diff options
| -rwxr-xr-x | tests/core-condition.t | 42 | ||||
| -rw-r--r-- | tests/lighttpd.conf | 31 | ||||
| -rwxr-xr-x | tests/mod-auth.t | 28 | ||||
| -rwxr-xr-x | tests/prepare.sh | 1 |
4 files changed, 79 insertions, 23 deletions
diff --git a/tests/core-condition.t b/tests/core-condition.t index f685bd36..3e7e8ad9 100755 --- a/tests/core-condition.t +++ b/tests/core-condition.t @@ -8,7 +8,7 @@ BEGIN { use strict; use IO::Socket; -use Test::More tests => 11; +use Test::More tests => 14; use LightyTest; my $tf = LightyTest->new(); @@ -56,7 +56,7 @@ ok($tf->start_proc == 0, "Starting lighttpd") or die(); $t->{REQUEST} = ( <<EOF GET /nofile.png HTTP/1.0 -Host: www.example.org +Host: referer.example.org EOF ); $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ]; @@ -64,21 +64,51 @@ ok($tf->handle_http($t) == 0, 'condition: Referer - no referer'); $t->{REQUEST} = ( <<EOF GET /nofile.png HTTP/1.0 -Host: www.example.org -Referer: http://www.example.org/ +Host: referer.example.org +Referer: http://referer.example.org/ EOF ); $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ]; ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex'); -$t->{REQUEST} = ( <<EOF +TODO: { + local $TODO = "referer matching in conditionals"; + $t->{REQUEST} = ( <<EOF GET /nofile.png HTTP/1.0 +Host: referer.example.org +Referer: http://evil-referer.example.org/ +EOF + ); + $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; + ok($tf->handle_http($t) == 0, 'condition: Referer - referer doesn\'t match'); +} + +$t->{REQUEST} = ( <<EOF +GET /image.jpg HTTP/1.0 Host: www.example.org -Referer: http://123.example.org/ +EOF + ); +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ]; +ok($tf->handle_http($t) == 0, 'condition: Referer - no referer'); + +$t->{REQUEST} = ( <<EOF +GET /image.jpg HTTP/1.0 +Host: www.example.org +Referer: http://referer.example.org/ +EOF + ); +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ]; +ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex'); + +$t->{REQUEST} = ( <<EOF +GET /image.jpg HTTP/1.0 +Host: www.example.org +Referer: http://evil-referer.example.org/ EOF ); $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; ok($tf->handle_http($t) == 0, 'condition: Referer - referer doesn\'t match'); + ok($tf->stop_proc == 0, "Stopping lighttpd"); diff --git a/tests/lighttpd.conf b/tests/lighttpd.conf index 576fbd45..a435e8f0 100644 --- a/tests/lighttpd.conf +++ b/tests/lighttpd.conf @@ -85,34 +85,27 @@ userdir.path = "/" ssl.engine = "disable" ssl.pemfile = "server.pem" +$HTTP["host"] == "auth-htpasswd.example.org" { + auth.backend = "htpasswd" +} + auth.backend = "plain" auth.backend.plain.userfile = "@SRCDIR@/tmp/lighttpd/lighttpd.user" -auth.backend.plain.groupfile = "lighttpd.group" -auth.backend.ldap.hostname = "localhost" -auth.backend.ldap.base-dn = "dc=my-domain,dc=com" -auth.backend.ldap.filter = "(uid=$)" +auth.backend.htpasswd.userfile = "@SRCDIR@/tmp/lighttpd/lighttpd.htpasswd" + auth.require = ( "/server-status" => ( "method" => "digest", "realm" => "download archiv", -# "require" => ("group=www", "user=jan", "host=192.168.2.10") "require" => "group=www|user=jan|host=192.168.2.10" ), - "/auth.php" => - ( - "method" => "basic", - "realm" => "download archiv", -# "require" => ("group=www", "user=jan", "host=192.168.2.10") - "require" => "user=jan" - ), "/server-config" => ( "method" => "basic", "realm" => "download archiv", -# "require" => ("group=www", "user=jan", "user=weigon", "host=192.168.2.10") - "require" => "group=www|user=jan|host=192.168.2.10" + "require" => "valid-user" ) ) @@ -175,7 +168,13 @@ $HTTP["remoteip"] =~ "(127.0.0.1)" { } # deny access for all image stealers -$HTTP["referer"] !~ "^($|http://www\.example\.org)" { - url.access-deny = ( ".jpg", ".jpeg", ".png" ) +$HTTP["host"] == "referer.example.org" { + $HTTP["referer"] !~ "^($|http://referer\.example\.org)" { + url.access-deny = ( ".png" ) + } +} + +$HTTP["referer"] !~ "^($|http://referer\.example\.org)" { + url.access-deny = ( ".jpg" ) } diff --git a/tests/mod-auth.t b/tests/mod-auth.t index 97c87085..dc59e795 100755 --- a/tests/mod-auth.t +++ b/tests/mod-auth.t @@ -8,7 +8,7 @@ BEGIN { use strict; use IO::Socket; -use Test::More tests => 6; +use Test::More tests => 9; use LightyTest; my $tf = LightyTest->new(); @@ -37,6 +37,32 @@ Authorization: Basic amFuOmphbg== EOF ); $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ]; +ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - plain'); + +$t->{REQUEST} = ( <<EOF +GET /server-config HTTP/1.0 +Host: auth-htpasswd.example.org +Authorization: Basic ZGVzOmRlcw== +EOF + ); +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ]; +ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des)'); + +$t->{REQUEST} = ( <<EOF +GET /server-config HTTP/1.0 +Host: auth-htpasswd.example.org +Authorization: Basic bWQ1Om1kNQ== +EOF + ); +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ]; +ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (md5)'); + +$t->{REQUEST} = ( <<EOF +GET /server-config HTTP/1.0 +Authorization: Basic bWQ1Om1kNA== +EOF + ); +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ]; ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token'); ## this should not crash diff --git a/tests/prepare.sh b/tests/prepare.sh index 522dcbd0..3ac4943b 100755 --- a/tests/prepare.sh +++ b/tests/prepare.sh @@ -37,6 +37,7 @@ cp $srcdir/docroot/123/*.txt \ $srcdir/docroot/123/*.php \ $srcdir/docroot/123/*.bla $tmpdir/servers/123.example.org/pages/ cp $srcdir/lighttpd.user $tmpdir/ +cp $srcdir/lighttpd.htpasswd $tmpdir/ cp $srcdir/var-include-sub.conf $tmpdir/../ touch $tmpdir/servers/www.example.org/pages/image.jpg \ $tmpdir/servers/www.example.org/pages/image.JPG \ |