← Back to branch summary

~ubuntu-branches/ubuntu/quantal/ruby1.9.1/quantal

« back to all changes in this revision

Viewing changes to test/webrick/test_httpauth.rb

  • Committer: Bazaar Package Importer
  • Author(s): Lucas Nussbaum
  • Date: 2011-09-24 19:16:17 UTC
  • mfrom: (1.1.8 upstream) (13.1.7 experimental)
  • Revision ID: james.westby@ubuntu.com-20110924191617-o1qz4rcmqjot8zuy
Tags: 1.9.3~rc1-1
http://bugs.debian.org/639959
* New upstream release: 1.9.3 RC1.
  + Includes load.c fixes. Closes: #639959.
* Upload to unstable.

Show diffs side-by-side

added added

removed removed

Lines of Context:
test/webrick/test_httpauth.rb
79
79
    }
80
80
    tmpfile.close(true)
81
81
  end
 
82
 
 
83
  DIGESTRES_ = /
 
84
    ([a-zA-z\-]+)
 
85
      [\s\t]*(?:\r\n[\s\t]*)*
 
86
      =
 
87
      [\s\t]*(?:\r\n[\s\t]*)*
 
88
      (?:
 
89
       "((?:[^"]+|\\[\x00-\x7F])*)" |
 
90
       ([!\#$%&'*+\-.0-9A-Z^_`a-z|~]+)
 
91
      )/x
 
92
 
 
93
  def test_digest_auth
 
94
    TestWEBrick.start_httpserver{|server, addr, port, log|
 
95
      realm = "WEBrick's realm"
 
96
      path = "/digest_auth"
 
97
 
 
98
      tmpfile = Tempfile.new("test_webrick_auth")
 
99
      tmpfile.close
 
100
      tmp_pass = WEBrick::HTTPAuth::Htdigest.new(tmpfile.path)
 
101
      tmp_pass.set_passwd(realm, "webrick", "supersecretpassword")
 
102
      tmp_pass.set_passwd(realm, "foo", "supersecretpassword")
 
103
      tmp_pass.flush
 
104
 
 
105
      htdigest = WEBrick::HTTPAuth::Htdigest.new(tmpfile.path)
 
106
      users = []
 
107
      htdigest.each{|user, pass| users << user }
 
108
      assert_equal(2, users.size, log.call)
 
109
      assert(users.member?("webrick"), log.call)
 
110
      assert(users.member?("foo"), log.call)
 
111
 
 
112
      auth = WEBrick::HTTPAuth::DigestAuth.new(
 
113
        :Realm => realm, :UserDB => htdigest,
 
114
        :Algorithm => 'MD5',
 
115
        :Logger => server.logger
 
116
      )
 
117
      server.mount_proc(path){|req, res|
 
118
        auth.authenticate(req, res)
 
119
        res.body = "hoge"
 
120
      }
 
121
 
 
122
      Net::HTTP.start(addr, port) do |http|
 
123
        g = Net::HTTP::Get.new(path)
 
124
        params = {}
 
125
        http.request(g) do |res|
 
126
          assert_equal('401', res.code, log.call)
 
127
          res["www-authenticate"].scan(DIGESTRES_) do |key, quoted, token|
 
128
            params[key.downcase] = token || quoted.delete('\\')
 
129
          end
 
130
           params['uri'] = "http://#{addr}:#{port}#{path}"
 
131
        end
 
132
 
 
133
        g['Authorization'] = credentials_for_request('webrick', "supersecretpassword", params)
 
134
        http.request(g){|res| assert_equal("hoge", res.body, log.call)}
 
135
 
 
136
        params['algorithm'].downcase! #4936
 
137
        g['Authorization'] = credentials_for_request('webrick', "supersecretpassword", params)
 
138
        http.request(g){|res| assert_equal("hoge", res.body, log.call)}
 
139
 
 
140
        g['Authorization'] = credentials_for_request('webrick', "not super", params)
 
141
        http.request(g){|res| assert_not_equal("hoge", res.body, log.call)}
 
142
      end
 
143
    }
 
144
  end
 
145
 
 
146
  private
 
147
  def credentials_for_request(user, password, params)
 
148
    cnonce = "hoge"
 
149
    nonce_count = 1
 
150
    ha1 = "#{user}:#{params['realm']}:#{password}"
 
151
    ha2 = "GET:#{params['uri']}"
 
152
    request_digest =
 
153
      "#{Digest::MD5.hexdigest(ha1)}:" \
 
154
      "#{params['nonce']}:#{'%08x' % nonce_count}:#{cnonce}:#{params['qop']}:" \
 
155
      "#{Digest::MD5.hexdigest(ha2)}"
 
156
    "Digest username=\"#{user}\"" \
 
157
      ", realm=\"#{params['realm']}\"" \
 
158
      ", nonce=\"#{params['nonce']}\"" \
 
159
      ", uri=\"#{params['uri']}\"" \
 
160
      ", qop=#{params['qop']}" \
 
161
      ", nc=#{'%08x' % nonce_count}" \
 
162
      ", cnonce=\"#{cnonce}\"" \
 
163
      ", response=\"#{Digest::MD5.hexdigest(request_digest)}\"" \
 
164
      ", opaque=\"#{params['opaque']}\"" \
 
165
      ", algorithm=#{params['algorithm']}"
 
166
  end
82
167
end