/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
/*
* Copyright (C) 2001-2003, Ximian, Inc.
*/
#include "test-utils.h"
static SoupURI *base_uri;
static struct {
gboolean client_sent_basic, client_sent_digest;
gboolean server_requested_basic, server_requested_digest;
gboolean succeeded;
} test_data;
static void
curl_exited (GPid pid, int status, gpointer data)
{
gboolean *done = data;
*done = TRUE;
test_data.succeeded = (status == 0);
}
static void
do_test (SoupURI *base_uri, const char *path,
gboolean good_user, gboolean good_password,
gboolean offer_basic, gboolean offer_digest,
gboolean client_sends_basic, gboolean client_sends_digest,
gboolean server_requests_basic, gboolean server_requests_digest,
gboolean success)
{
SoupURI *uri;
char *uri_str;
GPtrArray *args;
GPid pid;
gboolean done;
/* We build the URI this way to avoid having soup_uri_new()
normalize the path, hence losing the encoded characters in
tests 4. and 5. below. */
uri = soup_uri_copy (base_uri);
soup_uri_set_path (uri, path);
uri_str = soup_uri_to_string (uri, FALSE);
soup_uri_free (uri);
args = g_ptr_array_new ();
g_ptr_array_add (args, "curl");
g_ptr_array_add (args, "--noproxy");
g_ptr_array_add (args, "*");
g_ptr_array_add (args, "-f");
g_ptr_array_add (args, "-s");
if (offer_basic || offer_digest) {
g_ptr_array_add (args, "-u");
if (good_user) {
if (good_password)
g_ptr_array_add (args, "user:password");
else
g_ptr_array_add (args, "user:badpassword");
} else {
if (good_password)
g_ptr_array_add (args, "baduser:password");
else
g_ptr_array_add (args, "baduser:badpassword");
}
if (offer_basic && offer_digest)
g_ptr_array_add (args, "--anyauth");
else if (offer_basic)
g_ptr_array_add (args, "--basic");
else
g_ptr_array_add (args, "--digest");
}
g_ptr_array_add (args, uri_str);
g_ptr_array_add (args, NULL);
memset (&test_data, 0, sizeof (test_data));
if (g_spawn_async (NULL, (char **)args->pdata, NULL,
G_SPAWN_SEARCH_PATH | G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_STDERR_TO_DEV_NULL | G_SPAWN_DO_NOT_REAP_CHILD,
NULL, NULL, &pid, NULL)) {
done = FALSE;
g_child_watch_add (pid, curl_exited, &done);
while (!done)
g_main_context_iteration (NULL, TRUE);
} else
test_data.succeeded = FALSE;
g_ptr_array_free (args, TRUE);
g_free (uri_str);
g_assert_cmpint (server_requests_basic, ==, test_data.server_requested_basic);
g_assert_cmpint (server_requests_digest, ==, test_data.server_requested_digest);
g_assert_cmpint (client_sends_basic, ==, test_data.client_sent_basic);
g_assert_cmpint (client_sends_digest, ==, test_data.client_sent_digest);
g_assert_cmpint (success, ==, test_data.succeeded);
}
#define TEST_USES_BASIC(t) (((t) & 1) == 1)
#define TEST_USES_DIGEST(t) (((t) & 2) == 2)
#define TEST_GOOD_USER(t) (((t) & 4) == 4)
#define TEST_GOOD_PASSWORD(t) (((t) & 8) == 8)
#define TEST_GOOD_AUTH(t) (TEST_GOOD_USER (t) && TEST_GOOD_PASSWORD (t))
#define TEST_PREEMPTIVE_BASIC(t) (TEST_USES_BASIC (t) && !TEST_USES_DIGEST (t))
static void
do_server_auth_test (gconstpointer data)
{
int i = GPOINTER_TO_INT (data);
#ifndef HAVE_CURL
g_test_skip ("/usr/bin/curl is not available");
return;
#endif
/* 1. No auth required. The server will ignore the
* Authorization headers completely, and the request
* will always succeed.
*/
do_test (base_uri, "/foo",
TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i),
/* request */
TEST_USES_BASIC (i), TEST_USES_DIGEST (i),
/* expected from client */
TEST_PREEMPTIVE_BASIC (i), FALSE,
/* expected from server */
FALSE, FALSE,
/* success? */
TRUE);
/* 2. Basic auth required. The server will send
* "WWW-Authenticate: Basic" if the client fails to
* send an Authorization: Basic on the first request,
* or if it sends a bad password.
*/
do_test (base_uri, "/Basic/foo",
TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i),
/* request */
TEST_USES_BASIC (i), TEST_USES_DIGEST (i),
/* expected from client */
TEST_USES_BASIC (i), FALSE,
/* expected from server */
!TEST_PREEMPTIVE_BASIC (i) || !TEST_GOOD_AUTH (i), FALSE,
/* success? */
TEST_USES_BASIC (i) && TEST_GOOD_AUTH (i));
/* 3. Digest auth required. Simpler than the basic
* case because the client can't send Digest auth
* premptively.
*/
do_test (base_uri, "/Digest/foo",
TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i),
/* request */
TEST_USES_BASIC (i), TEST_USES_DIGEST (i),
/* expected from client */
TEST_PREEMPTIVE_BASIC (i), TEST_USES_DIGEST (i),
/* expected from server */
FALSE, TRUE,
/* success? */
TEST_USES_DIGEST (i) && TEST_GOOD_AUTH (i));
/* 4. Digest auth with encoded URI. See #794208.
*/
do_test (base_uri, "/Digest/A%20B",
TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i),
/* request */
TEST_USES_BASIC (i), TEST_USES_DIGEST (i),
/* expected from client */
TEST_PREEMPTIVE_BASIC (i), TEST_USES_DIGEST (i),
/* expected from server */
FALSE, TRUE,
/* success? */
TEST_USES_DIGEST (i) && TEST_GOOD_AUTH (i));
/* 5. Digest auth with a mixture of encoded and decoded chars in the URI. See #794208.
*/
do_test (base_uri, "/Digest/A%20|%20B",
TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i),
/* request */
TEST_USES_BASIC (i), TEST_USES_DIGEST (i),
/* expected from client */
TEST_PREEMPTIVE_BASIC (i), TEST_USES_DIGEST (i),
/* expected from server */
FALSE, TRUE,
/* success? */
TEST_USES_DIGEST (i) && TEST_GOOD_AUTH (i));
/* 6. Digest auth with UTF-8 chars in the URI. See #794208.
*/
do_test (base_uri, "/Digest/A௹B",
TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i),
/* request */
TEST_USES_BASIC (i), TEST_USES_DIGEST (i),
/* expected from client */
TEST_PREEMPTIVE_BASIC (i), TEST_USES_DIGEST (i),
/* expected from server */
FALSE, TRUE,
/* success? */
TEST_USES_DIGEST (i) && TEST_GOOD_AUTH (i));
/* 7. Any auth required. */
do_test (base_uri, "/Any/foo",
TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i),
/* request */
TEST_USES_BASIC (i), TEST_USES_DIGEST (i),
/* expected from client */
TEST_PREEMPTIVE_BASIC (i), TEST_USES_DIGEST (i),
/* expected from server */
!TEST_PREEMPTIVE_BASIC (i) || !TEST_GOOD_AUTH (i), !TEST_PREEMPTIVE_BASIC (i) || !TEST_GOOD_AUTH (i),
/* success? */
(TEST_USES_BASIC (i) || TEST_USES_DIGEST (i)) && TEST_GOOD_AUTH (i));
/* 8. No auth required again. (Makes sure that
* SOUP_AUTH_DOMAIN_REMOVE_PATH works.)
*/
do_test (base_uri, "/Any/Not/foo",
TEST_GOOD_USER (i), TEST_GOOD_PASSWORD (i),
/* request */
TEST_USES_BASIC (i), TEST_USES_DIGEST (i),
/* expected from client */
TEST_PREEMPTIVE_BASIC (i), FALSE,
/* expected from server */
FALSE, FALSE,
/* success? */
TRUE);
}
static gboolean
basic_auth_callback (SoupAuthDomain *auth_domain, SoupMessage *msg,
const char *username, const char *password, gpointer data)
{
return !strcmp (username, "user") && !strcmp (password, "password");
}
static char *
digest_auth_callback (SoupAuthDomain *auth_domain, SoupMessage *msg,
const char *username, gpointer data)
{
if (strcmp (username, "user") != 0)
return NULL;
/* Note: this is exactly how you *shouldn't* do it in the real
* world; you should have the pre-encoded password stored in a
* database of some sort rather than using the cleartext
* password in the callback.
*/
return soup_auth_domain_digest_encode_password ("user",
"server-auth-test",
"password");
}
static void
server_callback (SoupServer *server, SoupMessage *msg,
const char *path, GHashTable *query,
SoupClientContext *context, gpointer data)
{
if (msg->method != SOUP_METHOD_GET && msg->method != SOUP_METHOD_HEAD) {
soup_message_set_status (msg, SOUP_STATUS_NOT_IMPLEMENTED);
return;
}
soup_message_set_response (msg, "text/plain",
SOUP_MEMORY_STATIC,
"OK\r\n", 4);
soup_message_set_status (msg, SOUP_STATUS_OK);
}
static void
got_headers_callback (SoupMessage *msg, gpointer data)
{
const char *header;
header = soup_message_headers_get_one (msg->request_headers,
"Authorization");
if (header) {
if (strstr (header, "Basic "))
test_data.client_sent_basic = TRUE;
if (strstr (header, "Digest "))
test_data.client_sent_digest = TRUE;
}
}
static void
wrote_headers_callback (SoupMessage *msg, gpointer data)
{
const char *header;
header = soup_message_headers_get_list (msg->response_headers,
"WWW-Authenticate");
if (header) {
if (strstr (header, "Basic "))
test_data.server_requested_basic = TRUE;
if (strstr (header, "Digest "))
test_data.server_requested_digest = TRUE;
}
}
static void
request_started_callback (SoupServer *server, SoupMessage *msg,
SoupClientContext *client, gpointer data)
{
g_signal_connect (msg, "got_headers",
G_CALLBACK (got_headers_callback), NULL);
g_signal_connect (msg, "wrote_headers",
G_CALLBACK (wrote_headers_callback), NULL);
}
static gboolean run_tests = TRUE;
static GOptionEntry no_test_entry[] = {
{ "no-tests", 'n', G_OPTION_FLAG_REVERSE,
G_OPTION_ARG_NONE, &run_tests,
"Don't run tests, just run the test server", NULL },
{ NULL }
};
int
main (int argc, char **argv)
{
GMainLoop *loop;
SoupServer *server;
SoupAuthDomain *auth_domain;
int ret;
test_init (argc, argv, no_test_entry);
server = soup_test_server_new (SOUP_TEST_SERVER_DEFAULT);
g_signal_connect (server, "request_started",
G_CALLBACK (request_started_callback), NULL);
soup_server_add_handler (server, NULL,
server_callback, NULL, NULL);
auth_domain = soup_auth_domain_basic_new (
SOUP_AUTH_DOMAIN_REALM, "server-auth-test",
SOUP_AUTH_DOMAIN_ADD_PATH, "/Basic",
SOUP_AUTH_DOMAIN_ADD_PATH, "/Any",
SOUP_AUTH_DOMAIN_REMOVE_PATH, "/Any/Not",
SOUP_AUTH_DOMAIN_BASIC_AUTH_CALLBACK, basic_auth_callback,
NULL);
soup_server_add_auth_domain (server, auth_domain);
g_object_unref (auth_domain);
auth_domain = soup_auth_domain_digest_new (
SOUP_AUTH_DOMAIN_REALM, "server-auth-test",
SOUP_AUTH_DOMAIN_ADD_PATH, "/Digest",
SOUP_AUTH_DOMAIN_ADD_PATH, "/Any",
SOUP_AUTH_DOMAIN_REMOVE_PATH, "/Any/Not",
SOUP_AUTH_DOMAIN_DIGEST_AUTH_CALLBACK, digest_auth_callback,
NULL);
soup_server_add_auth_domain (server, auth_domain);
g_object_unref (auth_domain);
loop = g_main_loop_new (NULL, TRUE);
base_uri = soup_test_server_get_uri (server, "http", NULL);
if (run_tests) {
int i;
for (i = 0; i < 16; i++) {
char *path;
const char *authtypes;
if (!TEST_GOOD_USER (i) && !TEST_GOOD_PASSWORD (i))
continue;
if (TEST_USES_BASIC (i)) {
if (TEST_USES_DIGEST (i))
authtypes = "basic+digest";
else
authtypes = "basic";
} else {
if (TEST_USES_DIGEST (i))
authtypes = "digest";
else
authtypes = "none";
}
path = g_strdup_printf ("/server-auth/%s/%s-user%c%s-password",
authtypes,
TEST_GOOD_USER (i) ? "good" : "bad",
TEST_GOOD_USER (i) ? '/' : '\0',
TEST_GOOD_PASSWORD (i) ? "good" : "bad");
g_test_add_data_func (path, GINT_TO_POINTER (i), do_server_auth_test);
g_free (path);
}
ret = g_test_run ();
} else {
g_print ("Listening on port %d\n", base_uri->port);
g_main_loop_run (loop);
ret = 0;
}
soup_uri_free (base_uri);
g_main_loop_unref (loop);
soup_test_server_quit_unref (server);
if (run_tests)
test_cleanup ();
return ret;
}