ap_get_basic_auth_components: add unit tests

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1799379 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 156 insertions, 0 deletions

diff --git a/test/unit/authn.c b/test/unit/authn.c
new file mode 100644
index 0000000000..67ef04a3c5
--- /dev/null
+++ b/test/unit/authn.c
@@ -0,0 +1,156 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "check.h"
+#include "../httpdunit.h"
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_protocol.h"
+
+/*
+ * Test Fixture -- runs once per test
+ */
+
+static apr_pool_t  *g_pool;
+static request_rec *g_request;
+
+static void authn_setup(void)
+{
+    if (apr_pool_create(&g_pool, NULL) != APR_SUCCESS) {
+        exit(1);
+    }
+
+    /* Stub out just enough of a request_req to get the tests working.
+     * Unfortunately this couples us to implementation details in the code being
+     * tested, but the logic to get a "real" request_rec requires spinning up
+     * half of the world. */
+    g_request = apr_pcalloc(g_pool, sizeof(*g_request));
+    if (!g_request) {
+        exit(1);
+    }
+
+    g_request->pool = g_pool;
+    g_request->headers_in = apr_table_make(g_pool, 1);
+
+    if (!g_request->headers_in) {
+        exit(1);
+    }
+}
+
+static void authn_teardown(void)
+{
+    apr_pool_destroy(g_pool);
+}
+
+/*
+ * ap_get_basic_auth_components()
+ */
+
+static const char * const basic_auth_cases[][3] = {
+    /*
+     * case[0] - Authorization header value
+     * case[1] - expected username
+     * case[2] - expected password
+     */
+    { "Basic Ym9iOm15cGFzcw==",    "bob", "mypass" },
+    { "Basic    Ym9iOm15cGFzcw==", "bob", "mypass" },
+    { "Basic Ym9iOg==",            "bob", "" },
+    { "Basic Om15cGFzcw==",        "",    "mypass" },
+    { "Basic Og==",                "",    "" },
+
+    /*
+     * Dubious compatibility cases
+     */
+
+    /* HT is disallowed per 7235, but ap_get_basic_auth_pw() allowed it */
+    { "Basic \tYm9iOm15cGFzcw==",  "bob", "mypass" },
+    /* username without colon separator, technically disallowed per 2617 */
+    { "Basic Ym9i",                "bob", "" },
+    /* no data at all, technically disallowed per 2617/7235 */
+    { "Basic ",                    "",    "" },
+    { "Basic",                     "",    "" },
+    /* completely invalid junk, disallowed per 2617/7235 */
+    { "Basic ?*J#kd92%$@",         "",    "" },
+};
+static const size_t basic_auth_cases_len = sizeof(basic_auth_cases) /
+                                           sizeof(basic_auth_cases[0]);
+
+HTTPD_START_LOOP_TEST(test_get_basic_auth_components_correctly_decodes_credentials, basic_auth_cases_len)
+{
+    const char *header_val    = basic_auth_cases[_i][0];
+    const char *expected_user = basic_auth_cases[_i][1];
+    const char *expected_pass = basic_auth_cases[_i][2];
+
+    apr_status_t status;
+    const char *username;
+    const char *password;
+
+    apr_table_setn(g_request->headers_in, "Authorization", header_val);
+
+    status = ap_get_basic_auth_components(g_request, &username, &password);
+
+    ck_assert_int_eq(status, APR_SUCCESS);
+    ck_assert_str_eq(username, expected_user);
+    ck_assert_str_eq(password, expected_pass);
+}
+END_TEST
+
+START_TEST(test_get_basic_auth_components_fails_without_Authorization_header)
+{
+    apr_status_t status;
+
+    status = ap_get_basic_auth_components(g_request, NULL, NULL);
+    ck_assert_int_eq(status, APR_EINVAL);
+}
+END_TEST
+
+START_TEST(test_get_basic_auth_components_fails_with_non_Basic_credentials)
+{
+    apr_status_t status;
+
+    apr_table_setn(g_request->headers_in, "Authorization",
+                   "Digest Ym9iOm15cGFzcw==");
+
+    status = ap_get_basic_auth_components(g_request, NULL, NULL);
+    ck_assert_int_eq(status, APR_EINVAL);
+}
+END_TEST
+
+START_TEST(test_get_basic_auth_components_uses_Proxy_Authorization_for_proxied_requests)
+{
+    apr_status_t status;
+    const char *username;
+    const char *password;
+
+    g_request->proxyreq = PROXYREQ_PROXY;
+    apr_table_setn(g_request->headers_in, "Proxy-Authorization",
+                   "Basic Ym9iOm15cGFzcw==");
+
+    status = ap_get_basic_auth_components(g_request, &username, &password);
+
+    ck_assert_int_eq(status, APR_SUCCESS);
+    ck_assert_str_eq(username, "bob");
+    ck_assert_str_eq(password, "mypass");
+}
+END_TEST
+
+/*
+ * Test Case Boilerplate
+ */
+HTTPD_BEGIN_TEST_CASE_WITH_FIXTURE(authn, authn_setup, authn_teardown)
+#include "test/unit/authn.tests"
+HTTPD_END_TEST_CASE