summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--test/php/auth/index.php7
-rw-r--r--test/test_php_application.py58
2 files changed, 65 insertions, 0 deletions
diff --git a/test/php/auth/index.php b/test/php/auth/index.php
new file mode 100644
index 00000000..d77076d8
--- /dev/null
+++ b/test/php/auth/index.php
@@ -0,0 +1,7 @@
+<?php
+
+header('X-Digest: ' . (isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : 'not set'));
+header('X-User: ' . (isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : 'not set'));
+header('X-Password: ' . (isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : 'not set'));
+
+?>
diff --git a/test/test_php_application.py b/test/test_php_application.py
index 463ec35b..ad74faa8 100644
--- a/test/test_php_application.py
+++ b/test/test_php_application.py
@@ -384,6 +384,64 @@ class TestPHPApplication(TestApplicationPHP):
r'exec: \/\w+', body
), 'disable_functions comma exec'
+ def test_php_application_auth(self):
+ self.load('auth')
+
+ resp = self.get()
+ assert resp['status'] == 200, 'status'
+ assert resp['headers']['X-Digest'] == 'not set', 'digest'
+ assert resp['headers']['X-User'] == 'not set', 'user'
+ assert resp['headers']['X-Password'] == 'not set', 'password'
+
+ resp = self.get(
+ headers={
+ 'Host': 'localhost',
+ 'Authorization': 'Basic dXNlcjpwYXNzd29yZA==',
+ 'Connection': 'close',
+ }
+ )
+ assert resp['status'] == 200, 'basic status'
+ assert resp['headers']['X-Digest'] == 'not set', 'basic digest'
+ assert resp['headers']['X-User'] == 'user', 'basic user'
+ assert resp['headers']['X-Password'] == 'password', 'basic password'
+
+ resp = self.get(
+ headers={
+ 'Host': 'localhost',
+ 'Authorization': 'Digest username="blah", realm="", uri="/"',
+ 'Connection': 'close',
+ }
+ )
+ assert resp['status'] == 200, 'digest status'
+ assert (
+ resp['headers']['X-Digest'] == 'username="blah", realm="", uri="/"'
+ ), 'digest digest'
+ assert resp['headers']['X-User'] == 'not set', 'digest user'
+ assert resp['headers']['X-Password'] == 'not set', 'digest password'
+
+ def test_php_application_auth_invalid(self):
+ self.load('auth')
+
+ def check_auth(auth):
+ resp = self.get(headers={
+ 'Host': 'localhost',
+ 'Authorization': auth,
+ 'Connection': 'close',
+ })
+
+ assert resp['status'] == 200, 'status'
+ assert resp['headers']['X-Digest'] == 'not set', 'Digest'
+ assert resp['headers']['X-User'] == 'not set', 'User'
+ assert resp['headers']['X-Password'] == 'not set', 'Password'
+
+ check_auth('Basic dXN%cjpwYXNzd29yZA==')
+ check_auth('Basic XNlcjpwYXNzd29yZA==')
+ check_auth('Basic DdXNlcjpwYXNzd29yZA==')
+ check_auth('Basic blah')
+ check_auth('Basic')
+ check_auth('Digest')
+ check_auth('blah')
+
def test_php_application_disable_functions_space(self):
self.load('time_exec')