Add digest authentication test

* tests/Makefile.am: Add test 'test-auth-digest' * tests/libtest.c: Fix HTTP server to handle digest authentication * tests/libtest.h: Add opaque for digest authentication * tests/test-auth-digest.c: Add new test to prove digest authentication functionality
akashrawal · Sep 12, 2017 · e0703c5 · e0703c5
1 parent b2b6a70
commit e0703c5
Show file tree

Hide file tree

Showing 4 changed files with 227 additions and 5 deletions.
diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -17,7 +17,8 @@ WGET_TESTS = test-wget-1$(EXEEXT) test-c-r$(EXEEXT) test-restrict-ascii$(EXEEXT)
  test-auth-basic$(EXEEXT) test-parse-rss$(EXEEXT) test--page-requisites$(EXEEXT)\
  test--accept$(EXEEXT) test-k$(EXEEXT) test--follow-tags$(EXEEXT) test-directory-clash$(EXEEXT) test-redirection$(EXEEXT)\
  test-base$(EXEEXT) test-metalink$(EXEEXT) test-robots$(EXEEXT) test-parse-css$(EXEEXT) test-bad-chunk$(EXEEXT)\
- test-iri-subdir$(EXEEXT) test-chunked$(EXEEXT) test-cut-dirs$(EXEEXT) test-parse-html-css$(EXEEXT)
+ test-iri-subdir$(EXEEXT) test-chunked$(EXEEXT) test-cut-dirs$(EXEEXT) test-parse-html-css$(EXEEXT)\
+ test-auth-digest$(EXEEXT)
 
 #test--post-file test-E-k test-cookies-http_state
 

diff --git a/tests/libtest.c b/tests/libtest.c
@@ -237,7 +237,7 @@ static int _answer_to_connection(void *cls G_GNUC_WGET_UNUSED,
 	struct query_string query;
 	int ret = 0;
 	time_t modified;
-	const char *modified_val, *to_bytes_string;
+	const char *modified_val, *to_bytes_string = "";
 	ssize_t from_bytes, to_bytes;
 	size_t body_len;
 	char content_len[100], content_range[100];
@@ -398,6 +398,34 @@ static int _answer_to_connection(void *cls G_GNUC_WGET_UNUSED,
 				free(pass);
 			}
 
+			// digest authentication
+			if (!wget_strcmp(urls[it1].auth_method, "Digest")) {
+				const char *realm = "digest@example.com";
+				char *user = MHD_digest_auth_get_username(connection);
+				if (wget_strcmp(user, urls[it1].auth_username)) {
+					response = MHD_create_response_from_buffer(strlen ("DENIED"),
+						(void *) "DENIED", MHD_RESPMEM_PERSISTENT);
+					ret = MHD_queue_auth_fail_response(connection, realm, TEST_OPAQUE_STR, response, MHD_NO);
+					free(user);
+					wget_buffer_free(&url_iri);
+					found = 1;
+					break;
+				}
+				ret = MHD_digest_auth_check(connection, realm, user, urls[it1].auth_password, 300);
+				free(user);
+				if ((ret == MHD_INVALID_NONCE) || (ret == MHD_NO)) {
+					response = MHD_create_response_from_buffer(strlen ("DENIED"),
+						(void *) "DENIED", MHD_RESPMEM_PERSISTENT);
+					if (response == NULL)
+						return MHD_NO;
+					ret = MHD_queue_auth_fail_response(connection, realm, TEST_OPAQUE_STR, response,
+						(ret == MHD_INVALID_NONCE) ? MHD_YES : MHD_NO);
+					wget_buffer_free(&url_iri);
+					found = 1;
+					break;
+				}
+			}
+
 			if (modified && urls[it1].modified <= modified) {
 				response = MHD_create_response_from_buffer(0, (void *) "", MHD_RESPMEM_PERSISTENT);
 				ret = MHD_queue_response(connection, MHD_HTTP_NOT_MODIFIED, response);
@@ -479,10 +507,33 @@ static void _http_server_stop(void)
 static int _http_server_start(int SERVER_MODE)
 {
 	uint16_t port_num = 0;
+	int fd;
+	char rnd[8];
+	ssize_t len;
+	size_t off;
+
+	fd = open("/dev/urandom", O_RDONLY);
+	if (fd == -1) {
+		fprintf(stderr, "Failed to open `%s': %s\n", "/dev/urandom", strerror(errno));
+		return 1;
+	}
+	off = 0;
+	while (off < 8) {
+		len = read(fd, rnd, 8);
+		if (len == -1) {
+			fprintf(stderr, "Failed to read `%s': %s\n", "/dev/urandom", strerror(errno));
+			(void)close(fd);
+		return 1;
+		}
+		off += len;
+	}
+	(void)close(fd);
 
 	if (SERVER_MODE == HTTP_MODE) {
 		httpdaemon = MHD_start_daemon(MHD_USE_SELECT_INTERNALLY,
-					port_num, NULL, NULL, &_answer_to_connection, NULL, NULL,
+					port_num, NULL, NULL, &_answer_to_connection, NULL,
+					MHD_OPTION_DIGEST_AUTH_RANDOM, sizeof(rnd), rnd,
+					MHD_OPTION_NONCE_NC_SIZE, 300,
 					MHD_OPTION_END);
 
 		if (!httpdaemon)
@@ -496,7 +547,6 @@ static int _http_server_start(int SERVER_MODE)
 		if ((key_pem == NULL) || (cert_pem == NULL))
 		{
 			printf("The key/certificate files could not be read.\n");
-
 			return 1;
 		}
 
@@ -512,7 +562,6 @@ static int _http_server_start(int SERVER_MODE)
 
 		if (!httpsdaemon) {
 			printf("Cannot start the HTTPS server.\n");
-
 			return 1;
 		}
 	}

diff --git a/tests/libtest.h b/tests/libtest.h
@@ -75,6 +75,10 @@ extern "C" {
 
 #define countof(a) (sizeof(a)/sizeof(*(a)))
 
+#ifdef WITH_MICROHTTPD
+#define TEST_OPAQUE_STR "11733b200778ce33060f31c9af70a870ba96ddd4"
+#endif
+
 G_GNUC_WGET_UNUSED static const char *WGET_TEST_SOME_HTML_BODY = "\
 <html>\n\
 <head>\n\

diff --git a/tests/test-auth-digest.c b/tests/test-auth-digest.c
@@ -0,0 +1,168 @@
+/*
+ * Copyright(c) 2017 Free Software Foundation, Inc.
+ *
+ * This file is part of libwget.
+ *
+ * Libwget is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Libwget is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with libwget.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ *
+ * Testing authentication using digest scheme
+ *
+ * Changelog
+ * 17.08.2017  Didik Setiawan  created
+ *
+ */
+
+#include <config.h>
+
+#include <stdlib.h> // exit()
+#include <string.h> // strlen()
+#include "libtest.h"
+
+#define username "my_username"
+#define password "my_password"
+
+int main(void)
+{
+	wget_test_url_t urls[] = {
+		{	.name = "/needs-auth.txt",
+			.auth_method = "Digest",
+			.auth_username = username,
+			.auth_password = password,
+			.code = "200 Dontcare",
+			.body = "You are authenticated.",
+			.headers = {
+				"Content-Type: text/plain",
+			}
+		}
+	};
+	wget_test_file_t netrc = {
+		.name = ".netrc",
+		.content = "default\r\nlogin " username "\r\npassword " password "\r\n"
+	};
+
+	// functions won't come back if an error occurs
+	wget_test_start_server(
+		WGET_TEST_RESPONSE_URLS, &urls, countof(urls),
+		0);
+
+	// test-auth-digest
+	wget_test(
+//		WGET_TEST_KEEP_TMPFILES, 1,
+		WGET_TEST_OPTIONS, "--user=" username " --password=" password,
+		WGET_TEST_REQUEST_URL, urls[0].name + 1,
+		WGET_TEST_EXPECTED_ERROR_CODE, 0,
+		WGET_TEST_EXPECTED_FILES, &(wget_test_file_t []) {
+			{ urls[0].name + 1, urls[0].body },
+			{	NULL } },
+		0);
+
+	// test-auth-digest with .netrc
+	wget_test(
+//		WGET_TEST_KEEP_TMPFILES, 1,
+		WGET_TEST_OPTIONS, "--netrc-file=.netrc",
+		WGET_TEST_REQUEST_URL, urls[0].name + 1,
+		WGET_TEST_EXPECTED_ERROR_CODE, 0,
+		WGET_TEST_EXISTING_FILES, &(wget_test_file_t []) {
+			{ netrc.name, netrc.content },
+			{ NULL } },
+		WGET_TEST_EXPECTED_FILES, &(wget_test_file_t []) {
+			{ urls[0].name + 1, urls[0].body },
+			{ netrc.name, netrc.content },
+			{ NULL } },
+		0);
+
+	// wrong credentials
+	wget_test(
+//		WGET_TEST_KEEP_TMPFILES, 1,
+		WGET_TEST_OPTIONS, "--password=" password,
+		WGET_TEST_REQUEST_URL, urls[0].name + 1,
+		WGET_TEST_EXPECTED_ERROR_CODE, 6,
+		WGET_TEST_EXPECTED_FILES, &(wget_test_file_t []) {
+			{ NULL } },
+		0);
+
+	wget_test(
+//		WGET_TEST_KEEP_TMPFILES, 1,
+		WGET_TEST_OPTIONS, "--user=\"\" --password=" password,
+		WGET_TEST_REQUEST_URL, urls[0].name + 1,
+		WGET_TEST_EXPECTED_ERROR_CODE, 6,
+		WGET_TEST_EXPECTED_FILES, &(wget_test_file_t []) {
+			{ NULL } },
+		0);
+
+	wget_test(
+//		WGET_TEST_KEEP_TMPFILES, 1,
+		WGET_TEST_OPTIONS, "--user=\"whatever\" --password=" password,
+		WGET_TEST_REQUEST_URL, urls[0].name + 1,
+		WGET_TEST_EXPECTED_ERROR_CODE, 6,
+		WGET_TEST_EXPECTED_FILES, &(wget_test_file_t []) {
+			{ NULL } },
+		0);
+
+	wget_test(
+//		WGET_TEST_KEEP_TMPFILES, 1,
+		WGET_TEST_OPTIONS, "--user=" username,
+		WGET_TEST_REQUEST_URL, urls[0].name + 1,
+		WGET_TEST_EXPECTED_ERROR_CODE, 6,
+		WGET_TEST_EXPECTED_FILES, &(wget_test_file_t []) {
+			{ NULL } },
+		0);
+
+	wget_test(
+//		WGET_TEST_KEEP_TMPFILES, 1,
+		WGET_TEST_OPTIONS, "--user=" username " --password=\"\"",
+		WGET_TEST_REQUEST_URL, urls[0].name + 1,
+		WGET_TEST_EXPECTED_ERROR_CODE, 6,
+		WGET_TEST_EXPECTED_FILES, &(wget_test_file_t []) {
+			{ NULL } },
+		0);
+
+	wget_test(
+//		WGET_TEST_KEEP_TMPFILES, 1,
+		WGET_TEST_OPTIONS, "--user=" username " --password=\"whatever\"",
+		WGET_TEST_REQUEST_URL, urls[0].name + 1,
+		WGET_TEST_EXPECTED_ERROR_CODE, 6,
+		WGET_TEST_EXPECTED_FILES, &(wget_test_file_t []) {
+			{ NULL } },
+		0);
+
+	wget_test(
+//		WGET_TEST_KEEP_TMPFILES, 1,
+		WGET_TEST_REQUEST_URL, urls[0].name + 1,
+		WGET_TEST_EXPECTED_ERROR_CODE, 6,
+		WGET_TEST_EXPECTED_FILES, &(wget_test_file_t []) {
+			{ NULL } },
+		0);
+
+	wget_test(
+//		WGET_TEST_KEEP_TMPFILES, 1,
+		WGET_TEST_OPTIONS, "--user=\"\" --password=\"\"",
+		WGET_TEST_REQUEST_URL, urls[0].name + 1,
+		WGET_TEST_EXPECTED_ERROR_CODE, 6,
+		WGET_TEST_EXPECTED_FILES, &(wget_test_file_t []) {
+			{ NULL } },
+		0);
+
+	wget_test(
+//		WGET_TEST_KEEP_TMPFILES, 1,
+		WGET_TEST_OPTIONS, "--user=\"whatever\" --password=\"whatever\"",
+		WGET_TEST_REQUEST_URL, urls[0].name + 1,
+		WGET_TEST_EXPECTED_ERROR_CODE, 6,
+		WGET_TEST_EXPECTED_FILES, &(wget_test_file_t []) {
+			{ NULL } },
+		0);
+
+	exit(0);
+}