From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Jarno Malmari Newsgroups: gmane.emacs.devel Subject: [PATCH 1/3] Test for url-auth Date: Mon, 11 May 2015 22:17:21 +0300 Message-ID: <1431371843-4502-2-git-send-email-jarno@malmari.fi> References: <1431371843-4502-1-git-send-email-jarno@malmari.fi> NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1431371888 30540 80.91.229.3 (11 May 2015 19:18:08 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 11 May 2015 19:18:08 +0000 (UTC) Cc: larsi@gnus.org To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon May 11 21:17:56 2015 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1YrtD9-000258-PD for ged-emacs-devel@m.gmane.org; Mon, 11 May 2015 21:17:56 +0200 Original-Received: from localhost ([::1]:39326 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YrtD8-0000L1-Uj for ged-emacs-devel@m.gmane.org; Mon, 11 May 2015 15:17:54 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45611) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YrtD2-0000Hn-IV for emacs-devel@gnu.org; Mon, 11 May 2015 15:17:51 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YrtCz-0003wo-8C for emacs-devel@gnu.org; Mon, 11 May 2015 15:17:48 -0400 Original-Received: from out4-smtp.messagingengine.com ([66.111.4.28]:34337) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YrtCy-0003wF-UM for emacs-devel@gnu.org; Mon, 11 May 2015 15:17:45 -0400 Original-Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 23121209FE for ; Mon, 11 May 2015 15:17:41 -0400 (EDT) Original-Received: from frontend2 ([10.202.2.161]) by compute1.internal (MEProxy); Mon, 11 May 2015 15:17:43 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=malmari.fi; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-sasl-enc:x-sasl-enc; s=mesmtp; bh=vccnRT6gmf+DwmgQUKuFwdw8IA4 =; b=QbfPsRGHg99xtWgqs+ZQljSeJRStUO2BoafmiLro+ETBXMTjOjGPc6ep83q lZmxr1acTJxmBVWS6hLZzDuFCRk1Wrvp7oy+G02/qL1zDCDUfDcXW8MCb6sC7dMb 0N+kgeHItFMv/yJYap7fU4YO4zVduh6pHdG2ZFu/EzRQXTTE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=vccn RT6gmf+DwmgQUKuFwdw8IA4=; b=nyBUikOV/37ZZFdtOMdyAmEBAKEyiyshT/sR gHSABgp+qotre45EjDIDvERyQnJBw3iNqnN/E7d6IgYfMDVwpm9jkxnsvIv4vkZE ZB51qGwiL2NHG4sxV+6la3QGMNREf15Kas9aCQFc2sCWtbO6BMQGUpQd485PHfwf T610cJg= X-Sasl-enc: QvsOKsfvUzXGQcaantW374xGi0BK3BoSZiM9bqoP/TBC 1431371857 Original-Received: from vabi.router067d59.com (unknown [91.155.178.71]) by mail.messagingengine.com (Postfix) with ESMTPA id 2C7C4680175; Mon, 11 May 2015 15:17:37 -0400 (EDT) X-Mailer: git-send-email 2.1.0.GIT In-Reply-To: <1431371843-4502-1-git-send-email-jarno@malmari.fi> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 66.111.4.28 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:186430 Archived-At: So far not testing PROMPT and OVERWRITE arguments which would require faking interactive minibuffer input. --- test/automated/url-auth-tests.el | 223 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 223 insertions(+) create mode 100644 test/automated/url-auth-tests.el diff --git a/test/automated/url-auth-tests.el b/test/automated/url-auth-tests.el new file mode 100644 index 0000000..715308c --- /dev/null +++ b/test/automated/url-auth-tests.el @@ -0,0 +1,223 @@ +;;; url-auth-tests.el --- Test suite for url-auth. + +;; Copyright (C) 2015 Free Software Foundation, Inc. + +;; Author: Jarno Malmari + +;; This program is free software; you can redistribute it and/or modify +;; it under the terms of the GNU General Public License as published by +;; the Free Software Foundation, either version 3 of the License, or +;; (at your option) any later version. + +;; This program is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU General Public License for more details. + +;; You should have received a copy of the GNU General Public License +;; along with this program. If not, see . + +;;; Commentary: + +;; Test HTTP authentication methods. + +;;; Code: + +(require 'ert) +(require 'url-auth) + +(defvar url-auth-test-challenges nil + "List of challenges for testing. +Each challenge is a plist. Values are as presented by the +server's WWW-Authenticate header field.") + +;; Set explicitly for easier modification for re-runs. +(setq url-auth-test-challenges + (list + (list :nonce "a1be8a3065e00c5bf190ad499299aea5" + :opaque "d7c2a27230fc8c74bb6e06be8c9cd189" + :realm "The Test Realm" + :username "user" + :password "passwd" + :uri "/digest-auth/auth/user/passwd" + :method "GET" + :expected-ha1 "19c41161a8720edaeb7922ef8531137d" + :expected-ha2 "b44272ea65ee4af7fb26c5dba58f6863" + :expected-response "46c47a6d8e1fa95a3efcf49724af3fe7") + (list :nonce "servernonce" + :username "user" + :password "passwd" + :realm "The Test Realm 1" + :uri "/digest-auth/auth/user/passwd" + :method "GET" + :expected-ha1 "00f848f943c9a05dd06c932a7334f120" + :expected-ha2 "b44272ea65ee4af7fb26c5dba58f6863" + :expected-response "b8a48cdc9aa9e514509a5a5c53d4e8cf") + (list :nonce "servernonce" + :username "user" + :password "passwd" + :realm "The Test Realm 2" + :uri "/digest-auth/auth/user/passwd" + :method "GET" + :expected-ha1 "74d6abd3651d6b8260733d8a4c37ec1a" + :expected-ha2 "b44272ea65ee4af7fb26c5dba58f6863" + :expected-response "0d84884d967e04440efc77e9e2b5b561"))) + +(ert-deftest url-auth-test-digest-create-key () + "Check user credentials in their hashed form." + (dolist (challenge url-auth-test-challenges) + (let ((key (url-digest-auth-create-key (plist-get challenge :username) + (plist-get challenge :password) + (plist-get challenge :realm) + (plist-get challenge :method) + (plist-get challenge :uri)))) + (should (= (length key) 2)) + (should (string= (nth 0 key) (plist-get challenge :expected-ha1))) + (should (string= (nth 1 key) (plist-get challenge :expected-ha2))) + ))) + +(ert-deftest url-auth-test-digest-auth-retrieve-cache () + "Check how the entry point retrieves cached authentication. +Essential is how realms and paths are matched." + + (let* ((url-digest-auth-storage + '(("example.org:80" + ("/path/auth1" "auth1user" "key") + ("/path" "pathuser" "key") + ("/" "rootuser" "key") + ("realm1" "realm1user" "key") + ("realm2" "realm2user" "key") + ("/path/auth2" "auth2user" "key")) + ("example.org:443" + ("realm" "secure_user" "key")) + ("rootless.org:80" ; no "/" entry for this on purpose + ("/path" "pathuser" "key") + ("realm" "realmuser" "key")))) + (attrs (list (cons "nonce" "servernonce"))) + auth) + + (dolist (row (list + ;; If :expected-user is `nil' it indicates + ;; authentication information shouldn't be found. + + ;; non-existent server + (list :url "http://other.com/path" :realm nil :expected-user nil) + + ;; unmatched port + (list :url "http://example.org:444/path" :realm nil :expected-user nil) + + ;; root, no realm + (list :url "http://example.org/" + :realm nil :expected-user "rootuser") + + ;; root, no realm, explicit port + (list :url "http://example.org:80/" + :realm nil :expected-user "rootuser") + + (list :url "http://example.org/unknown" + :realm nil :expected-user "rootuser") + + ;; realm specified, overrides any path + (list :url "http://example.org/" + :realm "realm1" :expected-user "realm1user") + + ;; realm specified, overrides any path + (list :url "http://example.org/" + :realm "realm2" :expected-user "realm2user") + + ;; authentication determined by path + (list :url "http://example.org/path/auth1/query" + :realm nil :expected-user "auth1user") + + ;; /path shadows /path/auth2, hence pathuser is expected + (list :url "http://example.org/path/auth2/query" + :realm nil :expected-user "pathuser") + + (list :url "https://example.org/path" + :realm nil :expected-user "secure_user") + + ;; not really secure user but using the same port + (list :url "http://example.org:443/path" + :realm nil :expected-user "secure_user") + + ;; preferring realm user over path, even though no + ;; realm specified (not sure why) + (list :url "http://rootless.org/" + :realm nil :expected-user "realmuser") + ;; second variant for the same case + (list :url "http://rootless.org/unknown/path" + :realm nil :expected-user "realmuser") + + ;; path match + (list :url "http://rootless.org/path/query?q=a" + :realm nil :expected-user "pathuser") + + ;; path match, realm match, prefer realm + (list :url "http://rootless.org/path/query?q=a" + :realm "realm" :expected-user "realmuser") + )) + (setq auth (url-digest-auth (plist-get row :url) + nil nil + (plist-get row :realm) attrs)) + (if (plist-get row :expected-user) + (progn (should auth) + (should (string-match ".*username=\"\\(.*?\\)\".*" auth)) + (should (string= (match-string 1 auth) + (plist-get row :expected-user)))) + (should-not auth))))) + +(ert-deftest url-auth-test-digest-auth () + "Check common authorization string contents." + (dolist (challenge url-auth-test-challenges) + (let* ((attrs (list (cons "nonce" (plist-get challenge :nonce)))) + (url (concat "http://example.org" (plist-get challenge :uri))) + url-digest-auth-storage + auth) + ;; Add authentication info to cache so `url-digest-auth' can + ;; complete without prompting minibuffer input. + (setq url-digest-auth-storage + (list + (list "example.org:80" + (cons (or (plist-get challenge :realm) "/") + (cons (plist-get challenge :username) + (url-digest-auth-create-key (plist-get challenge :username) + (plist-get challenge :password) + (plist-get challenge :realm) + (plist-get challenge :method) + (plist-get challenge :uri))))))) + (setq auth (url-digest-auth (url-generic-parse-url url) nil nil + (plist-get challenge :realm) attrs)) + (should auth) + (should (string-prefix-p "Digest " auth)) + (should (string-match ".*response=\"\\(.*?\\)\".*" auth)) + (should (string= (match-string 1 auth) + (plist-get challenge :expected-response))) + (should (string-match ".*username=\"\\(.*?\\)\".*" auth)) + (should (string= (match-string 1 auth) + (plist-get challenge :username))) + (should (string-match ".*realm=\"\\(.*?\\)\".*" auth)) + (should (string= (match-string 1 auth) + (plist-get challenge :realm))) + ))) + +(ert-deftest url-auth-test-digest-auth-opaque () + "Check that `opaque' value is added to result when presented by +the server." + (let* ((url-digest-auth-storage + '(("example.org:80" ("/" "user" "key")))) + (attrs (list (cons "nonce" "anynonce"))) + auth) + ;; Get authentication info from cache without `opaque'. + (setq auth (url-digest-auth "http://example.org/path" nil nil nil attrs)) + (should auth) + (should-not (string-match-p "opaque=" auth)) + + ;; Add `opaque' to attributes. + (push (cons "opaque" "opaque-value") attrs) + (setq auth (url-digest-auth "http://example.org/path" nil nil nil attrs)) + (should auth) + (should (string-match ".*opaque=\"\\(.*?\\)\".*" auth)) + (should (string= (match-string 1 auth) "opaque-value")))) + +(provide 'url-auth-tests) +;;; url-auth-tests.el ends here -- 2.1.0.GIT