WebKit Bugzilla
Attachment 348875 Details for
Bug 189286
: [LayoutTests] Add digest access authentication test.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
PATCH
189286.diff (text/plain), 4.59 KB, created by
Basuke Suzuki
on 2018-09-04 17:02:55 PDT
(
hide
)
Description:
PATCH
Filename:
MIME Type:
Creator:
Basuke Suzuki
Created:
2018-09-04 17:02:55 PDT
Size:
4.59 KB
patch
obsolete
>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 9972e44066a..374ae430a0d 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,17 @@ >+2018-09-04 Basuke Suzuki <Basuke.Suzuki@sony.com> >+ >+ [LayoutTests] Add digest access authentication test. >+ https://bugs.webkit.org/show_bug.cgi?id=189286 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add digest auth tests >+ >+ * http/tests/resources/digest-auth/authorize.php: Added. >+ * http/tests/resources/digest-auth/digest.php: Added. >+ * http/tests/xmlhttprequest/digest-auth-expected.txt: Added. >+ * http/tests/xmlhttprequest/digest-auth.html: Added. >+ > 2018-08-31 Chris Dumez <cdumez@apple.com> > > [ WK2 ] http/tests/workers/service/client-*-page-cache.html LayoutTests are flaky >diff --git a/LayoutTests/http/tests/resources/digest-auth/authorize.php b/LayoutTests/http/tests/resources/digest-auth/authorize.php >new file mode 100644 >index 00000000000..2f7c96f26b4 >--- /dev/null >+++ b/LayoutTests/http/tests/resources/digest-auth/authorize.php >@@ -0,0 +1,19 @@ >+<?php >+ >+require_once "digest.php"; >+ >+if (empty($_SERVER['PHP_AUTH_DIGEST'])) { >+ header('HTTP/1.0 401 Unauthorized'); >+ header("WWW-Authenticate: Digest realm=\"{$realm}\",qop=\"auth\",nonce=\"{$nonce}\",opaque=\"{$opaque}\""); >+ >+ echo "<h1>You are not allowed to see this secret.</h1>"; >+} elseif (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST']))) { >+ header('HTTP/1.0 401 Unauthorized'); >+ echo "<h1>Invalid credentials.</h1>"; >+} elseif (!($username = validate_digest($data))) { >+ header('HTTP/1.0 401 Unauthorized'); >+ echo "<h1>Wrong credentials.</h1>"; >+} else { >+ header('Content-Type: text/plain'); >+ echo 'User: ' . $username . "\n"; >+} >diff --git a/LayoutTests/http/tests/resources/digest-auth/digest.php b/LayoutTests/http/tests/resources/digest-auth/digest.php >new file mode 100644 >index 00000000000..a21a7b7f198 >--- /dev/null >+++ b/LayoutTests/http/tests/resources/digest-auth/digest.php >@@ -0,0 +1,52 @@ >+<?php >+ >+$realm = 'Digest Auth Protected Area'; >+$nonce = uniqid(); >+$opaque = md5($realm); >+ >+$username = 'everybody'; >+$password = 'lovesbeer'; >+ >+function http_digest_parse($txt) >+{ >+ // protect against missing data >+ $needed_parts = [ >+ 'nonce' => 1, >+ 'nc' => 1, >+ 'cnonce' => 1, >+ 'qop' => 1, >+ 'username' => 1, >+ 'uri' => 1, >+ 'response' => 1 >+ ]; >+ $data = []; >+ $keys = implode('|', array_keys($needed_parts)); >+ >+ preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER); >+ >+ foreach ($matches as $m) { >+ $data[$m[1]] = $m[3] ? $m[3] : $m[4]; >+ unset($needed_parts[$m[1]]); >+ } >+ >+ return $needed_parts ? false : $data; >+} >+ >+function validate_digest($data) >+{ >+ global $realm, $username, $password; >+ >+ if ($data['username'] !== $username) >+ return false; >+ >+ $A1 = get_md5_of($data['username'], $realm, $password); >+ $A2 = get_md5_of($_SERVER['REQUEST_METHOD'], $data['uri']); >+ $valid_response = get_md5_of($A1, $data['nonce'], $data['nc'], $data['cnonce'], $data['qop'], $A2); >+ >+ return $data['response'] == $valid_response ? $username : null; >+} >+ >+function get_md5_of(...$items) >+{ >+ return md5(implode(':', $items)); >+} >\ No newline at end of file >diff --git a/LayoutTests/http/tests/xmlhttprequest/digest-auth-expected.txt b/LayoutTests/http/tests/xmlhttprequest/digest-auth-expected.txt >new file mode 100644 >index 00000000000..756577750c4 >--- /dev/null >+++ b/LayoutTests/http/tests/xmlhttprequest/digest-auth-expected.txt >@@ -0,0 +1,2 @@ >+PASS >+User: everybody >diff --git a/LayoutTests/http/tests/xmlhttprequest/digest-auth.html b/LayoutTests/http/tests/xmlhttprequest/digest-auth.html >new file mode 100644 >index 00000000000..1615348a97c >--- /dev/null >+++ b/LayoutTests/http/tests/xmlhttprequest/digest-auth.html >@@ -0,0 +1,23 @@ >+<html> >+<div id="result"></div> >+<div id="username"></div> >+<script> >+ >+ /* >+ * If the request contains credentials in its url, it should be stripped from it. >+ * Also first attempt shouldn't contain basic auth header >+ */ >+ >+ if (window.testRunner) { >+ testRunner.dumpAsText(); >+ } >+ >+ const req = new XMLHttpRequest(); >+ >+ /* Send auth info after getting authorization header. */ >+ req.open('GET', '/resources/digest-auth/authorize.php', false, 'everybody', 'lovesbeer'); >+ req.send(null); >+ document.getElementById('result').innerHTML = req.status == 200 ? 'PASS' : 'FAIL'; >+ document.getElementById('username').innerHTML = req.responseText; >+ >+</script> >\ No newline at end of file
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=348875">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 189286
:
348875
|
348886
|
348936