summaryrefslogtreecommitdiffstats
path: root/debian/perl-framework/t/modules/aaa.t
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
commit1221c736f9a90756d47ea6d28320b6b83602dd2a (patch)
treeb453ba7b1393205258c9b098a773b4330984672f /debian/perl-framework/t/modules/aaa.t
parentAdding upstream version 2.4.38. (diff)
downloadapache2-debian/2.4.38-3+deb10u8.tar.xz
apache2-debian/2.4.38-3+deb10u8.zip
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/perl-framework/t/modules/aaa.t')
-rw-r--r--debian/perl-framework/t/modules/aaa.t257
1 files changed, 257 insertions, 0 deletions
diff --git a/debian/perl-framework/t/modules/aaa.t b/debian/perl-framework/t/modules/aaa.t
new file mode 100644
index 0000000..ffccec0
--- /dev/null
+++ b/debian/perl-framework/t/modules/aaa.t
@@ -0,0 +1,257 @@
+use strict;
+use warnings FATAL => 'all';
+
+use Apache::Test;
+use Apache::TestRequest;
+use Apache::TestUtil qw(t_write_file);
+use File::Spec;
+
+# test the possibility of doing authz by user id or envvar in conjunction
+# with the different AuthTypes
+
+Apache::TestRequest::user_agent(keep_alive => 1);
+
+my @headers = qw(WWW-Authenticate Authentication-Info Location);
+
+my %do_tests = ( basic => 11,
+ digest => 11,
+ form => 16,
+ );
+
+my $tests = 2; # AuthzSendForbiddenOnFailure tests
+foreach my $t (keys %do_tests) {
+ $tests += $do_tests{$t};
+}
+
+plan tests => $tests,
+ need need_lwp,
+ need_module('mod_authn_core'),
+ need_module('mod_authz_core'),
+ need_module('mod_authn_file'),
+ need_module('mod_authz_host'),
+ need_min_apache_version('2.3.7');
+
+foreach my $t (sort keys %do_tests) {
+ if (!have_module("mod_auth_$t")) {
+ skip("skipping mod_auth_$t tests") for (1 .. $do_tests{$t});
+ delete $do_tests{$t};
+ }
+}
+
+write_htpasswd();
+
+# the auth type we are currently testing
+my $type;
+
+foreach my $t (qw/basic digest/) {
+ next unless exists $do_tests{$t};
+ $type = $t;
+ my $url = "/authz/$type/index.html";
+
+ {
+ my $response = GET $url;
+
+ ok($response->code,
+ 401,
+ "$type: no user to authenticate and no env to authorize");
+ }
+
+ {
+ # bad pass
+ my $response = GET $url,
+ username => "u$type", password => 'foo';
+
+ ok($response->code,
+ 401,
+ "$type: u$type:foo not found");
+ }
+
+ {
+ # authenticated
+ my $response = GET $url,
+ username => "u$type", password => "p$type";
+
+ ok($response->code,
+ 200,
+ "$type: u$type:p$type found");
+ }
+
+ {
+ # authorized by env
+ my $response = GET $url, 'X-Allowed' => 'yes';
+
+ ok($response->code,
+ 200,
+ "$type: authz by envvar");
+
+ check_headers($response, 200);
+ }
+
+ {
+ # authorized by env / with error
+ my $response = GET "$url.foo", 'X-Allowed' => 'yes';
+
+ ok($response->code,
+ 404,
+ "$type: not found");
+
+ check_headers($response, 404);
+ }
+}
+
+#
+# Form based authentication works a bit differently
+#
+if (exists $do_tests{form} && !have_module("mod_session_cookie")) {
+ skip("skipping mod_auth_form tests (mod_session_cookie required)")
+ for (1 .. $do_tests{form});
+}
+elsif (exists $do_tests{form}) {
+ $type = 'form';
+ my $url = "/authz/$type/index.html";
+ my $login_form_url='/authz/login.html';
+ my $login_url='/authz/form/dologin.html';
+
+ my @params = ( reset => 1, cookie_jar => {}, requests_redirectable => 0 );
+ Apache::TestRequest::user_agent(@params);
+
+ {
+ my $response = GET $url;
+
+ ok($response->code,
+ 302,
+ "$type: access without user/env should redirect with 302");
+
+ my $loc = $response->header("Location");
+ if (defined $loc && $loc =~ m{^http://[^/]+(/.*)$}) {
+ $loc = $1;
+ }
+ ok($loc,
+ "/authz/login.html",
+ "form: login without user/env should redirect to login form");
+ }
+
+ {
+ Apache::TestRequest::user_agent(@params);
+ # bad pass
+ my $response = POST $login_url,
+ content => "httpd_username=uform&httpd_password=foo";
+ ok($response->code,
+ 302,
+ "form: login with wrong passwd should redirect with 302");
+
+ my $loc = $response->header("Location");
+ if (defined $loc && $loc =~ m{^http://[^/]+(/.*)$}) {
+ $loc = $1;
+ }
+ ok($loc,
+ "/authz/login.html",
+ "form: login with wrong passwd should redirect to login form");
+
+ $response = GET $url;
+ ok($response->code,
+ 302,
+ "$type: wrong passwd should not allow access");
+ }
+
+ {
+ # authenticated
+ Apache::TestRequest::user_agent(@params);
+ my $response = POST $login_url,
+ content => "httpd_username=uform&httpd_password=pform";
+ ok($response->code,
+ 302,
+ "form: login with correct passwd should redirect with 302");
+
+ my $loc = $response->header("Location");
+ if (defined $loc && $loc =~ m{^http://[^/]+(/.*)$}) {
+ $loc = $1;
+ }
+ ok($1,
+ "/authz/form/",
+ "form: login with correct passwd should redirect to SuccessLocation");
+
+ $response = GET $url;
+ ok($response->code,
+ 200,
+ "$type: correct passwd did not allow access");
+ }
+
+ {
+ # authorized by env
+ Apache::TestRequest::user_agent(@params);
+ my $response = GET $url, 'X-Allowed' => 'yes';
+
+ ok($response->code,
+ 200,
+ "$type: authz by envvar");
+
+ check_headers($response, 200);
+ }
+
+ {
+ # authorized by env / with error
+ my $response = GET "$url.foo", 'X-Allowed' => 'yes';
+
+ ok($response->code,
+ 404,
+ "$type: not found");
+
+ check_headers($response, 404);
+ }
+}
+
+#
+# Test AuthzSendForbiddenOnFailure
+#
+if (have_min_apache_version("2.3.11")) {
+ foreach my $want (401, 403) {
+ my $response = GET "/authz/fail/$want",
+ username => "ubasic",
+ password => "pbasic";
+ my $got = $response->code;
+ ok($got, $want, "Expected code $want, got $got");
+ }
+}
+else {
+ skip "skipping tests with httpd <2.3.11" foreach (1..2);
+}
+
+#
+# check that none of the authentication related headers exists
+#
+sub check_headers
+{
+ my $response = shift;
+ my $code = shift;
+
+ foreach my $h (@headers) {
+ ok($response->header($h),
+ undef,
+ "$type: $code response should have no $h header");
+ }
+}
+
+#
+# write out the htpasswd files
+#
+sub write_htpasswd
+{
+ my $digest_file = File::Spec->catfile(Apache::Test::vars('serverroot'), 'realm2');
+ t_write_file($digest_file, << 'EOF' );
+# udigest/pdigest
+udigest:realm2:bccffb0d42943019acfbebf2039b8a3a
+EOF
+
+ my $basic_file = File::Spec->catfile(Apache::Test::vars('serverroot'), 'basic1');
+ t_write_file($basic_file, << 'EOF' );
+# ubasic:pbasic
+ubasic:$apr1$opONH1Fj$dX0sZdZ0rRWEk0Wj8y.Qv1
+EOF
+
+ my $form_file = File::Spec->catfile(Apache::Test::vars('serverroot'), 'form1');
+ t_write_file($form_file, << 'EOF' );
+# uform:pform
+uform:$apr1$BzhDZ03D$U598kbSXGy/R7OhYXu.JJ0
+EOF
+}