summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2016-12-23 04:39:50 -0500
committerGlenn Strauss <gstrauss@gluelogic.com>2017-01-31 14:36:15 -0500
commitafce434e0b0ee517fef06cf32d3f9de25ceddc14 (patch)
tree8782e6f7959712d1552c4770934b301a25c35384 /tests
parent4d92366ab21d4b4ae6f4781b9121d6683e0bc909 (diff)
downloadlighttpd1.4-afce434e0b0ee517fef06cf32d3f9de25ceddc14.tar.gz
lighttpd1.4-afce434e0b0ee517fef06cf32d3f9de25ceddc14.zip
[mod_secdownload] new directives modify hash path (fixes #646, fixes #1904)
secdownload.path-segments = <number> include only given number of path segments in hash digest calculation secdownload.hash-querystr = "enable" | "disable" include the query string in the hash digest calculation x-ref: "secdownload.path_elements support" https://redmine.lighttpd.net/issues/646 "mod_secdownload option to include url GET parameters in md5" https://redmine.lighttpd.net/issues/1904
Diffstat (limited to 'tests')
-rw-r--r--tests/lighttpd.conf1
-rwxr-xr-xtests/mod-secdownload.t16
2 files changed, 16 insertions, 1 deletions
diff --git a/tests/lighttpd.conf b/tests/lighttpd.conf
index 3fd8b0da..c2fae77d 100644
--- a/tests/lighttpd.conf
+++ b/tests/lighttpd.conf
@@ -199,6 +199,7 @@ $HTTP["host"] == "vvv-sha256.example.org" {
secdownload.uri-prefix = "/sec/"
secdownload.timeout = 120
secdownload.algorithm = "hmac-sha256"
+ secdownload.hash-querystr = "enable"
}
$HTTP["host"] == "zzz.example.org" {
diff --git a/tests/mod-secdownload.t b/tests/mod-secdownload.t
index 96baf9d7..8881df68 100755
--- a/tests/mod-secdownload.t
+++ b/tests/mod-secdownload.t
@@ -8,7 +8,7 @@ BEGIN {
use strict;
use IO::Socket;
-use Test::More tests => 15;
+use Test::More tests => 16;
use LightyTest;
use Digest::MD5 qw(md5_hex);
use Digest::SHA qw(hmac_sha1 hmac_sha256);
@@ -142,6 +142,20 @@ $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256)');
+## HMAC-SHA256
+$f = "/index.html?qs=1";
+$thex = sprintf("%08x", time);
+$m = encode_base64url(hmac_sha256("/$thex$f", $secret));
+
+$t->{REQUEST} = ( <<EOF
+GET /sec/$m/$thex$f HTTP/1.0
+Host: vvv-sha256.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256) with hash-querystr');
+
$thex = sprintf("%08x", time - 1800);
$m = encode_base64url(hmac_sha256("/$thex$f", $secret));