Mercurial > hg > nginx-tests
comparison auth_request.t @ 322:67c348ba1768
Tests: auth request tests import.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 21 Aug 2013 19:22:06 +0400 |
parents | |
children | d48de852157c |
comparison
equal
deleted
inserted
replaced
321:f98e8674361b | 322:67c348ba1768 |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Maxim Dounin | |
4 | |
5 # Tests for auth request module. | |
6 | |
7 ############################################################################### | |
8 | |
9 use warnings; | |
10 use strict; | |
11 | |
12 use Socket qw/ CRLF /; | |
13 | |
14 use Test::More; | |
15 | |
16 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
17 | |
18 use lib 'lib'; | |
19 use Test::Nginx; | |
20 | |
21 ############################################################################### | |
22 | |
23 select STDERR; $| = 1; | |
24 select STDOUT; $| = 1; | |
25 | |
26 my $t = Test::Nginx->new() | |
27 ->has(qw/http rewrite proxy fastcgi auth_basic auth_request/) | |
28 ->plan(18); | |
29 | |
30 $t->write_file_expand('nginx.conf', <<'EOF'); | |
31 | |
32 %%TEST_GLOBALS%% | |
33 | |
34 master_process off; | |
35 daemon off; | |
36 | |
37 events { | |
38 } | |
39 | |
40 http { | |
41 %%TEST_GLOBALS_HTTP%% | |
42 | |
43 server { | |
44 listen 127.0.0.1:8080; | |
45 server_name localhost; | |
46 | |
47 location / { | |
48 return 444; | |
49 } | |
50 | |
51 location /open { | |
52 auth_request /auth-open; | |
53 } | |
54 location = /auth-open { | |
55 return 204; | |
56 } | |
57 | |
58 location /open-static { | |
59 auth_request /auth-open-static; | |
60 } | |
61 location = /auth-open-static { | |
62 # nothing, use static file | |
63 } | |
64 | |
65 location /unauthorized { | |
66 auth_request /auth-unauthorized; | |
67 } | |
68 location = /auth-unauthorized { | |
69 return 401; | |
70 } | |
71 | |
72 location /forbidden { | |
73 auth_request /auth-forbidden; | |
74 } | |
75 location = /auth-forbidden { | |
76 return 403; | |
77 } | |
78 | |
79 location /error { | |
80 auth_request /auth-error; | |
81 } | |
82 location = /auth-error { | |
83 return 404; | |
84 } | |
85 | |
86 location /off { | |
87 auth_request off; | |
88 } | |
89 | |
90 location /proxy { | |
91 auth_request /auth-proxy; | |
92 } | |
93 location = /auth-proxy { | |
94 proxy_pass http://127.0.0.1:8080/auth-basic; | |
95 proxy_pass_request_body off; | |
96 proxy_set_header Content-Length ""; | |
97 } | |
98 location = /auth-basic { | |
99 auth_basic "restricted"; | |
100 auth_basic_user_file %%TESTDIR%%/htpasswd; | |
101 } | |
102 | |
103 location = /proxy-double { | |
104 proxy_pass http://127.0.0.1:8080/auth-error; | |
105 proxy_intercept_errors on; | |
106 error_page 404 = /proxy-double-fallback; | |
107 client_body_buffer_size 4k; | |
108 } | |
109 location = /proxy-double-fallback { | |
110 auth_request /auth-proxy-double; | |
111 proxy_pass http://127.0.0.1:8080/auth-open; | |
112 } | |
113 location = /auth-proxy-double { | |
114 proxy_pass http://127.0.0.1:8080/auth-open; | |
115 proxy_pass_request_body off; | |
116 proxy_set_header Content-Length ""; | |
117 } | |
118 | |
119 location /fastcgi { | |
120 auth_request /auth-fastcgi; | |
121 } | |
122 location = /auth-fastcgi { | |
123 fastcgi_pass 127.0.0.1:8081; | |
124 fastcgi_pass_request_body off; | |
125 } | |
126 } | |
127 } | |
128 | |
129 EOF | |
130 | |
131 $t->write_file('htpasswd', 'user:zz1T8N4tWvmbE' . "\n"); | |
132 $t->write_file('auth-basic', 'INVISIBLE'); | |
133 $t->write_file('auth-open-static', 'INVISIBLE'); | |
134 $t->run(); | |
135 | |
136 ############################################################################### | |
137 | |
138 pass('runs'); | |
139 | |
140 like(http_get('/open'), qr/ 404 /, 'auth open'); | |
141 like(http_get('/unauthorized'), qr/ 401 /, 'auth unauthorized'); | |
142 like(http_get('/forbidden'), qr/ 403 /, 'auth forbidden'); | |
143 like(http_get('/error'), qr/ 500 /, 'auth error'); | |
144 like(http_get('/off'), qr/ 404 /, 'auth off'); | |
145 | |
146 like(http_post('/open'), qr/ 404 /, 'auth post open'); | |
147 like(http_post('/unauthorized'), qr/ 401 /, 'auth post unauthorized'); | |
148 | |
149 like(http_get('/open-static'), qr/ 404 /, 'auth open static'); | |
150 unlike(http_get('/open-static'), qr/INVISIBLE/, 'auth static no content'); | |
151 | |
152 like(http_get('/proxy'), qr/ 401 /, 'proxy auth unauthorized'); | |
153 like(http_get('/proxy'), qr/WWW-Authenticate: Basic realm="restricted"/, | |
154 'proxy auth has www-authenticate'); | |
155 like(http_get_auth('/proxy'), qr/ 404 /, 'proxy auth pass'); | |
156 unlike(http_get_auth('/proxy'), qr/INVISIBLE/, 'proxy auth no content'); | |
157 | |
158 like(http_post('/proxy'), qr/ 401 /, 'proxy auth post'); | |
159 | |
160 # Consider the following scenario: | |
161 # | |
162 # 1. proxy_pass reads request body, then goes to fallback via error_page | |
163 # 2. auth request uses proxy_pass, and upstream module closes request body file | |
164 # in ngx_http_upstream_send_response() | |
165 # 3. oops: fallback has no body | |
166 # | |
167 # To prevent this we always allocate fake request body for auth request. | |
168 # | |
169 # Note that this doesn't happen when using header_only as relevant code | |
170 # in ngx_http_upstream_send_response() isn't reached. It may be reached | |
171 # with proxy_cache or proxy_store, but they will shutdown client connection | |
172 # in case of header_only and hence do not work for us at all. | |
173 | |
174 like(http_post_big('/proxy-double'), qr/ 204 /, 'proxy auth with body read'); | |
175 | |
176 SKIP: { | |
177 eval { require FCGI; }; | |
178 skip 'FCGI not installed', 2 if $@; | |
179 | |
180 $t->run_daemon(\&fastcgi_daemon); | |
181 $t->waitforsocket('127.0.0.1:8081'); | |
182 | |
183 like(http_get('/fastcgi'), qr/ 404 /, 'fastcgi auth open'); | |
184 unlike(http_get('/fastcgi'), qr/INVISIBLE/, 'fastcgi auth no content'); | |
185 } | |
186 | |
187 ############################################################################### | |
188 | |
189 sub http_get_auth { | |
190 my ($url, %extra) = @_; | |
191 return http(<<EOF, %extra); | |
192 GET $url HTTP/1.0 | |
193 Host: localhost | |
194 Authorization: Basic dXNlcjpzZWNyZXQ= | |
195 | |
196 EOF | |
197 } | |
198 | |
199 sub http_post { | |
200 my ($url, %extra) = @_; | |
201 | |
202 my $p = "POST $url HTTP/1.0" . CRLF . | |
203 "Host: localhost" . CRLF . | |
204 "Content-Length: 10" . CRLF . | |
205 CRLF . | |
206 "1234567890"; | |
207 | |
208 return http($p, %extra); | |
209 } | |
210 | |
211 sub http_post_big { | |
212 my ($url, %extra) = @_; | |
213 | |
214 my $p = "POST $url HTTP/1.0" . CRLF . | |
215 "Host: localhost" . CRLF . | |
216 "Content-Length: 10240" . CRLF . | |
217 CRLF . | |
218 ("1234567890" x 1024); | |
219 | |
220 return http($p, %extra); | |
221 } | |
222 | |
223 ############################################################################### | |
224 | |
225 sub fastcgi_daemon { | |
226 my $socket = FCGI::OpenSocket('127.0.0.1:8081', 5); | |
227 my $request = FCGI::Request(\*STDIN, \*STDOUT, \*STDERR, \%ENV, | |
228 $socket); | |
229 | |
230 while ($request->Accept() >= 0) { | |
231 print <<EOF; | |
232 Content-Type: text/html | |
233 | |
234 INVISIBLE | |
235 EOF | |
236 } | |
237 | |
238 FCGI::CloseSocket($socket); | |
239 } | |
240 | |
241 ############################################################################### |