AlkantarClanX12

Your IP : 18.224.59.107


Current Path : /opt/alt/ruby21/lib64/ruby/gems/2.1.0/gems/rack-1.6.4/test/
Upload File :
Current File : //opt/alt/ruby21/lib64/ruby/gems/2.1.0/gems/rack-1.6.4/test/spec_auth_digest.rb

require 'rack/auth/digest/md5'
require 'rack/lint'
require 'rack/mock'

describe Rack::Auth::Digest::MD5 do
  def realm
    'WallysWorld'
  end

  def unprotected_app
    Rack::Lint.new lambda { |env|
      friend = Rack::Utils.parse_query(env["QUERY_STRING"])["friend"]
      [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}#{friend ? " and #{friend}" : ''}"] ]
    }
  end

  def protected_app
    Rack::Auth::Digest::MD5.new(unprotected_app, :realm => realm, :opaque => 'this-should-be-secret') do |username|
      { 'Alice' => 'correct-password' }[username]
    end
  end

  def protected_app_with_hashed_passwords
    app = Rack::Auth::Digest::MD5.new(unprotected_app) do |username|
      username == 'Alice' ? Digest::MD5.hexdigest("Alice:#{realm}:correct-password") : nil
    end
    app.realm = realm
    app.opaque = 'this-should-be-secret'
    app.passwords_hashed = true
    app
  end

  def partially_protected_app
    Rack::URLMap.new({
      '/' => unprotected_app,
      '/protected' => protected_app
    })
  end

  def protected_app_with_method_override
    Rack::MethodOverride.new(protected_app)
  end

  before do
    @request = Rack::MockRequest.new(protected_app)
  end

  def request(method, path, headers = {}, &block)
    response = @request.request(method, path, headers)
    block.call(response) if block
    return response
  end

  class MockDigestRequest
    def initialize(params)
      @params = params
    end
    def method_missing(sym)
      if @params.has_key? k = sym.to_s
        return @params[k]
      end
      super
    end
    def method
      @params['method']
    end
    def response(password)
      Rack::Auth::Digest::MD5.new(nil).send :digest, self, password
    end
  end

  def request_with_digest_auth(method, path, username, password, options = {}, &block)
    request_options = {}
    request_options[:input] = options.delete(:input) if options.include? :input

    response = request(method, path, request_options)

    return response unless response.status == 401

    if wait = options.delete(:wait)
      sleep wait
    end

    challenge = response['WWW-Authenticate'].split(' ', 2).last

    params = Rack::Auth::Digest::Params.parse(challenge)

    params['username'] = username
    params['nc'] = '00000001'
    params['cnonce'] = 'nonsensenonce'
    params['uri'] = path

    params['method'] = method

    params.update options

    params['response'] = MockDigestRequest.new(params).response(password)

    request(method, path, request_options.merge('HTTP_AUTHORIZATION' => "Digest #{params}"), &block)
  end

  def assert_digest_auth_challenge(response)
    response.should.be.a.client_error
    response.status.should.equal 401
    response.should.include 'WWW-Authenticate'
    response.headers['WWW-Authenticate'].should =~ /^Digest /
    response.body.should.be.empty
  end

  def assert_bad_request(response)
    response.should.be.a.client_error
    response.status.should.equal 400
    response.should.not.include 'WWW-Authenticate'
  end

  should 'challenge when no credentials are specified' do
    request 'GET', '/' do |response|
      assert_digest_auth_challenge response
    end
  end

  should 'return application output if correct credentials given' do
    request_with_digest_auth 'GET', '/', 'Alice', 'correct-password' do |response|
      response.status.should.equal 200
      response.body.to_s.should.equal 'Hi Alice'
    end
  end

  should 'return application output if correct credentials given (hashed passwords)' do
    @request = Rack::MockRequest.new(protected_app_with_hashed_passwords)

    request_with_digest_auth 'GET', '/', 'Alice', 'correct-password' do |response|
      response.status.should.equal 200
      response.body.to_s.should.equal 'Hi Alice'
    end
  end

  should 'rechallenge if incorrect username given' do
    request_with_digest_auth 'GET', '/', 'Bob', 'correct-password' do |response|
      assert_digest_auth_challenge response
    end
  end

  should 'rechallenge if incorrect password given' do
    request_with_digest_auth 'GET', '/', 'Alice', 'wrong-password' do |response|
      assert_digest_auth_challenge response
    end
  end

  should 'rechallenge if incorrect user and blank password given' do
    request_with_digest_auth 'GET', '/', 'Bob', '' do |response|
      assert_digest_auth_challenge response
    end
  end

  should 'not rechallenge if nonce is not stale' do
    begin
      Rack::Auth::Digest::Nonce.time_limit = 10

      request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', :wait => 1 do |response|
        response.status.should.equal 200
        response.body.to_s.should.equal 'Hi Alice'
        response.headers['WWW-Authenticate'].should.not =~ /\bstale=true\b/
      end
    ensure
      Rack::Auth::Digest::Nonce.time_limit = nil
    end
  end

  should 'rechallenge with stale parameter if nonce is stale' do
    begin
      Rack::Auth::Digest::Nonce.time_limit = 1

      request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', :wait => 2 do |response|
        assert_digest_auth_challenge response
        response.headers['WWW-Authenticate'].should =~ /\bstale=true\b/
      end
    ensure
      Rack::Auth::Digest::Nonce.time_limit = nil
    end
  end

  should 'return 400 Bad Request if incorrect qop given' do
    request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', 'qop' => 'auth-int' do |response|
      assert_bad_request response
    end
  end

  should 'return 400 Bad Request if incorrect uri given' do
    request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', 'uri' => '/foo' do |response|
      assert_bad_request response
    end
  end

  should 'return 400 Bad Request if different auth scheme used' do
    request 'GET', '/', 'HTTP_AUTHORIZATION' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==' do |response|
      assert_bad_request response
    end
  end

  should 'not require credentials for unprotected path' do
    @request = Rack::MockRequest.new(partially_protected_app)
    request 'GET', '/' do |response|
      response.should.be.ok
    end
  end

  should 'challenge when no credentials are specified for protected path' do
    @request = Rack::MockRequest.new(partially_protected_app)
    request 'GET', '/protected' do |response|
      assert_digest_auth_challenge response
    end
  end

  should 'return application output if correct credentials given for protected path' do
    @request = Rack::MockRequest.new(partially_protected_app)
    request_with_digest_auth 'GET', '/protected', 'Alice', 'correct-password' do |response|
      response.status.should.equal 200
      response.body.to_s.should.equal 'Hi Alice'
    end
  end

  should 'return application output when used with a query string and path as uri' do
    @request = Rack::MockRequest.new(partially_protected_app)
    request_with_digest_auth 'GET', '/protected?friend=Mike', 'Alice', 'correct-password' do |response|
      response.status.should.equal 200
      response.body.to_s.should.equal 'Hi Alice and Mike'
    end
  end

  should 'return application output when used with a query string and fullpath as uri' do
    @request = Rack::MockRequest.new(partially_protected_app)
    qs_uri = '/protected?friend=Mike'
    request_with_digest_auth 'GET', qs_uri, 'Alice', 'correct-password', 'uri' => qs_uri do |response|
      response.status.should.equal 200
      response.body.to_s.should.equal 'Hi Alice and Mike'
    end
  end

  should 'return application output if correct credentials given for POST' do
    request_with_digest_auth 'POST', '/', 'Alice', 'correct-password' do |response|
      response.status.should.equal 200
      response.body.to_s.should.equal 'Hi Alice'
    end
  end

  should 'return application output if correct credentials given for PUT (using method override of POST)' do
    @request = Rack::MockRequest.new(protected_app_with_method_override)
    request_with_digest_auth 'POST', '/', 'Alice', 'correct-password', :input => "_method=put" do |response|
      response.status.should.equal 200
      response.body.to_s.should.equal 'Hi Alice'
    end
  end

  it 'takes realm as optional constructor arg' do
    app = Rack::Auth::Digest::MD5.new(unprotected_app, realm) { true }
    realm.should == app.realm
  end
end