summaryrefslogtreecommitdiffstats
path: root/test/integration/test-authentication-basic
diff options
context:
space:
mode:
Diffstat (limited to 'test/integration/test-authentication-basic')
-rwxr-xr-xtest/integration/test-authentication-basic153
1 files changed, 153 insertions, 0 deletions
diff --git a/test/integration/test-authentication-basic b/test/integration/test-authentication-basic
new file mode 100755
index 0000000..784a00c
--- /dev/null
+++ b/test/integration/test-authentication-basic
@@ -0,0 +1,153 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture 'i386'
+
+insertpackage 'unstable' 'foo' 'all' '1'
+setupaptarchive --no-update
+
+changetohttpswebserver --authorization="$(printf '%s' 'star@irc:hunter2' | base64 )"
+
+echo 'See, when YOU type hunter2, it shows to us as *******' > aptarchive/bash
+echo 'Debug::Acquire::netrc "true";' > rootdir/etc/apt/apt.conf.d/netrcdebug.conf
+
+testauthfailure() {
+ testfailure apthelper download-file "${1}/bash" ./downloaded/bash
+ # crappy test, but http and https output are wastely different…
+ testsuccess grep 401 rootdir/tmp/testfailure.output
+ testfailure test -s ./downloaded/bash
+}
+
+testauthsuccess() {
+ testsuccess apthelper download-file "${1}/bash" ./downloaded/bash
+ testfileequal ./downloaded/bash "$(cat aptarchive/bash)"
+ testfilestats ./downloaded/bash '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644"
+ rm -f ./downloaded/bash
+
+ # lets see if got/retains acceptable permissions
+ if [ -n "$AUTHCONF" ]; then
+ if [ "$(id -u)" = '0' ]; then
+ testfilestats "$AUTHCONF" '%U:%G:%a' '=' "_apt:$(id -gn):600"
+ else
+ testfilestats "$AUTHCONF" '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:600"
+ fi
+ fi
+
+ rm -rf rootdir/var/lib/apt/lists
+ if expr index "$1" '@' >/dev/null; then
+ testsuccesswithnotice aptget update
+ else
+ testsuccess aptget update
+ fi
+ testsuccessequal 'Reading package lists...
+Building dependency tree...
+The following NEW packages will be installed:
+ foo
+0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
+Inst foo (1 unstable [all])
+Conf foo (1 unstable [all])' aptget install foo -s
+}
+
+authfile() {
+ local AUTHCONF="${2:-rootdir/etc/apt/auth.conf}"
+ mkdir -p "$(dirname "$AUTHCONF")"
+ rm -f "$AUTHCONF"
+ printf '%s' "$1" > "$AUTHCONF"
+ chmod 600 "$AUTHCONF"
+}
+
+runtest() {
+ # unauthorized fails
+ authfile ''
+ testauthfailure "$1"
+
+ protocol="${1%%://*}"
+
+ # good auth
+ authfile "machine ${protocol}://localhost
+login star@irc
+password hunter2"
+ testauthsuccess "$1"
+
+ # bad auth
+ authfile "machine ${protocol}://localhost
+login anonymous
+password hunter2"
+ testauthfailure "$1"
+
+ # 2 stanzas: unmatching + good auth
+ authfile "machine ${protocol}://debian.org
+login debian
+password jessie
+
+machine ${protocol}://localhost
+login star@irc
+password hunter2"
+ testauthsuccess "$1"
+
+ # no protocol specifier
+ authfile "machine localhost
+login star@irc
+password hunter2"
+ if [ "$protocol" = "https" ]; then
+ testauthsuccess "$1"
+ else
+ testfailure apthelper download-file "${1}/bash" ./downloaded/bash
+ testsuccessequal "W: ${1}/bash: ${TMPWORKINGDIRECTORY}/rootdir/etc/apt/auth.conf: Credentials for localhost match, but the protocol is not encrypted. Annotate with http:// to use." grep "Credentials.*match" rootdir/tmp/testfailure.output
+ testauthfailure "$1"
+ fi
+
+ # wrong protocol specifier
+ if [ "$protocol" = "https" ]; then
+ authfile "machine http://localhost
+login star@irc
+password hunter2"
+ else
+ authfile "machine https://localhost
+login star@irc
+password hunter2"
+ fi
+ testauthfailure "$1"
+
+ # delete file, make sure it fails; add auth.conf.d snippet, works again.
+ rm rootdir/etc/apt/auth.conf
+ testauthfailure "$1"
+
+ authfile "machine ${protocol}://localhost
+login star@irc
+password hunter2" rootdir/etc/apt/auth.conf.d/myauth.conf
+ testauthsuccess "$1"
+ rm rootdir/etc/apt/auth.conf.d/myauth.conf
+}
+
+msgmsg 'server basic auth'
+rewritesourceslist "http://localhost:${APTHTTPPORT}"
+runtest "http://localhost:${APTHTTPPORT}"
+rewritesourceslist "http://star%40irc:hunter2@localhost:${APTHTTPPORT}"
+authfile ''
+testauthsuccess "http://star%40irc:hunter2@localhost:${APTHTTPPORT}"
+rewritesourceslist "https://localhost:${APTHTTPSPORT}"
+runtest "https://localhost:${APTHTTPSPORT}"
+rewritesourceslist "http://localhost:${APTHTTPPORT}"
+
+msgmsg 'proxy to server basic auth'
+webserverconfig 'aptwebserver::request::absolute' 'uri'
+# using ip instead of localhost avoids picking up the auth for the repo
+# for the proxy as well as we serve them both over the same server…
+export http_proxy="http://127.0.0.1:${APTHTTPPORT}"
+runtest "http://localhost:${APTHTTPPORT}"
+unset http_proxy
+
+msgmsg 'proxy basic auth to server basic auth'
+webserverconfig 'aptwebserver::proxy-authorization' "$(printf 'moon:deer2' | base64)"
+export http_proxy="http://moon:deer2@localhost:${APTHTTPPORT}"
+runtest "http://localhost:${APTHTTPPORT}"
+
+msgmsg 'proxy basic auth to server'
+authfile ''
+webserverconfig 'aptwebserver::authorization' ''
+testauthsuccess "http://localhost:${APTHTTPPORT}"