tests for htpasswd + md5 and referer matching in conditionals

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@711 152afb58-edef-0310-8abb-c4023f1b3aa9

tests/core-condition.t

@@ -8,7 +8,7 @@ BEGIN {
 
 use strict;
 use IO::Socket;
-use Test::More tests => 11;
+use Test::More tests => 14;
 use LightyTest;
 
 my $tf = LightyTest->new();
@@ -56,7 +56,7 @@ ok($tf->start_proc == 0, "Starting lighttpd") or die();
 
 $t->{REQUEST}  = ( <<EOF
 GET /nofile.png HTTP/1.0
-Host: www.example.org
+Host: referer.example.org
 EOF
  );
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
@@ -64,21 +64,51 @@ ok($tf->handle_http($t) == 0, 'condition: Referer - no referer');
 
 $t->{REQUEST}  = ( <<EOF
 GET /nofile.png HTTP/1.0
-Host: www.example.org
-Referer: http://www.example.org/
+Host: referer.example.org
+Referer: http://referer.example.org/
 EOF
  );
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
 ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex');
 
-$t->{REQUEST}  = ( <<EOF
+TODO: {
+  local $TODO = "referer matching in conditionals";
+  $t->{REQUEST}  = ( <<EOF
 GET /nofile.png HTTP/1.0
+Host: referer.example.org
+Referer: http://evil-referer.example.org/
+EOF
+ );
+  $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
+  ok($tf->handle_http($t) == 0, 'condition: Referer - referer doesn\'t match');
+}
+
+$t->{REQUEST}  = ( <<EOF
+GET /image.jpg HTTP/1.0
 Host: www.example.org
-Referer: http://123.example.org/
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'condition: Referer - no referer');
+
+$t->{REQUEST}  = ( <<EOF
+GET /image.jpg HTTP/1.0
+Host: www.example.org
+Referer: http://referer.example.org/
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex');
+
+$t->{REQUEST}  = ( <<EOF
+GET /image.jpg HTTP/1.0
+Host: www.example.org
+Referer: http://evil-referer.example.org/
 EOF
  );
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
 ok($tf->handle_http($t) == 0, 'condition: Referer - referer doesn\'t match');
 
+
 ok($tf->stop_proc == 0, "Stopping lighttpd");
 

tests/lighttpd.conf

@@ -85,34 +85,27 @@ userdir.path = "/"
 ssl.engine                  = "disable"
 ssl.pemfile                 = "server.pem"
 
+$HTTP["host"] == "auth-htpasswd.example.org" {
+	auth.backend                = "htpasswd"
+}
+
 auth.backend                = "plain"
 auth.backend.plain.userfile = "@SRCDIR@/tmp/lighttpd/lighttpd.user"
-auth.backend.plain.groupfile = "lighttpd.group"
 
-auth.backend.ldap.hostname  = "localhost"
-auth.backend.ldap.base-dn   = "dc=my-domain,dc=com"
-auth.backend.ldap.filter    = "(uid=$)"
+auth.backend.htpasswd.userfile = "@SRCDIR@/tmp/lighttpd/lighttpd.htpasswd"
+
 
 auth.require                = ( "/server-status" => 
                                 ( 
 				  "method"  => "digest",
 				  "realm"   => "download archiv",
-#				  "require" => ("group=www", "user=jan", "host=192.168.2.10")
 				  "require" => "group=www|user=jan|host=192.168.2.10"
 				),
-				"/auth.php" => 
-                                ( 
-				  "method"  => "basic",
-				  "realm"   => "download archiv",
-#				  "require" => ("group=www", "user=jan", "host=192.168.2.10")
-				  "require" => "user=jan"
-				),
 				"/server-config" => 
                                 ( 
 				  "method"  => "basic",
 				  "realm"   => "download archiv",
-#				  "require" => ("group=www", "user=jan", "user=weigon", "host=192.168.2.10")
-				  "require" => "group=www|user=jan|host=192.168.2.10"
+				  "require" => "valid-user"
 				)
                               )
 
@@ -175,7 +168,13 @@ $HTTP["remoteip"] =~ "(127.0.0.1)" {
 }
 
 # deny access for all image stealers
-$HTTP["referer"] !~ "^($|http://www\.example\.org)" {
-  url.access-deny = ( ".jpg", ".jpeg", ".png" )
+$HTTP["host"] == "referer.example.org" {
+  $HTTP["referer"] !~ "^($|http://referer\.example\.org)" {
+    url.access-deny = ( ".png" )
+  }
+}
+
+$HTTP["referer"] !~ "^($|http://referer\.example\.org)" {
+  url.access-deny = ( ".jpg" )
 }
 

tests/mod-auth.t

@@ -8,7 +8,7 @@ BEGIN {
 
 use strict;
 use IO::Socket;
-use Test::More tests => 6;
+use Test::More tests => 9;
 use LightyTest;
 
 my $tf = LightyTest->new();
@@ -37,6 +37,32 @@ Authorization: Basic amFuOmphbg==
 EOF
  );
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - plain');
+
+$t->{REQUEST}  = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: Basic ZGVzOmRlcw==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des)');
+
+$t->{REQUEST}  = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: Basic bWQ1Om1kNQ==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (md5)');
+
+$t->{REQUEST}  = ( <<EOF
+GET /server-config HTTP/1.0
+Authorization: Basic bWQ1Om1kNA==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token');
 
 ## this should not crash

tests/prepare.sh

@@ -37,6 +37,7 @@ cp $srcdir/docroot/123/*.txt \
    $srcdir/docroot/123/*.php \
    $srcdir/docroot/123/*.bla $tmpdir/servers/123.example.org/pages/
 cp $srcdir/lighttpd.user $tmpdir/
+cp $srcdir/lighttpd.htpasswd $tmpdir/
 cp $srcdir/var-include-sub.conf $tmpdir/../
 touch $tmpdir/servers/www.example.org/pages/image.jpg \
       $tmpdir/servers/www.example.org/pages/image.JPG \