OWEALs
/
curl
mirror of https://github.com/curl/curl.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220
							<testcase>
<info>
<keywords>
HTTP
HTTP GET
HTTP Basic auth
HTTP Digest auth
</keywords>
</info>
# Server-side
<reply>

<!-- Alternate the order that Basic and Digest headers appear in responses to
ensure that the order doesn't matter. -->

<!-- First request has Digest auth, wrong password -->
<data100>
HTTP/1.1 401 Need Basic or Digest auth
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 27
WWW-Authenticate: Digest realm="testrealm", nonce="1"
WWW-Authenticate: Basic realm="testrealm"

This is not the real page!
</data100>

<data1100>
HTTP/1.1 401 Sorry wrong password
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Basic realm="testrealm"
WWW-Authenticate: Digest realm="testrealm", nonce="2"

This is a bad password page!
</data1100>

<!-- Second request has Basic auth, right password -->
<data200>
HTTP/1.1 200 Things are fine in server land
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 32

Finally, this is the real page!
</data200>

<!-- Third request has Digest auth, wrong password -->
<data300>
HTTP/1.1 401 Need Basic or Digest auth (2)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 27
WWW-Authenticate: Digest realm="testrealm", nonce="3"
WWW-Authenticate: Basic realm="testrealm"

This is not the real page!
</data300>

<data1300>
HTTP/1.1 401 Sorry wrong password (2)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Basic realm="testrealm"
WWW-Authenticate: Digest realm="testrealm", nonce="4"

This is a bad password page!
</data1300>

<!-- Fourth request has Basic auth, wrong password -->
<data400>
HTTP/1.1 401 Sorry wrong password (3)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Digest realm="testrealm", nonce="5"
WWW-Authenticate: Basic realm="testrealm"

This is a bad password page!
</data400>

<!-- Fifth request has Basic auth, right password -->
<data500>
HTTP/1.1 200 Things are fine in server land (2)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 32

Finally, this is the real page!
</data500>

<datacheck>
HTTP/1.1 401 Need Basic or Digest auth
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 27
WWW-Authenticate: Digest realm="testrealm", nonce="1"
WWW-Authenticate: Basic realm="testrealm"

HTTP/1.1 401 Sorry wrong password
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Basic realm="testrealm"
WWW-Authenticate: Digest realm="testrealm", nonce="2"

This is a bad password page!
HTTP/1.1 200 Things are fine in server land
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 32

Finally, this is the real page!
HTTP/1.1 401 Need Basic or Digest auth (2)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 27
WWW-Authenticate: Digest realm="testrealm", nonce="3"
WWW-Authenticate: Basic realm="testrealm"

HTTP/1.1 401 Sorry wrong password (2)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Basic realm="testrealm"
WWW-Authenticate: Digest realm="testrealm", nonce="4"

This is a bad password page!
HTTP/1.1 401 Sorry wrong password (3)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Digest realm="testrealm", nonce="5"
WWW-Authenticate: Basic realm="testrealm"

This is a bad password page!
HTTP/1.1 200 Things are fine in server land (2)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 32

Finally, this is the real page!
</datacheck>

</reply>

# Client-side
<client>
<server>
http
</server>
<features>
!SSPI
crypto
</features>
<tool>
libauthretry
</tool>

 <name>
HTTP authorization retry (Digest switching to Basic)
 </name>
 <setenv>
# we force our own host name, in order to make the test machine independent
CURL_GETHOSTNAME=curlhost
# we try to use the LD_PRELOAD hack, if not a debug build
LD_PRELOAD=%PWD/libtest/.libs/libhostname.so
 </setenv>
 <command>
http://%HOSTIP:%HTTPPORT/2026 digest basic
</command>
<precheck>
chkhostname curlhost
</precheck>
</client>

# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET /20260100 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*

GET /20260100 HTTP/1.1
Authorization: Digest username="testuser", realm="testrealm", nonce="1", uri="/20260100", response="5f992a2e761ab926256419f7c685f85b"
Host: %HOSTIP:%HTTPPORT
Accept: */*

GET /20260200 HTTP/1.1
Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M=
Host: %HOSTIP:%HTTPPORT
Accept: */*

GET /20260300 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*

GET /20260300 HTTP/1.1
Authorization: Digest username="testuser", realm="testrealm", nonce="3", uri="/20260300", response="132242e602882251929be93228c830ae"
Host: %HOSTIP:%HTTPPORT
Accept: */*

GET /20260400 HTTP/1.1
Authorization: Basic dGVzdHVzZXI6d3JvbmdwYXNz
Host: %HOSTIP:%HTTPPORT
Accept: */*

GET /20260500 HTTP/1.1
Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M=
Host: %HOSTIP:%HTTPPORT
Accept: */*

</protocol>
</verify>
</testcase>