2
0

test_14_auth.py 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-
  3. #***************************************************************************
  4. # _ _ ____ _
  5. # Project ___| | | | _ \| |
  6. # / __| | | | |_) | |
  7. # | (__| |_| | _ <| |___
  8. # \___|\___/|_| \_\_____|
  9. #
  10. # Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  11. #
  12. # This software is licensed as described in the file COPYING, which
  13. # you should have received as part of this distribution. The terms
  14. # are also available at https://curl.se/docs/copyright.html.
  15. #
  16. # You may opt to use, copy, modify, merge, publish, distribute and/or sell
  17. # copies of the Software, and permit persons to whom the Software is
  18. # furnished to do so, under the terms of the COPYING file.
  19. #
  20. # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  21. # KIND, either express or implied.
  22. #
  23. # SPDX-License-Identifier: curl
  24. #
  25. ###########################################################################
  26. #
  27. import logging
  28. import os
  29. import pytest
  30. from testenv import Env, CurlClient
  31. log = logging.getLogger(__name__)
  32. class TestAuth:
  33. @pytest.fixture(autouse=True, scope='class')
  34. def _class_scope(self, env, httpd, nghttpx):
  35. if env.have_h3():
  36. nghttpx.start_if_needed()
  37. env.make_data_file(indir=env.gen_dir, fname="data-10m", fsize=10*1024*1024)
  38. httpd.clear_extra_configs()
  39. httpd.reload()
  40. # download 1 file, not authenticated
  41. @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
  42. def test_14_01_digest_get_noauth(self, env: Env, httpd, nghttpx, repeat, proto):
  43. if proto == 'h3' and not env.have_h3():
  44. pytest.skip("h3 not supported")
  45. curl = CurlClient(env=env)
  46. url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
  47. r = curl.http_download(urls=[url], alpn_proto=proto)
  48. r.check_response(http_status=401)
  49. # download 1 file, authenticated
  50. @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
  51. def test_14_02_digest_get_auth(self, env: Env, httpd, nghttpx, repeat, proto):
  52. if proto == 'h3' and not env.have_h3():
  53. pytest.skip("h3 not supported")
  54. curl = CurlClient(env=env)
  55. url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
  56. r = curl.http_download(urls=[url], alpn_proto=proto, extra_args=[
  57. '--digest', '--user', 'test:test'
  58. ])
  59. r.check_response(http_status=200)
  60. # PUT data, authenticated
  61. @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
  62. def test_14_03_digest_put_auth(self, env: Env, httpd, nghttpx, repeat, proto):
  63. if proto == 'h3' and not env.have_h3():
  64. pytest.skip("h3 not supported")
  65. data='0123456789'
  66. curl = CurlClient(env=env)
  67. url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
  68. r = curl.http_upload(urls=[url], data=data, alpn_proto=proto, extra_args=[
  69. '--digest', '--user', 'test:test'
  70. ])
  71. r.check_response(http_status=200)
  72. # PUT data, digest auth large pw
  73. @pytest.mark.parametrize("proto", ['h2', 'h3'])
  74. def test_14_04_digest_large_pw(self, env: Env, httpd, nghttpx, repeat, proto):
  75. if proto == 'h3' and not env.have_h3():
  76. pytest.skip("h3 not supported")
  77. data='0123456789'
  78. password = 'x' * 65535
  79. curl = CurlClient(env=env)
  80. url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
  81. r = curl.http_upload(urls=[url], data=data, alpn_proto=proto, extra_args=[
  82. '--digest', '--user', f'test:{password}',
  83. '--trace-config', 'http/2,http/3'
  84. ])
  85. # digest does not submit the password, but a hash of it, so all
  86. # works and, since the pw is not correct, we get a 401
  87. r.check_response(http_status=401)
  88. # PUT data, basic auth large pw
  89. @pytest.mark.parametrize("proto", ['h2', 'h3'])
  90. def test_14_05_basic_large_pw(self, env: Env, httpd, nghttpx, repeat, proto):
  91. if proto == 'h3' and not env.have_h3():
  92. pytest.skip("h3 not supported")
  93. if proto == 'h3' and not env.curl_uses_lib('ngtcp2'):
  94. # See <https://github.com/cloudflare/quiche/issues/1573>
  95. pytest.skip("quiche/openssl-quic have problems with large requests")
  96. # just large enough that nghttp2 will submit
  97. password = 'x' * (47 * 1024)
  98. fdata = os.path.join(env.gen_dir, 'data-10m')
  99. curl = CurlClient(env=env)
  100. url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
  101. r = curl.http_upload(urls=[url], data=f'@{fdata}', alpn_proto=proto, extra_args=[
  102. '--basic', '--user', f'test:{password}',
  103. '--trace-config', 'http/2,http/3'
  104. ])
  105. # but apache denies on length limit
  106. r.check_response(http_status=431)
  107. # PUT data, basic auth with very large pw
  108. @pytest.mark.parametrize("proto", ['h2', 'h3'])
  109. def test_14_06_basic_very_large_pw(self, env: Env, httpd, nghttpx, repeat, proto):
  110. if proto == 'h3' and not env.have_h3():
  111. pytest.skip("h3 not supported")
  112. if proto == 'h3' and env.curl_uses_lib('quiche'):
  113. # See <https://github.com/cloudflare/quiche/issues/1573>
  114. pytest.skip("quiche has problems with large requests")
  115. password = 'x' * (64 * 1024)
  116. fdata = os.path.join(env.gen_dir, 'data-10m')
  117. curl = CurlClient(env=env)
  118. url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
  119. r = curl.http_upload(urls=[url], data=f'@{fdata}', alpn_proto=proto, extra_args=[
  120. '--basic', '--user', f'test:{password}'
  121. ])
  122. # Depending on protocol, we might have an error sending or
  123. # the server might shutdown the connection and we see the error
  124. # on receiving
  125. assert r.exit_code in [55, 56], f'{r.dump_logs()}'