diff options
Diffstat (limited to 'test/auth.c')
-rw-r--r-- | test/auth.c | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/test/auth.c b/test/auth.c index 8186c91..f6ccad1 100644 --- a/test/auth.c +++ b/test/auth.c @@ -1545,6 +1545,65 @@ static int forget(void) return await_server(); } +static int serve_basic_scope_checker(ne_socket *sock, void *userdata) +{ + /* --- GET /fish/0.txt -- first request */ + digest_hdr = NULL; + got_header = dup_header; + want_header = "Authorization"; + CALL(discard_request(sock)); + if (digest_hdr) { + t_context("Got WWW-Auth header on initial request"); + return error_response(sock, FAIL); + } + + send_response(sock, CHAL_WALLY, 401, 0); + + /* Retry of GET /fish/0 - expect Basic creds */ + auth_failed = 0; + got_header = auth_hdr; + CALL(discard_request(sock)); + if (auth_failed) { + t_context("bad Basic Auth on first request"); + return error_response(sock, FAIL); + } + send_response(sock, CHAL_WALLY, 200, 0); + + /* --- GET /not/inside -- second request */ + got_header = dup_header; + CALL(discard_request(sock)); + if (digest_hdr) { + t_context("Basic auth sent outside of credentials scope"); + return error_response(sock, FAIL); + } + send_response(sock, CHAL_WALLY, 200, 0); + + /* --- GET /fish/1 -- third request */ + got_header = auth_hdr; + CALL(discard_request(sock)); + send_response(sock, NULL, auth_failed?500:200, 1); + + return 0; +} + +/* Check that Basic auth follows the RFC7617 rules around scope. */ +static int basic_scope(void) +{ + ne_session *sess; + + CALL(make_session(&sess, serve_basic_scope_checker, NULL)); + + ne_set_server_auth(sess, auth_cb, NULL); + + CALL(any_2xx_request(sess, "/fish/0.txt")); /* must use auth */ + CALL(any_2xx_request(sess, "/not/inside")); /* must NOT use auth credentials */ + CALL(any_2xx_request(sess, "/fish/1")); /* must use auth credentials */ + + ne_session_destroy(sess); + + return await_server(); +} + /* proxy auth, proxy AND origin */ ne_test tests[] = { @@ -1567,5 +1626,6 @@ ne_test tests[] = { T(defaults), T(CVE_2008_3746), T(forget), + T(basic_scope), T(NULL) }; |