From 78a4c3c46e741e1eb64899e6ee9fb913318791e1 Mon Sep 17 00:00:00 2001 From: Jacob Champion Date: Tue, 20 Jun 2017 23:55:17 +0000 Subject: ap_get_basic_auth_components: add unit tests git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1799379 13f79535-47bb-0310-9956-ffa450edef68 --- test/unit/authn.c | 156 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 test/unit/authn.c (limited to 'test') diff --git a/test/unit/authn.c b/test/unit/authn.c new file mode 100644 index 0000000000..67ef04a3c5 --- /dev/null +++ b/test/unit/authn.c @@ -0,0 +1,156 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "check.h" +#include "../httpdunit.h" + +#include "httpd.h" +#include "http_config.h" +#include "http_protocol.h" + +/* + * Test Fixture -- runs once per test + */ + +static apr_pool_t *g_pool; +static request_rec *g_request; + +static void authn_setup(void) +{ + if (apr_pool_create(&g_pool, NULL) != APR_SUCCESS) { + exit(1); + } + + /* Stub out just enough of a request_req to get the tests working. + * Unfortunately this couples us to implementation details in the code being + * tested, but the logic to get a "real" request_rec requires spinning up + * half of the world. */ + g_request = apr_pcalloc(g_pool, sizeof(*g_request)); + if (!g_request) { + exit(1); + } + + g_request->pool = g_pool; + g_request->headers_in = apr_table_make(g_pool, 1); + + if (!g_request->headers_in) { + exit(1); + } +} + +static void authn_teardown(void) +{ + apr_pool_destroy(g_pool); +} + +/* + * ap_get_basic_auth_components() + */ + +static const char * const basic_auth_cases[][3] = { + /* + * case[0] - Authorization header value + * case[1] - expected username + * case[2] - expected password + */ + { "Basic Ym9iOm15cGFzcw==", "bob", "mypass" }, + { "Basic Ym9iOm15cGFzcw==", "bob", "mypass" }, + { "Basic Ym9iOg==", "bob", "" }, + { "Basic Om15cGFzcw==", "", "mypass" }, + { "Basic Og==", "", "" }, + + /* + * Dubious compatibility cases + */ + + /* HT is disallowed per 7235, but ap_get_basic_auth_pw() allowed it */ + { "Basic \tYm9iOm15cGFzcw==", "bob", "mypass" }, + /* username without colon separator, technically disallowed per 2617 */ + { "Basic Ym9i", "bob", "" }, + /* no data at all, technically disallowed per 2617/7235 */ + { "Basic ", "", "" }, + { "Basic", "", "" }, + /* completely invalid junk, disallowed per 2617/7235 */ + { "Basic ?*J#kd92%$@", "", "" }, +}; +static const size_t basic_auth_cases_len = sizeof(basic_auth_cases) / + sizeof(basic_auth_cases[0]); + +HTTPD_START_LOOP_TEST(test_get_basic_auth_components_correctly_decodes_credentials, basic_auth_cases_len) +{ + const char *header_val = basic_auth_cases[_i][0]; + const char *expected_user = basic_auth_cases[_i][1]; + const char *expected_pass = basic_auth_cases[_i][2]; + + apr_status_t status; + const char *username; + const char *password; + + apr_table_setn(g_request->headers_in, "Authorization", header_val); + + status = ap_get_basic_auth_components(g_request, &username, &password); + + ck_assert_int_eq(status, APR_SUCCESS); + ck_assert_str_eq(username, expected_user); + ck_assert_str_eq(password, expected_pass); +} +END_TEST + +START_TEST(test_get_basic_auth_components_fails_without_Authorization_header) +{ + apr_status_t status; + + status = ap_get_basic_auth_components(g_request, NULL, NULL); + ck_assert_int_eq(status, APR_EINVAL); +} +END_TEST + +START_TEST(test_get_basic_auth_components_fails_with_non_Basic_credentials) +{ + apr_status_t status; + + apr_table_setn(g_request->headers_in, "Authorization", + "Digest Ym9iOm15cGFzcw=="); + + status = ap_get_basic_auth_components(g_request, NULL, NULL); + ck_assert_int_eq(status, APR_EINVAL); +} +END_TEST + +START_TEST(test_get_basic_auth_components_uses_Proxy_Authorization_for_proxied_requests) +{ + apr_status_t status; + const char *username; + const char *password; + + g_request->proxyreq = PROXYREQ_PROXY; + apr_table_setn(g_request->headers_in, "Proxy-Authorization", + "Basic Ym9iOm15cGFzcw=="); + + status = ap_get_basic_auth_components(g_request, &username, &password); + + ck_assert_int_eq(status, APR_SUCCESS); + ck_assert_str_eq(username, "bob"); + ck_assert_str_eq(password, "mypass"); +} +END_TEST + +/* + * Test Case Boilerplate + */ +HTTPD_BEGIN_TEST_CASE_WITH_FIXTURE(authn, authn_setup, authn_teardown) +#include "test/unit/authn.tests" +HTTPD_END_TEST_CASE -- cgit v1.2.3