/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ /* * Copyright (C) 2001-2003, Ximian, Inc. */ #include "test-utils.h" static SoupURI *base_uri; static struct { gboolean client_sent_basic, client_sent_digest; gboolean server_requested_basic, server_requested_digest; gboolean succeeded; } test_data; static void curl_exited (GPid pid, int status, gpointer data) { gboolean *done = data; *done = TRUE; test_data.succeeded = (status == 0); } static void do_test (SoupURI *base_uri, const char *path, gboolean good_user, gboolean good_password, gboolean offer_basic, gboolean offer_digest, gboolean client_sends_basic, gboolean client_sends_digest, gboolean server_requests_basic, gboolean server_requests_digest, gboolean success) { SoupURI *uri; char *uri_str; GPtrArray *args; GPid pid; gboolean done; /* We build the URI this way to avoid having soup_uri_new() normalize the path, hence losing the encoded characters in tests 4. and 5. below. */ uri = soup_uri_copy (base_uri); soup_uri_set_path (uri, path); uri_str = soup_uri_to_string (uri, FALSE); soup_uri_free (uri); args = g_ptr_array_new (); g_ptr_array_add (args, "curl"); g_ptr_array_add (args, "--noproxy"); g_ptr_array_add (args, "*"); g_ptr_array_add (args, "-f"); g_ptr_array_add (args, "-s"); if (offer_basic || offer_digest) { g_ptr_array_add (args, "-u"); if (good_user) { if (good_password) g_ptr_array_add (args, "user:password"); else g_ptr_array_add (args, "user:badpassword"); } else { if (good_password) g_ptr_array_add (args, "baduser:password"); else g_ptr_array_add (args, "baduser:badpassword"); } if (offer_basic && offer_digest) g_ptr_array_add (args, "--anyauth"); else if (offer_basic) g_ptr_array_add (args, "--basic"); else g_ptr_array_add (args, "--digest"); } g_ptr_array_add (args, uri_str); g_ptr_array_add (args, NULL); memset (&test_data, 0, sizeof (test_data)); if (g_spawn_async (NULL, (char **)args->pdata, NULL, G_SPAWN_SEARCH_PATH | G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_STDERR_TO_DEV_NULL | G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, NULL)) { done = FALSE; g_child_watch_add (pid, curl_exited, &done); while (!done) g_main_context_iteration (NULL, TRUE); } else test_data.succeeded = FALSE; g_ptr_array_free (args, TRUE); g_free (uri_str); g_assert_cmpint (server_requests_basic, ==, test_data.server_requested_basic); g_assert_cmpint (server_requests_digest, ==, test_data.server_requested_digest); g_assert_cmpint (client_sends_basic, ==, test_data.client_sent_basic); g_assert_cmpint (client_sends_digest, ==, test_data.client_sent_digest); g_assert_cmpint (success, ==, test_data.succeeded); } #define TEST_USES_BASIC(t) (((t) & 1) == 1) #define TEST_USES_DIGEST(t) (((t) & 2) == 2) #define TEST_GOOD_USER(t) (((t) & 4) == 4) #define TEST_GOOD_PASSWORD(t) (((t) & 8) == 8) #define TEST_GOOD_AUTH(t) (TEST_GOOD_USER (t) && TEST_GOOD_PASSWORD (t)) #define TEST_PREEMPTIVE_BASIC(t) (TEST_USES_BASIC (t) && !TEST_USES_DIGEST (t)) static void do_server_auth_test (gconstpointer data) { int i = GPOINTER_TO_INT (data); if (!have_curl()) { g_test_skip ("curl is not available"); return; } /* 1. No auth required. The server will ignore the * Authorization headers completely, and the request * will always succeed. */ do_test (base_uri, "/foo", TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i), /* request */ TEST_USES_BASIC (i), TEST_USES_DIGEST (i), /* expected from client */ TEST_PREEMPTIVE_BASIC (i), FALSE, /* expected from server */ FALSE, FALSE, /* success? */ TRUE); /* 2. Basic auth required. The server will send * "WWW-Authenticate: Basic" if the client fails to * send an Authorization: Basic on the first request, * or if it sends a bad password. */ do_test (base_uri, "/Basic/foo", TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i), /* request */ TEST_USES_BASIC (i), TEST_USES_DIGEST (i), /* expected from client */ TEST_USES_BASIC (i), FALSE, /* expected from server */ !TEST_PREEMPTIVE_BASIC (i) || !TEST_GOOD_AUTH (i), FALSE, /* success? */ TEST_USES_BASIC (i) && TEST_GOOD_AUTH (i)); /* 3. Digest auth required. Simpler than the basic * case because the client can't send Digest auth * premptively. */ do_test (base_uri, "/Digest/foo", TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i), /* request */ TEST_USES_BASIC (i), TEST_USES_DIGEST (i), /* expected from client */ TEST_PREEMPTIVE_BASIC (i), TEST_USES_DIGEST (i), /* expected from server */ FALSE, TRUE, /* success? */ TEST_USES_DIGEST (i) && TEST_GOOD_AUTH (i)); /* 4. Digest auth with encoded URI. See #794208. */ do_test (base_uri, "/Digest/A%20B", TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i), /* request */ TEST_USES_BASIC (i), TEST_USES_DIGEST (i), /* expected from client */ TEST_PREEMPTIVE_BASIC (i), TEST_USES_DIGEST (i), /* expected from server */ FALSE, TRUE, /* success? */ TEST_USES_DIGEST (i) && TEST_GOOD_AUTH (i)); /* 5. Digest auth with a mixture of encoded and decoded chars in the URI. See #794208. */ do_test (base_uri, "/Digest/A%20|%20B", TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i), /* request */ TEST_USES_BASIC (i), TEST_USES_DIGEST (i), /* expected from client */ TEST_PREEMPTIVE_BASIC (i), TEST_USES_DIGEST (i), /* expected from server */ FALSE, TRUE, /* success? */ TEST_USES_DIGEST (i) && TEST_GOOD_AUTH (i)); /* 6. Digest auth with UTF-8 chars in the URI. See #794208. */ do_test (base_uri, "/Digest/A௹B", TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i), /* request */ TEST_USES_BASIC (i), TEST_USES_DIGEST (i), /* expected from client */ TEST_PREEMPTIVE_BASIC (i), TEST_USES_DIGEST (i), /* expected from server */ FALSE, TRUE, /* success? */ TEST_USES_DIGEST (i) && TEST_GOOD_AUTH (i)); /* 7. Any auth required. */ do_test (base_uri, "/Any/foo", TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i), /* request */ TEST_USES_BASIC (i), TEST_USES_DIGEST (i), /* expected from client */ TEST_PREEMPTIVE_BASIC (i), TEST_USES_DIGEST (i), /* expected from server */ !TEST_PREEMPTIVE_BASIC (i) || !TEST_GOOD_AUTH (i), !TEST_PREEMPTIVE_BASIC (i) || !TEST_GOOD_AUTH (i), /* success? */ (TEST_USES_BASIC (i) || TEST_USES_DIGEST (i)) && TEST_GOOD_AUTH (i)); /* 8. No auth required again. (Makes sure that * SOUP_AUTH_DOMAIN_REMOVE_PATH works.) */ do_test (base_uri, "/Any/Not/foo", TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i), /* request */ TEST_USES_BASIC (i), TEST_USES_DIGEST (i), /* expected from client */ TEST_PREEMPTIVE_BASIC (i), FALSE, /* expected from server */ FALSE, FALSE, /* success? */ TRUE); } static gboolean basic_auth_callback (SoupAuthDomain *auth_domain, SoupMessage *msg, const char *username, const char *password, gpointer data) { return !strcmp (username, "user") && !strcmp (password, "password"); } static char * digest_auth_callback (SoupAuthDomain *auth_domain, SoupMessage *msg, const char *username, gpointer data) { if (strcmp (username, "user") != 0) return NULL; /* Note: this is exactly how you *shouldn't* do it in the real * world; you should have the pre-encoded password stored in a * database of some sort rather than using the cleartext * password in the callback. */ return soup_auth_domain_digest_encode_password ("user", "server-auth-test", "password"); } static void server_callback (SoupServer *server, SoupMessage *msg, const char *path, GHashTable *query, SoupClientContext *context, gpointer data) { if (msg->method != SOUP_METHOD_GET && msg->method != SOUP_METHOD_HEAD) { soup_message_set_status (msg, SOUP_STATUS_NOT_IMPLEMENTED); return; } soup_message_set_response (msg, "text/plain", SOUP_MEMORY_STATIC, "OK\r\n", 4); soup_message_set_status (msg, SOUP_STATUS_OK); } static void got_headers_callback (SoupMessage *msg, gpointer data) { const char *header; header = soup_message_headers_get_one (msg->request_headers, "Authorization"); if (header) { if (strstr (header, "Basic ")) test_data.client_sent_basic = TRUE; if (strstr (header, "Digest ")) test_data.client_sent_digest = TRUE; } } static void wrote_headers_callback (SoupMessage *msg, gpointer data) { const char *header; header = soup_message_headers_get_list (msg->response_headers, "WWW-Authenticate"); if (header) { if (strstr (header, "Basic ")) test_data.server_requested_basic = TRUE; if (strstr (header, "Digest ")) test_data.server_requested_digest = TRUE; } } static void request_started_callback (SoupServer *server, SoupMessage *msg, SoupClientContext *client, gpointer data) { g_signal_connect (msg, "got_headers", G_CALLBACK (got_headers_callback), NULL); g_signal_connect (msg, "wrote_headers", G_CALLBACK (wrote_headers_callback), NULL); } static gboolean run_tests = TRUE; static GOptionEntry no_test_entry[] = { { "no-tests", 'n', G_OPTION_FLAG_REVERSE, G_OPTION_ARG_NONE, &run_tests, "Don't run tests, just run the test server", NULL }, { NULL } }; int main (int argc, char **argv) { GMainLoop *loop; SoupServer *server; SoupAuthDomain *auth_domain; int ret; test_init (argc, argv, no_test_entry); server = soup_test_server_new (SOUP_TEST_SERVER_DEFAULT); g_signal_connect (server, "request_started", G_CALLBACK (request_started_callback), NULL); soup_server_add_handler (server, NULL, server_callback, NULL, NULL); auth_domain = soup_auth_domain_basic_new ( SOUP_AUTH_DOMAIN_REALM, "server-auth-test", SOUP_AUTH_DOMAIN_ADD_PATH, "/Basic", SOUP_AUTH_DOMAIN_ADD_PATH, "/Any", SOUP_AUTH_DOMAIN_REMOVE_PATH, "/Any/Not", SOUP_AUTH_DOMAIN_BASIC_AUTH_CALLBACK, basic_auth_callback, NULL); soup_server_add_auth_domain (server, auth_domain); g_object_unref (auth_domain); auth_domain = soup_auth_domain_digest_new ( SOUP_AUTH_DOMAIN_REALM, "server-auth-test", SOUP_AUTH_DOMAIN_ADD_PATH, "/Digest", SOUP_AUTH_DOMAIN_ADD_PATH, "/Any", SOUP_AUTH_DOMAIN_REMOVE_PATH, "/Any/Not", SOUP_AUTH_DOMAIN_DIGEST_AUTH_CALLBACK, digest_auth_callback, NULL); soup_server_add_auth_domain (server, auth_domain); g_object_unref (auth_domain); loop = g_main_loop_new (NULL, TRUE); base_uri = soup_test_server_get_uri (server, "http", NULL); if (run_tests) { int i; for (i = 0; i < 16; i++) { char *path; const char *authtypes; if (!TEST_GOOD_USER (i) && !TEST_GOOD_PASSWORD (i)) continue; if (TEST_USES_BASIC (i)) { if (TEST_USES_DIGEST (i)) authtypes = "basic+digest"; else authtypes = "basic"; } else { if (TEST_USES_DIGEST (i)) authtypes = "digest"; else authtypes = "none"; } path = g_strdup_printf ("/server-auth/%s/%s-user%c%s-password", authtypes, TEST_GOOD_USER (i) ? "good" : "bad", TEST_GOOD_USER (i) ? '/' : '\0', TEST_GOOD_PASSWORD (i) ? "good" : "bad"); g_test_add_data_func (path, GINT_TO_POINTER (i), do_server_auth_test); g_free (path); } ret = g_test_run (); } else { g_print ("Listening on port %d\n", base_uri->port); g_main_loop_run (loop); ret = 0; } soup_uri_free (base_uri); g_main_loop_unref (loop); soup_test_server_quit_unref (server); if (run_tests) test_cleanup (); return ret; }