tests for htpasswd + md5 and referer matching in conditionals

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@711 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.6
Jan Kneschke 2005-09-16 12:44:29 +00:00
parent be5f187d0f
commit e2cf5d3094
4 changed files with 79 additions and 23 deletions

View File

@ -8,7 +8,7 @@ BEGIN {
use strict;
use IO::Socket;
use Test::More tests => 11;
use Test::More tests => 14;
use LightyTest;
my $tf = LightyTest->new();
@ -56,7 +56,7 @@ ok($tf->start_proc == 0, "Starting lighttpd") or die();
$t->{REQUEST} = ( <<EOF
GET /nofile.png HTTP/1.0
Host: www.example.org
Host: referer.example.org
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
@ -64,21 +64,51 @@ ok($tf->handle_http($t) == 0, 'condition: Referer - no referer');
$t->{REQUEST} = ( <<EOF
GET /nofile.png HTTP/1.0
Host: www.example.org
Referer: http://www.example.org/
Host: referer.example.org
Referer: http://referer.example.org/
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex');
$t->{REQUEST} = ( <<EOF
TODO: {
local $TODO = "referer matching in conditionals";
$t->{REQUEST} = ( <<EOF
GET /nofile.png HTTP/1.0
Host: referer.example.org
Referer: http://evil-referer.example.org/
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
ok($tf->handle_http($t) == 0, 'condition: Referer - referer doesn\'t match');
}
$t->{REQUEST} = ( <<EOF
GET /image.jpg HTTP/1.0
Host: www.example.org
Referer: http://123.example.org/
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
ok($tf->handle_http($t) == 0, 'condition: Referer - no referer');
$t->{REQUEST} = ( <<EOF
GET /image.jpg HTTP/1.0
Host: www.example.org
Referer: http://referer.example.org/
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex');
$t->{REQUEST} = ( <<EOF
GET /image.jpg HTTP/1.0
Host: www.example.org
Referer: http://evil-referer.example.org/
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
ok($tf->handle_http($t) == 0, 'condition: Referer - referer doesn\'t match');
ok($tf->stop_proc == 0, "Stopping lighttpd");

View File

@ -85,34 +85,27 @@ userdir.path = "/"
ssl.engine = "disable"
ssl.pemfile = "server.pem"
$HTTP["host"] == "auth-htpasswd.example.org" {
auth.backend = "htpasswd"
}
auth.backend = "plain"
auth.backend.plain.userfile = "@SRCDIR@/tmp/lighttpd/lighttpd.user"
auth.backend.plain.groupfile = "lighttpd.group"
auth.backend.ldap.hostname = "localhost"
auth.backend.ldap.base-dn = "dc=my-domain,dc=com"
auth.backend.ldap.filter = "(uid=$)"
auth.backend.htpasswd.userfile = "@SRCDIR@/tmp/lighttpd/lighttpd.htpasswd"
auth.require = ( "/server-status" =>
(
"method" => "digest",
"realm" => "download archiv",
# "require" => ("group=www", "user=jan", "host=192.168.2.10")
"require" => "group=www|user=jan|host=192.168.2.10"
),
"/auth.php" =>
(
"method" => "basic",
"realm" => "download archiv",
# "require" => ("group=www", "user=jan", "host=192.168.2.10")
"require" => "user=jan"
),
"/server-config" =>
(
"method" => "basic",
"realm" => "download archiv",
# "require" => ("group=www", "user=jan", "user=weigon", "host=192.168.2.10")
"require" => "group=www|user=jan|host=192.168.2.10"
"require" => "valid-user"
)
)
@ -175,7 +168,13 @@ $HTTP["remoteip"] =~ "(127.0.0.1)" {
}
# deny access for all image stealers
$HTTP["referer"] !~ "^($|http://www\.example\.org)" {
url.access-deny = ( ".jpg", ".jpeg", ".png" )
$HTTP["host"] == "referer.example.org" {
$HTTP["referer"] !~ "^($|http://referer\.example\.org)" {
url.access-deny = ( ".png" )
}
}
$HTTP["referer"] !~ "^($|http://referer\.example\.org)" {
url.access-deny = ( ".jpg" )
}

View File

@ -8,7 +8,7 @@ BEGIN {
use strict;
use IO::Socket;
use Test::More tests => 6;
use Test::More tests => 9;
use LightyTest;
my $tf = LightyTest->new();
@ -37,6 +37,32 @@ Authorization: Basic amFuOmphbg==
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - plain');
$t->{REQUEST} = ( <<EOF
GET /server-config HTTP/1.0
Host: auth-htpasswd.example.org
Authorization: Basic ZGVzOmRlcw==
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des)');
$t->{REQUEST} = ( <<EOF
GET /server-config HTTP/1.0
Host: auth-htpasswd.example.org
Authorization: Basic bWQ1Om1kNQ==
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (md5)');
$t->{REQUEST} = ( <<EOF
GET /server-config HTTP/1.0
Authorization: Basic bWQ1Om1kNA==
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token');
## this should not crash

View File

@ -37,6 +37,7 @@ cp $srcdir/docroot/123/*.txt \
$srcdir/docroot/123/*.php \
$srcdir/docroot/123/*.bla $tmpdir/servers/123.example.org/pages/
cp $srcdir/lighttpd.user $tmpdir/
cp $srcdir/lighttpd.htpasswd $tmpdir/
cp $srcdir/var-include-sub.conf $tmpdir/../
touch $tmpdir/servers/www.example.org/pages/image.jpg \
$tmpdir/servers/www.example.org/pages/image.JPG \