Stas Bekman wrote:
> +1 to remove all the code that isn't helping to test
> $r->note_digest_auth_failure.
is this ok?
--Geoff
Index: t/hooks/authen_digest.t
===================================================================
RCS file: /home/cvs/modperl-2.0/t/hooks/authen_digest.t,v
retrieving revision 1.1
diff -u -r1.1 authen_digest.t
--- t/hooks/authen_digest.t 8 Aug 2004 17:56:53 -0000 1.1
+++ t/hooks/authen_digest.t 10 Aug 2004 17:07:51 -0000
@@ -3,25 +3,50 @@
use Apache::Test;
use Apache::TestRequest;
+use Apache::TestUtil;
-plan tests => 4, need need_lwp, need_auth, need_module('Digest::MD5');
+plan tests => 7, need need_lwp, need_auth;
-my $location = "/TestHooks__authen_digest";
+my $location = '/TestHooks__authen_digest';
-sok {
- ! GET_OK $location;
-};
-
-sok {
- my $rc = GET_RC $location;
- $rc == 401;
-};
-
-sok {
- GET_OK $location, username => 'Joe', password => 'Smith';
-};
-
-sok {
- ! GET_OK $location, username => 'Joe', password => 'SMITH';
-};
+{
+ my $response = GET $location;
+ ok t_cmp($response->code,
+ 200,
+ 'handler returned HTTP_OK');
+
+ my $wwwauth = $response->header('WWW-Authenticate');
+
+ t_debug('response had no WWW-Authenticate header');
+ ok (!$wwwauth);
+}
+
+{
+ my $response = GET "$location?fail";
+
+ ok t_cmp($response->code,
+ 401,
+ 'handler returned HTTP_UNAUTHORIZED');
+
+ my $wwwauth = $response->header('WWW-Authenticate');
+
+
+ t_debug('response had a WWW-Authenticate header');
+ ok ($wwwauth);
+
+ ok t_cmp($wwwauth,
+ qr/^Digest/,
+ 'response is using Digest authentication scheme');
+
+ ok t_cmp($wwwauth,
+ qr/realm="Simple Digest"/,
+ 'WWW-Authenticate header contains the proper realm');
+
+ ok t_cmp($wwwauth,
+ qr/nonce="\w+"/,
+ 'WWW-Authenticate header contains a nonce');
+
+ # other fields, such as qop, are added only if add additional
+ # configuration directives, such as AuthDigestQop
+}
Index: t/hooks/TestHooks/authen_digest.pm
===================================================================
RCS file: /home/cvs/modperl-2.0/t/hooks/TestHooks/authen_digest.pm,v
retrieving revision 1.2
diff -u -r1.2 authen_digest.pm
--- t/hooks/TestHooks/authen_digest.pm 9 Aug 2004 00:23:25 -0000 1.2
+++ t/hooks/TestHooks/authen_digest.pm 10 Aug 2004 17:07:51 -0000
@@ -5,25 +5,18 @@
use Apache::Access ();
use Apache::RequestRec ();
-use APR::Table ();
-
-use Digest::MD5 ();
use Apache::Const -compile => qw(OK HTTP_UNAUTHORIZED);
-# a simple database
-my %passwd = (Joe => "Smith");
-
sub handler {
- my $r = shift;
-
- my($rc, $res) = get_digest_auth_data($r);
- return $rc if $rc != Apache::OK;
- my $passwd = $passwd{ $res->{username} } || '';
- my $digest = calc_digest($res, $passwd, $r->method);
+ my $r = shift;
- unless ($digest eq $res->{response}) {
+ # we don't need to do the entire Digest auth round
+ # trip just to see if note_digest_auth_failure is
+ # functioning properly - see authen_digest.t for the
+ # header checks
+ if ($r->args) {
$r->note_digest_auth_failure;
return Apache::HTTP_UNAUTHORIZED;
}
@@ -31,64 +24,12 @@
return Apache::OK;
}
-sub get_digest_auth_data {
- my($r) = @_;
-
- # adopted from the modperl cookbook example
-
- my $auth_header = $r->headers_in->get('Authorization') || '';
- unless ($auth_header =~ m/^Digest/) {
- $r->note_digest_auth_failure;
- return Apache::HTTP_UNAUTHORIZED;
- }
-
- # Parse the response header into a hash.
- $auth_header =~ s/^Digest\s+//;
- $auth_header =~ s/"//g;
-
- my %res = map { split /=/, $_ } split /,\s*/, $auth_header;
-
- # Make sure that the response contained all the right info.
- for my $key (qw(username realm nonce uri response)) {
- next if $res{$key};
- $r->note_digest_auth_failure;
- return Apache::HTTP_UNAUTHORIZED;
- }
-
- return (Apache::OK, \%res);
-}
-
-sub calc_digest {
- my($res, $passwd, $method) = @_;
-
- # adopted from LWP/Authen/Digest.pm
-
- my $md5 = Digest::MD5->new;
-
- my(@digest);
- $md5->add(join ":", $res->{username}, $res->{realm}, $passwd);
- push @digest, $md5->hexdigest;
- $md5->reset;
-
- push @digest, $res->{nonce};
-
- $md5->add(join ":", $method, $res->{uri});
- push @digest, $md5->hexdigest;
- $md5->reset;
-
- $md5->add(join ":", @digest);
- my $digest = $md5->hexdigest;
- $md5->reset;
-
- return $digest;
-}
-
1;
__DATA__
<NoAutoConfig>
<Location /TestHooks__authen_digest>
PerlAuthenHandler TestHooks::authen_digest
- PerlResponseHandler Apache::TestHandler::ok1
+ PerlResponseHandler Apache::TestHandler::ok
SetHandler modperl
require valid-user
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
