tests for htpasswd + md5 and referer matching in conditionals

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@711 152afb58-edef-0310-8abb-c4023f1b3aa9
17 years ago · e2cf5d3094
4 changed files with 79 additions and 23 deletions
--- a/tests/core-condition.t
+++ b/tests/core-condition.t
@ -8,7 +8,7 @@ BEGIN {

 use strict;
 use IO::Socket;
-use Test::More tests => 11;
+use Test::More tests => 14;
 use LightyTest;

 my $tf = LightyTest->new();
@ -56,7 +56,7 @@ ok($tf->start_proc == 0, "Starting lighttpd") or die();

 $t->{REQUEST}  = ( <<EOF
 GET /nofile.png HTTP/1.0
-Host: www.example.org
+Host: referer.example.org
 EOF
 );
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
@ -64,21 +64,51 @@ ok($tf->handle_http($t) == 0, 'condition: Referer - no referer');

 $t->{REQUEST}  = ( <<EOF
 GET /nofile.png HTTP/1.0
-Host: www.example.org
-Referer: http://www.example.org/
+Host: referer.example.org
+Referer: http://referer.example.org/
 EOF
 );
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
 ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex');

-$t->{REQUEST}  = ( <<EOF
+TODO: {
+  local $TODO = "referer matching in conditionals";
+  $t->{REQUEST}  = ( <<EOF
 GET /nofile.png HTTP/1.0
+Host: referer.example.org
+Referer: http://evil-referer.example.org/
+EOF
+ );
+  $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
+  ok($tf->handle_http($t) == 0, 'condition: Referer - referer doesn\'t match');
+}
+
+$t->{REQUEST}  = ( <<EOF
+GET /image.jpg HTTP/1.0
 Host: www.example.org
-Referer: http://123.example.org/
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'condition: Referer - no referer');
+
+$t->{REQUEST}  = ( <<EOF
+GET /image.jpg HTTP/1.0
+Host: www.example.org
+Referer: http://referer.example.org/
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex');
+
+$t->{REQUEST}  = ( <<EOF
+GET /image.jpg HTTP/1.0
+Host: www.example.org
+Referer: http://evil-referer.example.org/
 EOF
 );
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
 ok($tf->handle_http($t) == 0, 'condition: Referer - referer doesn\'t match');

+
 ok($tf->stop_proc == 0, "Stopping lighttpd");

--- a/tests/lighttpd.conf
+++ b/tests/lighttpd.conf
@ -85,34 +85,27 @@ userdir.path = "/"
 ssl.engine                  = "disable"
 ssl.pemfile                 = "server.pem"

+$HTTP["host"] == "auth-htpasswd.example.org" {
+	auth.backend                = "htpasswd"
+}
+
 auth.backend                = "plain"
 auth.backend.plain.userfile = "@SRCDIR@/tmp/lighttpd/lighttpd.user"
-auth.backend.plain.groupfile = "lighttpd.group"

-auth.backend.ldap.hostname  = "localhost"
-auth.backend.ldap.base-dn   = "dc=my-domain,dc=com"
-auth.backend.ldap.filter    = "(uid=$)"
+auth.backend.htpasswd.userfile = "@SRCDIR@/tmp/lighttpd/lighttpd.htpasswd"
+

 auth.require                = ( "/server-status" => 
                                ( 
 				  "method"  => "digest",
 				  "realm"   => "download archiv",
-#				  "require" => ("group=www", "user=jan", "host=192.168.2.10")
 				  "require" => "group=www|user=jan|host=192.168.2.10"
 				),
-				"/auth.php" => 
-                                ( 
-				  "method"  => "basic",
-				  "realm"   => "download archiv",
-#				  "require" => ("group=www", "user=jan", "host=192.168.2.10")
-				  "require" => "user=jan"
-				),
 				"/server-config" => 
                                ( 
 				  "method"  => "basic",
 				  "realm"   => "download archiv",
-#				  "require" => ("group=www", "user=jan", "user=weigon", "host=192.168.2.10")
-				  "require" => "group=www|user=jan|host=192.168.2.10"
+				  "require" => "valid-user"
 				)
                              )

@ -175,7 +168,13 @@ $HTTP["remoteip"] =~ "(127.0.0.1)" {
 }

 # deny access for all image stealers
-$HTTP["referer"] !~ "^($|http://www\.example\.org)" {
-  url.access-deny = ( ".jpg", ".jpeg", ".png" )
+$HTTP["host"] == "referer.example.org" {
+  $HTTP["referer"] !~ "^($|http://referer\.example\.org)" {
+    url.access-deny = ( ".png" )
+  }
+}
+
+$HTTP["referer"] !~ "^($|http://referer\.example\.org)" {
+  url.access-deny = ( ".jpg" )
 }

--- a/tests/mod-auth.t
+++ b/tests/mod-auth.t
@ -8,7 +8,7 @@ BEGIN {

 use strict;
 use IO::Socket;
-use Test::More tests => 6;
+use Test::More tests => 9;
 use LightyTest;

 my $tf = LightyTest->new();
@ -37,6 +37,32 @@ Authorization: Basic amFuOmphbg==
 EOF
 );
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - plain');
+
+$t->{REQUEST}  = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: Basic ZGVzOmRlcw==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des)');
+
+$t->{REQUEST}  = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: Basic bWQ1Om1kNQ==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (md5)');
+
+$t->{REQUEST}  = ( <<EOF
+GET /server-config HTTP/1.0
+Authorization: Basic bWQ1Om1kNA==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token');

 ## this should not crash
--- a/tests/prepare.sh
+++ b/tests/prepare.sh
@ -37,6 +37,7 @@ cp $srcdir/docroot/123/*.txt \
   $srcdir/docroot/123/*.php \
   $srcdir/docroot/123/*.bla $tmpdir/servers/123.example.org/pages/
 cp $srcdir/lighttpd.user $tmpdir/
+cp $srcdir/lighttpd.htpasswd $tmpdir/
 cp $srcdir/var-include-sub.conf $tmpdir/../
 touch $tmpdir/servers/www.example.org/pages/image.jpg \
      $tmpdir/servers/www.example.org/pages/image.JPG \