auth-fastcgi; | |
100 } | |
101 location = /auth-fastcgi { | |
102 fastcgi_pass 127.0.0.1:8081; | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
103 fastcgi_pass_request_body off; |
0 | 104 } |
105 } | |
106 } | |
107 | |
108 EOF | |
109 | |
110 $t->write_file('htpasswd', 'user:zz1T8N4tWvmbE' . "\n"); | |
111 $t->write_file('auth-basic', 'INVISIBLE'); | |
112 $t->write_file('auth-open-static', 'INVISIBLE'); | |
113 $t->run(); | |
114 | |
115 ############################################################################### | |
116 | |
117 pass('runs'); | |
118 | |
119 like(http_get('/open'), qr/ 404 /, 'auth open'); | |
120 like(http_get('/unauthorized'), qr/ 401 /, 'auth unauthorized'); | |
121 like(http_get('/forbidden'), qr/ 403 /, 'auth forbidden'); | |
122 like(http_get('/error'), qr/ 500 /, 'auth error'); | |
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
123 like(http_get('/off'), qr/ 404 /, 'auth off'); |
0 | 124 |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
125 like(http_post('/open'), qr/ 404 /, 'auth post open'); |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
126 like(http_post('/unauthorized'), qr/ 401 /, 'auth post unauthorized'); |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
127 |
0 | 128 like(http_get('/open-static'), qr/ 404 /, 'auth open static'); |
129 unlike(http_get('/open-static'), qr/INVISIBLE/, 'auth static no content'); | |
130 | |
131 like(http_get('/proxy'), qr/ 401 /, 'proxy auth unauthorized'); | |
132 like(http_get('/proxy'), qr/WWW-Authenticate: Basic realm="restricted"/, | |
133 'proxy auth has www-authenticate'); | |
134 like(http_get_auth('/proxy'), qr/ 404 /, 'proxy auth pass'); | |
135 unlike(http_get_auth('/proxy'), qr/INVISIBLE/, 'proxy auth no content'); | |
136 | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
137 like(http_post('/proxy'), qr/ 401 /, 'proxy auth post'); |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
138 |
0 | 139 SKIP: { |
140 eval { require FCGI; }; | |
141 skip 'FCGI not installed', 2 if $@; | |
142 | |
143 $t->run_daemon(\&fastcgi_daemon); | |
144 $t->waitforsocket('127.0.0.1:8081'); | |
145 | |
146 like(http_get('/fastcgi'), qr/ 404 /, 'fastcgi auth open'); | |
147 unlike(http_get('/fastcgi'), qr/INVISIBLE/, 'fastcgi auth no content'); | |
148 } | |
149 | |
150 ############################################################################### | |
151 | |
152 sub http_get_auth { | |
153 my ($url, %extra) = @_; | |
154 return http(<<EOF, %extra); | |
155 GET $url HTTP/1.0 | |
156 Host: localhost | |
157 Authorization: Basic dXNlcjpzZWNyZXQ= | |
158 | |
159 EOF | |
160 } | |
161 | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
162 sub http_post { |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
163 my ($url, %extra) = @_; |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
164 |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
165 my $p = "POST $url HTTP/1.0" . CRLF . |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
166 "Host: localhost" . CRLF . |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
167 "Content-Length: 10" . CRLF . |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
168 CRLF . |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
169 "1234567890"; |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
170 |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
171 return http($p, %extra); |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
172 } |
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
173 |
0 | 174 ############################################################################### |
175 | |
176 sub fastcgi_daemon { | |
177 my $socket = FCGI::OpenSocket('127.0.0.1:8081', 5); | |
178 my $request = FCGI::Request(\*STDIN, \*STDOUT, \*STDERR, \%ENV, | |
179 $socket); | |
180 | |
181 while ($request->Accept() >= 0) { | |
182 print <<EOF; | |
183 Content-Type: text/html | |
184 | |
185 INVISIBLE | |
186 EOF | |
187 } | |
188 | |
189 FCGI::CloseSocket($socket); | |
190 } | |
191 | |
192 ############################################################################### |