[catagits/Catalyst-Authentication-Credential-HTTP.git] / t / live_app_digest_dotnet.t

use strict;
use warnings;
use FindBin qw/$Bin/;
use lib "$Bin/lib";
use Test::More;
use Test::Needs {
    'Test::WWW::Mechanize::Catalyst' => '0.51',
    'Catalyst::Plugin::Cache' => '0',
    'Cache::FileCache' => undef,
};

plan tests => 19;

use Digest::MD5;
use HTTP::Request;
use Test::More;
use Test::WWW::Mechanize::Catalyst;

sub do_test {
    my ($username, $uri, $emulate_dotnet, $fail) = @_;
    my $app = $fail ? 'AuthDigestTestApp' : 'AuthDigestDotnetTestApp';
    my $mech = Test::WWW::Mechanize::Catalyst->new(catalyst_app => $app);
    $mech->get("http://localhost/moose");
    is( $mech->status, 401, "status is 401" );
    my $www_auth = $mech->res->headers->header('WWW-Authenticate');
    my %www_auth_params = map {
        my @key_val = split /=/, $_, 2;
        $key_val[0] = lc $key_val[0];
        $key_val[1] =~ s{"}{}g;    # remove the quotes
        @key_val;
    } split /, /, substr( $www_auth, 7 );    #7 == length "Digest "
    $mech->content_lacks( "foo", "no output" );
    my $response = '';
    {
        my $password = 'Circle Of Life';
        my $realm    = $www_auth_params{realm};
        my $nonce    = $www_auth_params{nonce};
        my $cnonce   = '0a4f113b';
        my $opaque   = $www_auth_params{opaque};
        my $nc       = '00000001';
        my $method   = 'GET';
        my $qop      = 'auth';
        $uri         ||= '/moose';
        my $auth_uri = $uri;
        if ($emulate_dotnet) {
          $auth_uri =~ s/\?.*//;
        }
        my $ctx = Digest::MD5->new;
        $ctx->add( join( ':', $username, $realm, $password ) );
        my $A1_digest = $ctx->hexdigest;
        $ctx = Digest::MD5->new;
        $ctx->add( join( ':', $method, $auth_uri ) );
        my $A2_digest = $ctx->hexdigest;
        my $digest = Digest::MD5::md5_hex(
            join( ':',
                $A1_digest, $nonce, $qop ? ( $nc, $cnonce, $qop ) : (), $A2_digest )
        );

        $response = qq{Digest username="$username", realm="$realm", nonce="$nonce", uri="$auth_uri", qop=$qop, nc=$nc, cnonce="$cnonce", response="$digest", opaque="$opaque"};
    }
    my $r = HTTP::Request->new( GET => "http://localhost" . $uri );
    $mech->request($r);
    $r->headers->push_header( Authorization => $response );
    $mech->request($r);
    if ($fail) {
      is( $mech->status, 400, "status is 400" );
    } else {
      is( $mech->status, 200, "status is 200" );
      $mech->content_contains( $username, "Mufasa output" );
    }
}

do_test('Mufasa');
do_test('Mufasa2');
# Test with query string
do_test('Mufasa2', '/moose?moose_id=1');
# Test with query string, emulating .NET, which omits the query string
# from the Authorization header
do_test('Mufasa2', '/moose?moose_id=1', 1);

# Test with query string, emulating .NET, against app without .NET setting;
# authorization should fail
do_test('Mufasa2', '/moose?moose_id=1', 1, 1);
Commit	Line	Data
47a916e2	1	use strict;
	2	use warnings;
	3	use FindBin qw/$Bin/;
	4	use lib "$Bin/lib";
	5	use Test::More;
419d9af2	6	use Test::Needs {
	7	'Test::WWW::Mechanize::Catalyst' => '0.51',
	8	'Catalyst::Plugin::Cache' => '0',
	9	'Cache::FileCache' => undef,
	10	};
	11
	12	plan tests => 19;
	13
47a916e2	14	use Digest::MD5;
	15	use HTTP::Request;
	16	use Test::More;
	17	use Test::WWW::Mechanize::Catalyst;
	18
	19	sub do_test {
	20	my ($username, $uri, $emulate_dotnet, $fail) = @_;
	21	my $app = $fail ? 'AuthDigestTestApp' : 'AuthDigestDotnetTestApp';
	22	my $mech = Test::WWW::Mechanize::Catalyst->new(catalyst_app => $app);
	23	$mech->get("http://localhost/moose");
	24	is( $mech->status, 401, "status is 401" );
	25	my $www_auth = $mech->res->headers->header('WWW-Authenticate');
	26	my %www_auth_params = map {
	27	my @key_val = split /=/, $_, 2;
	28	$key_val[0] = lc $key_val[0];
	29	$key_val[1] =~ s{"}{}g; # remove the quotes
	30	@key_val;
	31	} split /, /, substr( $www_auth, 7 ); #7 == length "Digest "
	32	$mech->content_lacks( "foo", "no output" );
	33	my $response = '';
	34	{
	35	my $password = 'Circle Of Life';
	36	my $realm = $www_auth_params{realm};
	37	my $nonce = $www_auth_params{nonce};
	38	my $cnonce = '0a4f113b';
	39	my $opaque = $www_auth_params{opaque};
	40	my $nc = '00000001';
	41	my $method = 'GET';
	42	my $qop = 'auth';
	43	$uri \|\|= '/moose';
	44	my $auth_uri = $uri;
	45	if ($emulate_dotnet) {
	46	$auth_uri =~ s/\?.*//;
	47	}
	48	my $ctx = Digest::MD5->new;
	49	$ctx->add( join( ':', $username, $realm, $password ) );
	50	my $A1_digest = $ctx->hexdigest;
	51	$ctx = Digest::MD5->new;
	52	$ctx->add( join( ':', $method, $auth_uri ) );
	53	my $A2_digest = $ctx->hexdigest;
	54	my $digest = Digest::MD5::md5_hex(
	55	join( ':',
	56	$A1_digest, $nonce, $qop ? ( $nc, $cnonce, $qop ) : (), $A2_digest )
	57	);
	58
	59	$response = qq{Digest username="$username", realm="$realm", nonce="$nonce", uri="$auth_uri", qop=$qop, nc=$nc, cnonce="$cnonce", response="$digest", opaque="$opaque"};
	60	}
	61	my $r = HTTP::Request->new( GET => "http://localhost" . $uri );
	62	$mech->request($r);
	63	$r->headers->push_header( Authorization => $response );
	64	$mech->request($r);
	65	if ($fail) {
	66	is( $mech->status, 400, "status is 400" );
	67	} else {
	68	is( $mech->status, 200, "status is 200" );
	69	$mech->content_contains( $username, "Mufasa output" );
	70	}
	71	}
	72
	73	do_test('Mufasa');
	74	do_test('Mufasa2');
	75	# Test with query string
	76	do_test('Mufasa2', '/moose?moose_id=1');
	77	# Test with query string, emulating .NET, which omits the query string
78	# from the Authorization header
79	do_test('Mufasa2', '/moose?moose_id=1', 1);
80
81	# Test with query string, emulating .NET, against app without .NET setting;
82	# authorization should fail
83	do_test('Mufasa2', '/moose?moose_id=1', 1, 1);