Mercurial > hg > nginx-tests
annotate secure_link.t @ 1965:84f4d4930835
Tests: relaxed mail_imap_ssl.t cipher matching.
Previously, exact match between cipher name in the log and the one from
IO::Socket:SSL was needed, which might not be the case if nginx and
Net::SSLeay are compiled with different SSL libraries, notably LibreSSL
(which uses names like AEAD-AES256-GCM-SHA384 till 3.5.0), and
OpenSSL or BoringSSL (which use TLS_AES_256_GCM_SHA384). In particular,
this affects macOS, where Net::SSLeay compiled with LibreSSL 3.3.6 is
shipped with the OS, while nginx is likely to be compiled with OpenSSL.
Fix is to not require exact match but instead accept properly looking names
as checked by a regular expression, similarly to how it is already tested
in ssl.t and stream_ssl_variables.t.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:01:40 +0300 |
parents | 97c8280de681 |
children |
rev | line source |
---|---|
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
4 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
5 # Tests for nginx secure_link module. |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
6 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
7 ############################################################################### |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 use warnings; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
10 use strict; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
12 use Test::More; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
13 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 use Digest::MD5 qw/ md5 md5_hex /; |
161
2c07dc5bc354
Tests: avoid using encode_base64url().
Maxim Dounin <mdounin@mdounin.ru>
parents:
160
diff
changeset
|
15 use MIME::Base64 qw/ encode_base64 /; |
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 BEGIN { use FindBin; chdir($FindBin::Bin); } |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
18 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
19 use lib 'lib'; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
20 use Test::Nginx; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
21 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
22 ############################################################################### |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
23 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
24 select STDERR; $| = 1; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
25 select STDOUT; $| = 1; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
26 |
1213
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
27 my $t = Test::Nginx->new()->has(qw/http secure_link rewrite/)->plan(19); |
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
28 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
30 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
32 |
249
6a0d934950bc
Tests: remove extra spaces in "daemon off".
Maxim Dounin <mdounin@mdounin.ru>
parents:
161
diff
changeset
|
33 daemon off; |
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
34 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
35 events { |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
36 } |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
37 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
38 http { |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
39 %%TEST_GLOBALS_HTTP%% |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
40 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
41 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
42 listen 127.0.0.1:8080; |
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
43 server_name localhost; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
44 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
45 location / { |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
46 # new style |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
47 # /test.html?hash=BASE64URL |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
49 secure_link $arg_hash; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 secure_link_md5 secret$uri; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
51 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 # invalid hash |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
53 if ($secure_link = "") { |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
54 return 403; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
55 } |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
56 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
57 # expired |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
58 if ($secure_link = "0") { |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
59 return 403; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
60 } |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
61 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
62 # $secure_link = "1" |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
63 } |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
64 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
65 location = /expires.html { |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
66 # new style with expires |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 # /test.html?hash=BASE64URL&expires=12345678 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
68 |
695
da20b4389038
Tests: added secure_link_expires variable test.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
590
diff
changeset
|
69 add_header X-Expires $secure_link_expires; |
da20b4389038
Tests: added secure_link_expires variable test.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
590
diff
changeset
|
70 |
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
71 secure_link $arg_hash,$arg_expires; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
72 secure_link_md5 secret$uri$arg_expires; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
74 # invalid hash |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
75 if ($secure_link = "") { |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
76 return 403; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
77 } |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
78 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
79 # expired |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
80 if ($secure_link = "0") { |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 return 403; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 } |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 # $secure_link = "1" |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 } |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
87 location /p/ { |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
88 # old style |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
89 # /p/d8e8fca2dc0f896fd7cb4cb0031ba249/test.html |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
90 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 secure_link_secret secret; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
92 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
93 if ($secure_link = "") { |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
94 return 403; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
95 } |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
96 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
97 rewrite ^ /$secure_link break; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
98 } |
255
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
99 |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
100 location /inheritance/ { |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
101 secure_link_secret secret; |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
102 |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
103 location = /inheritance/test { |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
104 secure_link Xr4ilOzQ4PCOq3aQ0qbuaQ==; |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
105 secure_link_md5 secret; |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
106 |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
107 if ($secure_link = "1") { |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
108 rewrite ^ /test.html break; |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
109 } |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
110 |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
111 return 403; |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
112 } |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
113 } |
1213
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
114 |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
115 location /stub { |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
116 return 200 x$secure_link${secure_link_expires}x; |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
117 } |
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
118 } |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
119 } |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
120 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
121 EOF |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
122 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
123 $t->write_file('test.html', 'PASSED'); |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
124 $t->write_file('expires.html', 'PASSED'); |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
125 $t->run(); |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
126 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
127 ############################################################################### |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
128 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
129 # new style |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
130 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
131 like(http_get('/test.html?hash=q-5vpkjBkRXXtkUMXiJVHA=='), |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
132 qr/PASSED/, 'request md5'); |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
133 like(http_get('/test.html?hash=q-5vpkjBkRXXtkUMXiJVHA'), |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
134 qr/PASSED/, 'request md5 no padding'); |
1213
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
135 like(http_get('/test.html?hash=q-5vpkjBkRXXtkUMXiJVHAQQ'), |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
136 qr/^HTTP.*403/, 'request md5 too long'); |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
137 like(http_get('/test.html?hash=q-5vpkjBkRXXtkUMXiJVHA-TOOLONG'), |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
138 qr/^HTTP.*403/, 'request md5 too long encoding'); |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
139 like(http_get('/test.html?hash=BADHASHLENGTH'), |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
140 qr/^HTTP.*403/, 'request md5 decode error'); |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
141 like(http_get('/test.html?hash=q-5vpkjBkRXXtkUMXiJVHX=='), |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
142 qr/^HTTP.*403/, 'request md5 mismatch'); |
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
143 like(http_get('/test.html'), qr/^HTTP.*403/, 'request no hash'); |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
144 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
145 # new style with expires |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
146 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
147 my ($expires, $hash); |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
148 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
149 $expires = time() + 86400; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
150 $hash = encode_base64url(md5("secret/expires.html$expires")); |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
151 like(http_get('/expires.html?hash=' . $hash . '&expires=' . $expires), |
590
dc2f8aac0553
Tests: whitespace fixes.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
302
diff
changeset
|
152 qr/PASSED/, 'request md5 not expired'); |
695
da20b4389038
Tests: added secure_link_expires variable test.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
590
diff
changeset
|
153 like(http_get('/expires.html?hash=' . $hash . '&expires=' . $expires), |
da20b4389038
Tests: added secure_link_expires variable test.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
590
diff
changeset
|
154 qr/X-Expires: $expires/, 'secure_link_expires variable'); |
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
155 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
156 $expires = time() - 86400; |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
157 $hash = encode_base64url(md5("secret/expires.html$expires")); |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
158 like(http_get('/expires.html?hash=' . $hash . '&expires=' . $expires), |
590
dc2f8aac0553
Tests: whitespace fixes.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
302
diff
changeset
|
159 qr/^HTTP.*403/, 'request md5 expired'); |
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
160 |
1213
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
161 $expires = 0; |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
162 $hash = encode_base64url(md5("secret/expires.html$expires")); |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
163 like(http_get('/expires.html?hash=' . $hash . '&expires=' . $expires), |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
164 qr/^HTTP.*403/, 'request md5 invalid expiration'); |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
165 |
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
166 # old style |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
167 |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
168 like(http_get('/p/' . md5_hex('test.html' . 'secret') . '/test.html'), |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
169 qr/PASSED/, 'request old style'); |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
170 like(http_get('/p/' . md5_hex('fake') . '/test.html'), qr/^HTTP.*403/, |
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
171 'request old style fake hash'); |
1213
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
172 like(http_get('/p/' . 'foo' . '/test.html'), qr/^HTTP.*403/, |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
173 'request old style short hash'); |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
174 like(http_get('/p/' . 'x' x 32 . '/test.html'), qr/^HTTP.*403/, |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
175 'request old style corrupt hash'); |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
176 like(http_get('/p%2f'), qr/^HTTP.*403/, 'request old style bad uri'); |
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
177 like(http_get('/p/test.html'), qr/^HTTP.*403/, 'request old style no hash'); |
255
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
178 like(http_get('/inheritance/test'), qr/PASSED/, 'inheritance'); |
cca7b57587d6
Tests: secure_link inheritance test.
Ruslan Ermilov <ru@nginx.com>
parents:
249
diff
changeset
|
179 |
1213
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
180 like(http_get('/stub'), qr/xx/, 'secure_link not found'); |
64f287c8cc62
Tests: more corner cases for secure_link module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
181 |
160
197d5d9fd7f9
Tests: add tests for secure_link module.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
182 ############################################################################### |
161
2c07dc5bc354
Tests: avoid using encode_base64url().
Maxim Dounin <mdounin@mdounin.ru>
parents:
160
diff
changeset
|
183 |
2c07dc5bc354
Tests: avoid using encode_base64url().
Maxim Dounin <mdounin@mdounin.ru>
parents:
160
diff
changeset
|
184 sub encode_base64url { |
590
dc2f8aac0553
Tests: whitespace fixes.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
302
diff
changeset
|
185 my $e = encode_base64(shift, ""); |
dc2f8aac0553
Tests: whitespace fixes.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
302
diff
changeset
|
186 $e =~ s/=+\z//; |
dc2f8aac0553
Tests: whitespace fixes.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
302
diff
changeset
|
187 $e =~ tr[+/][-_]; |
dc2f8aac0553
Tests: whitespace fixes.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
302
diff
changeset
|
188 return $e; |
161
2c07dc5bc354
Tests: avoid using encode_base64url().
Maxim Dounin <mdounin@mdounin.ru>
parents:
160
diff
changeset
|
189 } |
2c07dc5bc354
Tests: avoid using encode_base64url().
Maxim Dounin <mdounin@mdounin.ru>
parents:
160
diff
changeset
|
190 |
2c07dc5bc354
Tests: avoid using encode_base64url().
Maxim Dounin <mdounin@mdounin.ru>
parents:
160
diff
changeset
|
191 ############################################################################### |