@@ -8,7 +8,7 @@ module Rack class Request < Auth::AbstractRequest def method - @env['REQUEST_METHOD'] + @env['rack.methodoverride.original_method'] || @env['REQUEST_METHOD'] end def digest? lib/rack/auth/digest/request.rb @@ -14,7 +14,7 @@ context 'Rack::Auth::Digest::MD5' do [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}"] ] end end - + def protected_app app = Rack::Auth::Digest::MD5.new(unprotected_app) do |username| { 'Alice' => 'correct-password' }[username] @@ -23,7 +23,7 @@ context 'Rack::Auth::Digest::MD5' do app.opaque = 'this-should-be-secret' app end - + def protected_app_with_hashed_passwords app = Rack::Auth::Digest::MD5.new(unprotected_app) do |username| username == 'Alice' ? Digest::MD5.hexdigest("Alice:#{realm}:correct-password") : nil @@ -40,17 +40,21 @@ context 'Rack::Auth::Digest::MD5' do '/protected' => protected_app }) end - + + def protected_app_with_method_override + Rack::MethodOverride.new(protected_app) + end + setup do @request = Rack::MockRequest.new(protected_app) end - def request(path, headers = {}, &block) - response = @request.get(path, headers) + def request(method, path, headers = {}, &block) + response = @request.request(method, path, headers) block.call(response) if block return response end - + class MockDigestRequest def initialize(params) @params = params @@ -62,22 +66,25 @@ context 'Rack::Auth::Digest::MD5' do super end def method - 'GET' + @params['method'] end def response(password) Rack::Auth::Digest::MD5.new(nil).send :digest, self, password end end - - def request_with_digest_auth(path, username, password, options = {}, &block) - response = request(path) - + + def request_with_digest_auth(method, path, username, password, options = {}, &block) + request_options = {} + request_options[:input] = options.delete(:input) if options.include? :input + + response = request(method, path, request_options) + return response unless response.status == 401 - + if wait = options.delete(:wait) sleep wait end - + challenge = response['WWW-Authenticate'].split(' ', 2).last params = Rack::Auth::Digest::Params.parse(challenge) @@ -86,12 +93,14 @@ context 'Rack::Auth::Digest::MD5' do params['nc'] = '00000001' params['cnonce'] = 'nonsensenonce' params['uri'] = path - + + params['method'] = method + params.update options - + params['response'] = MockDigestRequest.new(params).response(password) - - request(path, { 'HTTP_AUTHORIZATION' => "Digest #{params}" }, &block) + + request(method, path, request_options.merge('HTTP_AUTHORIZATION' => "Digest #{params}"), &block) end def assert_digest_auth_challenge(response) @@ -101,7 +110,7 @@ context 'Rack::Auth::Digest::MD5' do response.headers['WWW-Authenticate'].should =~ /^Digest / response.body.should.be.empty end - + def assert_bad_request(response) response.should.be.a.client_error response.status.should.equal 400 @@ -109,44 +118,44 @@ context 'Rack::Auth::Digest::MD5' do end specify 'should challenge when no credentials are specified' do - request '/' do |response| + request 'GET', '/' do |response| assert_digest_auth_challenge response end end - + specify 'should return application output if correct credentials given' do - request_with_digest_auth '/', 'Alice', 'correct-password' do |response| + request_with_digest_auth 'GET', '/', 'Alice', 'correct-password' do |response| response.status.should.equal 200 response.body.to_s.should.equal 'Hi Alice' end - end + end specify 'should return application output if correct credentials given (hashed passwords)' do @request = Rack::MockRequest.new(protected_app_with_hashed_passwords) - - request_with_digest_auth '/', 'Alice', 'correct-password' do |response| + + request_with_digest_auth 'GET', '/', 'Alice', 'correct-password' do |response| response.status.should.equal 200 response.body.to_s.should.equal 'Hi Alice' end - end - + end + specify 'should rechallenge if incorrect username given' do - request_with_digest_auth '/', 'Bob', 'correct-password' do |response| + request_with_digest_auth 'GET', '/', 'Bob', 'correct-password' do |response| assert_digest_auth_challenge response end end - + specify 'should rechallenge if incorrect password given' do - request_with_digest_auth '/', 'Alice', 'wrong-password' do |response| + request_with_digest_auth 'GET', '/', 'Alice', 'wrong-password' do |response| assert_digest_auth_challenge response end end - + specify 'should rechallenge with stale parameter if nonce is stale' do begin Rack::Auth::Digest::Nonce.time_limit = 1 - - request_with_digest_auth '/', 'Alice', 'correct-password', :wait => 2 do |response| + + request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', :wait => 2 do |response| assert_digest_auth_challenge response response.headers['WWW-Authenticate'].should =~ /\bstale=true\b/ end @@ -156,40 +165,55 @@ context 'Rack::Auth::Digest::MD5' do end specify 'should return 400 Bad Request if incorrect qop given' do - request_with_digest_auth '/', 'Alice', 'correct-password', 'qop' => 'auth-int' do |response| + request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', 'qop' => 'auth-int' do |response| assert_bad_request response end end specify 'should return 400 Bad Request if incorrect uri given' do - request_with_digest_auth '/', 'Alice', 'correct-password', 'uri' => '/foo' do |response| + request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', 'uri' => '/foo' do |response| assert_bad_request response end end specify 'should return 400 Bad Request if different auth scheme used' do - request '/', 'HTTP_AUTHORIZATION' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==' do |response| + request 'GET', '/', 'HTTP_AUTHORIZATION' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==' do |response| assert_bad_request response end end specify 'should not require credentials for unprotected path' do @request = Rack::MockRequest.new(partially_protected_app) - request '/' do |response| + request 'GET', '/' do |response| response.should.be.ok end end specify 'should challenge when no credentials are specified for protected path' do @request = Rack::MockRequest.new(partially_protected_app) - request '/protected' do |response| + request 'GET', '/protected' do |response| assert_digest_auth_challenge response end end specify 'should return application output if correct credentials given for protected path' do @request = Rack::MockRequest.new(partially_protected_app) - request_with_digest_auth '/protected', 'Alice', 'correct-password' do |response| + request_with_digest_auth 'GET', '/protected', 'Alice', 'correct-password' do |response| + response.status.should.equal 200 + response.body.to_s.should.equal 'Hi Alice' + end + end + + specify 'should return application output if correct credentials given for POST' do + request_with_digest_auth 'POST', '/', 'Alice', 'correct-password' do |response| + response.status.should.equal 200 + response.body.to_s.should.equal 'Hi Alice' + end + end + + specify 'should return application output if correct credentials given for PUT (using method override of POST)' do + @request = Rack::MockRequest.new(protected_app_with_method_override) + request_with_digest_auth 'POST', '/', 'Alice', 'correct-password', :input => "_method=put" do |response| response.status.should.equal 200 response.body.to_s.should.equal 'Hi Alice' end test/spec_rack_auth_digest.rb 65fe834bca9899d97d43201c294096c2bf3d257a S. Brent Faulkner brentf@unwwwired.net http://github.com/scytrin/rack/commit/a2b8481d7ed33d882fe1850713aa9059f4bfe1fb a2b8481d7ed33d882fe1850713aa9059f4bfe1fb 2009-02-25T09:10:09-08:00 2009-02-04T20:38:32-08:00 Make MethodOverride + Auth::Digest play well together Auth::Digest::Request#method now uses any value in rack.methodoverride.original_method to override the value in REQUEST_METHOD Signed-off-by: Ryan Tomayko <rtomayko@gmail.com> 58e411f18fd09fd086e34665063a7741679f0186 Ryan Tomayko rtomayko@gmail.com