Mercurial > hg > ngx_http_auth_request_module
changeset 13:83bb29f1b173
Auth request: rename tests for better sorting.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 19 Jul 2013 19:27:32 +0400 |
| parents | a29d74804ff1 |
| children | d4c131d13048 |
| files | t/auth-request-set.t t/auth-request.t t/auth_request.t t/auth_request_set.t |
| diffstat | 4 files changed, 379 insertions(+), 379 deletions(-) [+] |
line wrap: on
line diff
--- a/t/auth-request-set.t Wed Mar 24 07:38:56 2010 +0300 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,143 +0,0 @@ -#!/usr/bin/perl - -# (C) Maxim Dounin - -# Tests for auth request module, auth_request_set. - -############################################################################### - -use warnings; -use strict; - -use Socket qw/ CRLF /; - -use Test::More; -use Test::Nginx; - -############################################################################### - -select STDERR; $| = 1; -select STDOUT; $| = 1; - -my $t = Test::Nginx->new()->has(qw/http rewrite/) - ->plan(6); - -$t->write_file_expand('nginx.conf', <<'EOF'); - -%%TEST_GLOBALS%% - -master_process off; -daemon off; - -events { -} - -http { - %%TEST_GLOBALS_HTTP%% - - server { - listen 127.0.0.1:8080; - server_name localhost; - - location = /t1.html { - auth_request /auth; - auth_request_set $username $upstream_http_x_username; - add_header X-Set-Username $username; - } - - location = /t2.html { - auth_request /auth; - auth_request_set $username $upstream_http_x_username; - error_page 404 = /fallback; - } - location = /fallback { - add_header X-Set-Username $username; - return 204; - } - - location = /t3.html { - auth_request /auth; - auth_request_set $username $upstream_http_x_username; - error_page 404 = @fallback; - } - location @fallback { - add_header X-Set-Username $username; - return 204; - } - - location = /t4.html { - auth_request /auth; - auth_request_set $username $upstream_http_x_username; - error_page 404 = /t4-fallback.html; - } - location = /t4-fallback.html { - auth_request /auth2; - auth_request_set $username $upstream_http_x_username; - add_header X-Set-Username $username; - } - - location = /t5.html { - auth_request /auth; - auth_request_set $args "setargs"; - proxy_pass http://127.0.0.1:8081/t5.html; - } - - location = /t6.html { - add_header X-Unset-Username "x${username}x"; - return 204; - } - - location = /auth { - proxy_pass http://127.0.0.1:8081; - } - location = /auth2 { - proxy_pass http://127.0.0.1:8081; - } - } - - server { - listen 127.0.0.1:8081; - server_name localhost; - - location = /auth { - add_header X-Username "username"; - return 204; - } - - location = /auth2 { - add_header X-Username "username2"; - return 204; - } - - location = /t5.html { - add_header X-Args $args; - return 204; - } - } -} - -EOF - -$t->write_file('t1.html', ''); -$t->write_file('t4-fallback.html', ''); -$t->run(); - -############################################################################### - -like(http_get('/t1.html'), qr/X-Set-Username: username/, 'set normal'); -like(http_get('/t2.html'), qr/X-Set-Username: username/, 'set after redirect'); -like(http_get('/t3.html'), qr/X-Set-Username: username/, - 'set after named location'); -like(http_get('/t4.html'), qr/X-Set-Username: username2/, - 'set on second auth'); - -# there are two variables with set_handler: $args and $limit_rate -# we do test $args as it's a bit more simple thing to do - -like(http_get('/t5.html'), qr/X-Args: setargs/, 'variable with set_handler'); - -# check that using variable without setting it returns empty content - -like(http_get('/t6.html'), qr/X-Unset-Username: xx/, 'unset variable'); - -###############################################################################
--- a/t/auth-request.t Wed Mar 24 07:38:56 2010 +0300 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,236 +0,0 @@ -#!/usr/bin/perl - -# (C) Maxim Dounin - -# Tests for auth request module. - -############################################################################### - -use warnings; -use strict; - -use Socket qw/ CRLF /; - -use Test::More; -use Test::Nginx; - -############################################################################### - -select STDERR; $| = 1; -select STDOUT; $| = 1; - -my $t = Test::Nginx->new()->has(qw/http rewrite proxy fastcgi auth_basic/) - ->plan(18); - -$t->write_file_expand('nginx.conf', <<'EOF'); - -%%TEST_GLOBALS%% - -master_process off; -daemon off; - -events { -} - -http { - %%TEST_GLOBALS_HTTP%% - - server { - listen 127.0.0.1:8080; - server_name localhost; - - location / { - return 444; - } - - location /open { - auth_request /auth-open; - } - location = /auth-open { - return 204; - } - - location /open-static { - auth_request /auth-open-static; - } - location = /auth-open-static { - # nothing, use static file - } - - location /unauthorized { - auth_request /auth-unauthorized; - } - location = /auth-unauthorized { - return 401; - } - - location /forbidden { - auth_request /auth-forbidden; - } - location = /auth-forbidden { - return 403; - } - - location /error { - auth_request /auth-error; - } - location = /auth-error { - return 404; - } - - location /off { - auth_request off; - } - - location /proxy { - auth_request /auth-proxy; - } - location = /auth-proxy { - proxy_pass http://127.0.0.1:8080/auth-basic; - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - } - location = /auth-basic { - auth_basic "restricted"; - auth_basic_user_file %%TESTDIR%%/htpasswd; - } - - location = /proxy-double { - proxy_pass http://127.0.0.1:8080/auth-error; - proxy_intercept_errors on; - error_page 404 = /proxy-double-fallback; - client_body_buffer_size 4k; - } - location = /proxy-double-fallback { - auth_request /auth-proxy-double; - proxy_pass http://127.0.0.1:8080/auth-open; - } - location = /auth-proxy-double { - proxy_pass http://127.0.0.1:8080/auth-open; - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - } - - location /fastcgi { - auth_request /auth-fastcgi; - } - location = /auth-fastcgi { - fastcgi_pass 127.0.0.1:8081; - fastcgi_pass_request_body off; - } - } -} - -EOF - -$t->write_file('htpasswd', 'user:zz1T8N4tWvmbE' . "\n"); -$t->write_file('auth-basic', 'INVISIBLE'); -$t->write_file('auth-open-static', 'INVISIBLE'); -$t->run(); - -############################################################################### - -pass('runs'); - -like(http_get('/open'), qr/ 404 /, 'auth open'); -like(http_get('/unauthorized'), qr/ 401 /, 'auth unauthorized'); -like(http_get('/forbidden'), qr/ 403 /, 'auth forbidden'); -like(http_get('/error'), qr/ 500 /, 'auth error'); -like(http_get('/off'), qr/ 404 /, 'auth off'); - -like(http_post('/open'), qr/ 404 /, 'auth post open'); -like(http_post('/unauthorized'), qr/ 401 /, 'auth post unauthorized'); - -like(http_get('/open-static'), qr/ 404 /, 'auth open static'); -unlike(http_get('/open-static'), qr/INVISIBLE/, 'auth static no content'); - -like(http_get('/proxy'), qr/ 401 /, 'proxy auth unauthorized'); -like(http_get('/proxy'), qr/WWW-Authenticate: Basic realm="restricted"/, - 'proxy auth has www-authenticate'); -like(http_get_auth('/proxy'), qr/ 404 /, 'proxy auth pass'); -unlike(http_get_auth('/proxy'), qr/INVISIBLE/, 'proxy auth no content'); - -like(http_post('/proxy'), qr/ 401 /, 'proxy auth post'); - -# Consider the following scenario: -# -# 1. proxy_pass reads request body, then goes to fallback via error_page -# 2. auth request uses proxy_pass, and upstream module closes request body file -# in ngx_http_upstream_send_response() -# 3. oops: fallback has no body -# -# To prevent this we always allocate fake request body for auth request. -# -# Note that this doesn't happen when using header_only as relevant code -# in ngx_http_upstream_send_response() isn't reached. It may be reached -# with proxy_cache or proxy_store, but they will shutdown client connection -# in case of header_only and hence do not work for us at all. - -like(http_post_big('/proxy-double'), qr/ 204 /, 'proxy auth with body read'); - -SKIP: { - eval { require FCGI; }; - skip 'FCGI not installed', 2 if $@; - - $t->run_daemon(\&fastcgi_daemon); - $t->waitforsocket('127.0.0.1:8081'); - - like(http_get('/fastcgi'), qr/ 404 /, 'fastcgi auth open'); - unlike(http_get('/fastcgi'), qr/INVISIBLE/, 'fastcgi auth no content'); -} - -############################################################################### - -sub http_get_auth { - my ($url, %extra) = @_; - return http(<<EOF, %extra); -GET $url HTTP/1.0 -Host: localhost -Authorization: Basic dXNlcjpzZWNyZXQ= - -EOF -} - -sub http_post { - my ($url, %extra) = @_; - - my $p = "POST $url HTTP/1.0" . CRLF . - "Host: localhost" . CRLF . - "Content-Length: 10" . CRLF . - CRLF . - "1234567890"; - - return http($p, %extra); -} - -sub http_post_big { - my ($url, %extra) = @_; - - my $p = "POST $url HTTP/1.0" . CRLF . - "Host: localhost" . CRLF . - "Content-Length: 10240" . CRLF . - CRLF . - ("1234567890" x 1024); - - return http($p, %extra); -} - -############################################################################### - -sub fastcgi_daemon { - my $socket = FCGI::OpenSocket('127.0.0.1:8081', 5); - my $request = FCGI::Request(\*STDIN, \*STDOUT, \*STDERR, \%ENV, - $socket); - - while ($request->Accept() >= 0) { - print <<EOF; -Content-Type: text/html - -INVISIBLE -EOF - } - - FCGI::CloseSocket($socket); -} - -###############################################################################
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/t/auth_request.t Fri Jul 19 19:27:32 2013 +0400 @@ -0,0 +1,236 @@ +#!/usr/bin/perl + +# (C) Maxim Dounin + +# Tests for auth request module. + +############################################################################### + +use warnings; +use strict; + +use Socket qw/ CRLF /; + +use Test::More; +use Test::Nginx; + +############################################################################### + +select STDERR; $| = 1; +select STDOUT; $| = 1; + +my $t = Test::Nginx->new()->has(qw/http rewrite proxy fastcgi auth_basic/) + ->plan(18); + +$t->write_file_expand('nginx.conf', <<'EOF'); + +%%TEST_GLOBALS%% + +master_process off; +daemon off; + +events { +} + +http { + %%TEST_GLOBALS_HTTP%% + + server { + listen 127.0.0.1:8080; + server_name localhost; + + location / { + return 444; + } + + location /open { + auth_request /auth-open; + } + location = /auth-open { + return 204; + } + + location /open-static { + auth_request /auth-open-static; + } + location = /auth-open-static { + # nothing, use static file + } + + location /unauthorized { + auth_request /auth-unauthorized; + } + location = /auth-unauthorized { + return 401; + } + + location /forbidden { + auth_request /auth-forbidden; + } + location = /auth-forbidden { + return 403; + } + + location /error { + auth_request /auth-error; + } + location = /auth-error { + return 404; + } + + location /off { + auth_request off; + } + + location /proxy { + auth_request /auth-proxy; + } + location = /auth-proxy { + proxy_pass http://127.0.0.1:8080/auth-basic; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + } + location = /auth-basic { + auth_basic "restricted"; + auth_basic_user_file %%TESTDIR%%/htpasswd; + } + + location = /proxy-double { + proxy_pass http://127.0.0.1:8080/auth-error; + proxy_intercept_errors on; + error_page 404 = /proxy-double-fallback; + client_body_buffer_size 4k; + } + location = /proxy-double-fallback { + auth_request /auth-proxy-double; + proxy_pass http://127.0.0.1:8080/auth-open; + } + location = /auth-proxy-double { + proxy_pass http://127.0.0.1:8080/auth-open; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + } + + location /fastcgi { + auth_request /auth-fastcgi; + } + location = /auth-fastcgi { + fastcgi_pass 127.0.0.1:8081; + fastcgi_pass_request_body off; + } + } +} + +EOF + +$t->write_file('htpasswd', 'user:zz1T8N4tWvmbE' . "\n"); +$t->write_file('auth-basic', 'INVISIBLE'); +$t->write_file('auth-open-static', 'INVISIBLE'); +$t->run(); + +############################################################################### + +pass('runs'); + +like(http_get('/open'), qr/ 404 /, 'auth open'); +like(http_get('/unauthorized'), qr/ 401 /, 'auth unauthorized'); +like(http_get('/forbidden'), qr/ 403 /, 'auth forbidden'); +like(http_get('/error'), qr/ 500 /, 'auth error'); +like(http_get('/off'), qr/ 404 /, 'auth off'); + +like(http_post('/open'), qr/ 404 /, 'auth post open'); +like(http_post('/unauthorized'), qr/ 401 /, 'auth post unauthorized'); + +like(http_get('/open-static'), qr/ 404 /, 'auth open static'); +unlike(http_get('/open-static'), qr/INVISIBLE/, 'auth static no content'); + +like(http_get('/proxy'), qr/ 401 /, 'proxy auth unauthorized'); +like(http_get('/proxy'), qr/WWW-Authenticate: Basic realm="restricted"/, + 'proxy auth has www-authenticate'); +like(http_get_auth('/proxy'), qr/ 404 /, 'proxy auth pass'); +unlike(http_get_auth('/proxy'), qr/INVISIBLE/, 'proxy auth no content'); + +like(http_post('/proxy'), qr/ 401 /, 'proxy auth post'); + +# Consider the following scenario: +# +# 1. proxy_pass reads request body, then goes to fallback via error_page +# 2. auth request uses proxy_pass, and upstream module closes request body file +# in ngx_http_upstream_send_response() +# 3. oops: fallback has no body +# +# To prevent this we always allocate fake request body for auth request. +# +# Note that this doesn't happen when using header_only as relevant code +# in ngx_http_upstream_send_response() isn't reached. It may be reached +# with proxy_cache or proxy_store, but they will shutdown client connection +# in case of header_only and hence do not work for us at all. + +like(http_post_big('/proxy-double'), qr/ 204 /, 'proxy auth with body read'); + +SKIP: { + eval { require FCGI; }; + skip 'FCGI not installed', 2 if $@; + + $t->run_daemon(\&fastcgi_daemon); + $t->waitforsocket('127.0.0.1:8081'); + + like(http_get('/fastcgi'), qr/ 404 /, 'fastcgi auth open'); + unlike(http_get('/fastcgi'), qr/INVISIBLE/, 'fastcgi auth no content'); +} + +############################################################################### + +sub http_get_auth { + my ($url, %extra) = @_; + return http(<<EOF, %extra); +GET $url HTTP/1.0 +Host: localhost +Authorization: Basic dXNlcjpzZWNyZXQ= + +EOF +} + +sub http_post { + my ($url, %extra) = @_; + + my $p = "POST $url HTTP/1.0" . CRLF . + "Host: localhost" . CRLF . + "Content-Length: 10" . CRLF . + CRLF . + "1234567890"; + + return http($p, %extra); +} + +sub http_post_big { + my ($url, %extra) = @_; + + my $p = "POST $url HTTP/1.0" . CRLF . + "Host: localhost" . CRLF . + "Content-Length: 10240" . CRLF . + CRLF . + ("1234567890" x 1024); + + return http($p, %extra); +} + +############################################################################### + +sub fastcgi_daemon { + my $socket = FCGI::OpenSocket('127.0.0.1:8081', 5); + my $request = FCGI::Request(\*STDIN, \*STDOUT, \*STDERR, \%ENV, + $socket); + + while ($request->Accept() >= 0) { + print <<EOF; +Content-Type: text/html + +INVISIBLE +EOF + } + + FCGI::CloseSocket($socket); +} + +###############################################################################
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/t/auth_request_set.t Fri Jul 19 19:27:32 2013 +0400 @@ -0,0 +1,143 @@ +#!/usr/bin/perl + +# (C) Maxim Dounin + +# Tests for auth request module, auth_request_set. + +############################################################################### + +use warnings; +use strict; + +use Socket qw/ CRLF /; + +use Test::More; +use Test::Nginx; + +############################################################################### + +select STDERR; $| = 1; +select STDOUT; $| = 1; + +my $t = Test::Nginx->new()->has(qw/http rewrite/) + ->plan(6); + +$t->write_file_expand('nginx.conf', <<'EOF'); + +%%TEST_GLOBALS%% + +master_process off; +daemon off; + +events { +} + +http { + %%TEST_GLOBALS_HTTP%% + + server { + listen 127.0.0.1:8080; + server_name localhost; + + location = /t1.html { + auth_request /auth; + auth_request_set $username $upstream_http_x_username; + add_header X-Set-Username $username; + } + + location = /t2.html { + auth_request /auth; + auth_request_set $username $upstream_http_x_username; + error_page 404 = /fallback; + } + location = /fallback { + add_header X-Set-Username $username; + return 204; + } + + location = /t3.html { + auth_request /auth; + auth_request_set $username $upstream_http_x_username; + error_page 404 = @fallback; + } + location @fallback { + add_header X-Set-Username $username; + return 204; + } + + location = /t4.html { + auth_request /auth; + auth_request_set $username $upstream_http_x_username; + error_page 404 = /t4-fallback.html; + } + location = /t4-fallback.html { + auth_request /auth2; + auth_request_set $username $upstream_http_x_username; + add_header X-Set-Username $username; + } + + location = /t5.html { + auth_request /auth; + auth_request_set $args "setargs"; + proxy_pass http://127.0.0.1:8081/t5.html; + } + + location = /t6.html { + add_header X-Unset-Username "x${username}x"; + return 204; + } + + location = /auth { + proxy_pass http://127.0.0.1:8081; + } + location = /auth2 { + proxy_pass http://127.0.0.1:8081; + } + } + + server { + listen 127.0.0.1:8081; + server_name localhost; + + location = /auth { + add_header X-Username "username"; + return 204; + } + + location = /auth2 { + add_header X-Username "username2"; + return 204; + } + + location = /t5.html { + add_header X-Args $args; + return 204; + } + } +} + +EOF + +$t->write_file('t1.html', ''); +$t->write_file('t4-fallback.html', ''); +$t->run(); + +############################################################################### + +like(http_get('/t1.html'), qr/X-Set-Username: username/, 'set normal'); +like(http_get('/t2.html'), qr/X-Set-Username: username/, 'set after redirect'); +like(http_get('/t3.html'), qr/X-Set-Username: username/, + 'set after named location'); +like(http_get('/t4.html'), qr/X-Set-Username: username2/, + 'set on second auth'); + +# there are two variables with set_handler: $args and $limit_rate +# we do test $args as it's a bit more simple thing to do + +like(http_get('/t5.html'), qr/X-Args: setargs/, 'variable with set_handler'); + +# check that using variable without setting it returns empty content + +like(http_get('/t6.html'), qr/X-Unset-Username: xx/, 'unset variable'); + +###############################################################################