Mercurial > hg > nginx-tests
comparison auth_basic.t @ 229:9969fcf1f27e
Tests: corrupted password entries tests.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 10 Aug 2012 20:51:43 +0400 |
parents | f9325406df0b |
children | 8d58b624a142 |
comparison
equal
deleted
inserted
replaced
228:5c9e43547b71 | 229:9969fcf1f27e |
---|---|
21 ############################################################################### | 21 ############################################################################### |
22 | 22 |
23 select STDERR; $| = 1; | 23 select STDERR; $| = 1; |
24 select STDOUT; $| = 1; | 24 select STDOUT; $| = 1; |
25 | 25 |
26 my $t = Test::Nginx->new()->has(qw/http auth_basic/)->plan(11) | 26 my $t = Test::Nginx->new()->has(qw/http auth_basic/)->plan(15) |
27 ->write_file_expand('nginx.conf', <<'EOF'); | 27 ->write_file_expand('nginx.conf', <<'EOF'); |
28 | 28 |
29 %%TEST_GLOBALS%% | 29 %%TEST_GLOBALS%% |
30 | 30 |
31 daemon off; | 31 daemon off; |
55 | 55 |
56 $t->write_file( | 56 $t->write_file( |
57 'htpasswd', | 57 'htpasswd', |
58 'crypt:' . crypt('password', 'salt') . "\n" . | 58 'crypt:' . crypt('password', 'salt') . "\n" . |
59 'crypt1:' . crypt('password', '$1$salt$') . "\n" . | 59 'crypt1:' . crypt('password', '$1$salt$') . "\n" . |
60 'crypt2:' . '$1$' . "\n" . | |
60 'apr1:' . '$apr1$salt$Xxd1irWT9ycqoYxGFn4cb.' . "\n" . | 61 'apr1:' . '$apr1$salt$Xxd1irWT9ycqoYxGFn4cb.' . "\n" . |
62 'apr12:' . '$apr1$' . "\n" . | |
61 'plain:' . '{PLAIN}password' . "\n" . | 63 'plain:' . '{PLAIN}password' . "\n" . |
62 'ssha:' . '{SSHA}yI6cZwQadOA1e+/f+T+H3eCQQhRzYWx0' . "\n" | 64 'ssha:' . '{SSHA}yI6cZwQadOA1e+/f+T+H3eCQQhRzYWx0' . "\n" . |
65 'ssha2:' . '{SSHA}_____wQadOA1e+/f+T+H3eCQQhRzYWx0' . "\n" . | |
66 'ssha3:' . '{SSHA}Zm9vCg==' . "\n" | |
63 ); | 67 ); |
64 | 68 |
65 $t->run(); | 69 $t->run(); |
66 | 70 |
67 ############################################################################### | 71 ############################################################################### |
75 like(http_get_auth('/', 'crypt', 'password'), qr!SEETHIS!, 'normal crypt'); | 79 like(http_get_auth('/', 'crypt', 'password'), qr!SEETHIS!, 'normal crypt'); |
76 unlike(http_get_auth('/', 'crypt', '123'), qr!SEETHIS!, 'normal wrong'); | 80 unlike(http_get_auth('/', 'crypt', '123'), qr!SEETHIS!, 'normal wrong'); |
77 | 81 |
78 like(http_get_auth('/', 'crypt1', 'password'), qr!SEETHIS!, 'crypt $1$ (md5)'); | 82 like(http_get_auth('/', 'crypt1', 'password'), qr!SEETHIS!, 'crypt $1$ (md5)'); |
79 unlike(http_get_auth('/', 'crypt1', '123'), qr!SEETHIS!, 'crypt $1$ wrong'); | 83 unlike(http_get_auth('/', 'crypt1', '123'), qr!SEETHIS!, 'crypt $1$ wrong'); |
84 | |
85 like(http_get_auth('/', 'crypt2', '1'), qr!401 Unauthorized!, | |
86 'crypt $1$ broken'); | |
80 | 87 |
81 } | 88 } |
82 | 89 |
83 like(http_get_auth('/', 'apr1', 'password'), qr!SEETHIS!, 'apr1 md5'); | 90 like(http_get_auth('/', 'apr1', 'password'), qr!SEETHIS!, 'apr1 md5'); |
84 like(http_get_auth('/', 'plain', 'password'), qr!SEETHIS!, 'plain password'); | 91 like(http_get_auth('/', 'plain', 'password'), qr!SEETHIS!, 'plain password'); |
95 | 102 |
96 unlike(http_get_auth('/', 'apr1', '123'), qr!SEETHIS!, 'apr1 md5 wrong'); | 103 unlike(http_get_auth('/', 'apr1', '123'), qr!SEETHIS!, 'apr1 md5 wrong'); |
97 unlike(http_get_auth('/', 'plain', '123'), qr!SEETHIS!, 'plain wrong'); | 104 unlike(http_get_auth('/', 'plain', '123'), qr!SEETHIS!, 'plain wrong'); |
98 unlike(http_get_auth('/', 'ssha', '123'), qr!SEETHIS!, 'ssha wrong'); | 105 unlike(http_get_auth('/', 'ssha', '123'), qr!SEETHIS!, 'ssha wrong'); |
99 | 106 |
107 like(http_get_auth('/', 'apr12', '1'), qr!401 Unauthorized!, 'apr1 md5 broken'); | |
108 | |
109 SKIP: { | |
110 skip 'unsafe', 2 unless $ENV{TEST_NGINX_UNSAFE}; | |
111 local $TODO = 'not yet'; | |
112 | |
113 like(http_get_auth('/', 'ssha2', '1'), qr!401 Unauthorized!, 'ssha broken 1'); | |
114 like(http_get_auth('/', 'ssha3', '1'), qr!401 Unauthorized!, 'ssha broken 2'); | |
115 | |
116 } | |
117 | |
100 ############################################################################### | 118 ############################################################################### |
101 | 119 |
102 sub http_get_auth { | 120 sub http_get_auth { |
103 my ($url, $user, $password) = @_; | 121 my ($url, $user, $password) = @_; |
104 | 122 |