Mercurial > hg > nginx-tests
comparison auth_request_satisfy.t @ 349:918dc7aa50f1
Tests: tests for auth_request with satisfy.
In particular, this adds a TODO test for a case from ticket #285 -
if "satisfy any" is used and auth_basic returns 401, it should be used
as a response code even if auth_request later returns 403.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 17 Oct 2013 05:12:16 +0400 |
parents | |
children | e102fc6db946 |
comparison
equal
deleted
inserted
replaced
348:08bb2b3785a2 | 349:918dc7aa50f1 |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Maxim Dounin | |
4 | |
5 # Tests for auth request module with satisfy directive. | |
6 | |
7 ############################################################################### | |
8 | |
9 use warnings; | |
10 use strict; | |
11 | |
12 use Test::More; | |
13 | |
14 use Socket qw/ CRLF /; | |
15 | |
16 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
17 | |
18 use lib 'lib'; | |
19 use Test::Nginx; | |
20 | |
21 ############################################################################### | |
22 | |
23 select STDERR; $| = 1; | |
24 select STDOUT; $| = 1; | |
25 | |
26 my $t = Test::Nginx->new() | |
27 ->has(qw/http rewrite access auth_basic auth_request/) | |
28 ->plan(18); | |
29 | |
30 $t->write_file_expand('nginx.conf', <<'EOF'); | |
31 | |
32 %%TEST_GLOBALS%% | |
33 | |
34 daemon off; | |
35 | |
36 events { | |
37 } | |
38 | |
39 http { | |
40 %%TEST_GLOBALS_HTTP%% | |
41 | |
42 server { | |
43 listen 127.0.0.1:8080; | |
44 server_name localhost; | |
45 | |
46 location / { | |
47 return 444; | |
48 } | |
49 | |
50 location /all/allow { | |
51 satisfy all; | |
52 allow all; | |
53 auth_request /auth; | |
54 } | |
55 | |
56 location /all/deny { | |
57 satisfy all; | |
58 deny all; | |
59 auth_request /auth; | |
60 } | |
61 | |
62 location /all/basic { | |
63 satisfy all; | |
64 auth_basic "restricted"; | |
65 auth_basic_user_file %%TESTDIR%%/htpasswd; | |
66 auth_request /auth; | |
67 } | |
68 | |
69 location /any/allow { | |
70 satisfy any; | |
71 allow all; | |
72 auth_request /auth; | |
73 } | |
74 | |
75 location /any/deny { | |
76 satisfy any; | |
77 deny all; | |
78 auth_request /auth; | |
79 } | |
80 | |
81 location /any/basic { | |
82 satisfy any; | |
83 auth_basic "restricted"; | |
84 auth_basic_user_file %%TESTDIR%%/htpasswd; | |
85 auth_request /auth; | |
86 } | |
87 | |
88 location = /auth { | |
89 if ($request_uri ~ "open$") { | |
90 return 204; | |
91 } | |
92 if ($request_uri ~ "unauthorized$") { | |
93 return 401; | |
94 } | |
95 if ($request_uri ~ "forbidden$") { | |
96 return 403; | |
97 } | |
98 } | |
99 } | |
100 } | |
101 | |
102 EOF | |
103 | |
104 $t->write_file('htpasswd', 'user:{PLAIN}secret' . "\n"); | |
105 $t->run(); | |
106 | |
107 ############################################################################### | |
108 | |
109 # satisfy all - first 401/403 wins | |
110 | |
111 like(http_get('/all/allow+open'), qr/ 404 /, 'all allow+open'); | |
112 like(http_get('/all/allow+unauthorized'), qr/ 401 /, 'all allow+unauthorized'); | |
113 like(http_get('/all/allow+forbidden'), qr/ 403 /, 'all allow+forbidden'); | |
114 | |
115 like(http_get('/all/deny+open'), qr/ 403 /, 'all deny+open'); | |
116 like(http_get('/all/deny+unauthorized'), qr/ 403 /, 'all deny+unauthorized'); | |
117 like(http_get('/all/deny+forbidden'), qr/ 403 /, 'all deny+forbidden'); | |
118 | |
119 like(http_get('/all/basic+open'), qr/ 401 /, 'all basic+open'); | |
120 like(http_get('/all/basic+unauthorized'), qr/ 401 /, 'all basic+unauthorized'); | |
121 like(http_get('/all/basic+forbidden'), qr/ 401 /, 'all basic+forbidden'); | |
122 | |
123 # satisfy any - first ok wins | |
124 # additionally, 403 shouldn't override 401 status | |
125 | |
126 like(http_get('/any/allow+open'), qr/ 404 /, 'any allow+open'); | |
127 like(http_get('/any/allow+unauthorized'), qr/ 404 /, 'any allow+unauthorized'); | |
128 like(http_get('/any/allow+forbidden'), qr/ 404 /, 'any allow+forbidden'); | |
129 | |
130 like(http_get('/any/deny+open'), qr/ 404 /, 'any deny+open'); | |
131 like(http_get('/any/deny+unauthorized'), qr/ 401 /, 'any deny+unauthorized'); | |
132 like(http_get('/any/deny+forbidden'), qr/ 403 /, 'any deny+forbidden'); | |
133 | |
134 like(http_get('/any/basic+open'), qr/ 404 /, 'any basic+open'); | |
135 like(http_get('/any/basic+unauthorized'), qr/ 401 /, 'any basic+unauthorized'); | |
136 | |
137 TODO: { | |
138 local $TODO = 'not yet, ticket 285'; | |
139 | |
140 like(http_get('/any/basic+forbidden'), qr/ 401 /, 'any basic+forbidden'); | |
141 | |
142 } | |
143 | |
144 ############################################################################### |