[catagits/Catalyst-Authentication-Credential-HTTP.git] / t / live_app_digest.t

#!/usr/bin/perl
use strict;
use warnings;
use Test::More;
BEGIN {
    eval { require Test::WWW::Mechanize::Catalyst }
      or plan skip_all =>
      "Test::WWW::Mechanize::Catalyst is needed for this test";
    eval { require Catalyst::Plugin::Cache }
      or plan skip_all =>
      "Catalyst::Plugin::Cache is needed for this test";
    eval { require Cache::FileCache }
      or plan skip_all =>
      "Cache::FileCache is needed for this test";
    plan tests => 12;
}
use Digest::MD5;
use HTTP::Request;
{
    package AuthTestApp;
    use Catalyst qw/
      Authentication
      Cache
      /;
    use Test::More;
    our %users;
    sub moose : Local {
        my ( $self, $c ) = @_;
        #$c->authenticate( { realm => 'testrealm@host.com' } );
        $c->authenticate();
        $c->res->body( $c->user->id );
    }
    my $digest_pass = Digest::MD5->new;
    $digest_pass->add('Mufasa2:testrealm@host.com:Circle Of Life');
    %users = ( 
        Mufasa  => { pass         => "Circle Of Life",          }, 
        Mufasa2 => { pass         => $digest_pass->hexdigest, },
    );
    __PACKAGE__->config->{cache}{backend} = {
        class => 'Cache::FileCache',
    };
    __PACKAGE__->config( authentication => {
        default_realm => 'testrealm@host.com',
        realms => {
            'testrealm@host.com' => {
                store => {
                    class => 'Minimal',
                    users => \%users,
                },
                credential => {
                    class => 'HTTP',
                    type  => 'digest',
                    password_type => 'clear', 
                    password_field => 'pass'
                },
            },
        },
    });
    __PACKAGE__->setup;
}
use Test::WWW::Mechanize::Catalyst qw/AuthTestApp/;

sub do_test {
    my $username = shift;
    my $uri = shift;
    my $mech = Test::WWW::Mechanize::Catalyst->new;
    $mech->get("http://localhost/moose");
    is( $mech->status, 401, "status is 401" );
    my $www_auth = $mech->res->headers->header('WWW-Authenticate');
    my %www_auth_params = map {
        my @key_val = split /=/, $_, 2;
        $key_val[0] = lc $key_val[0];
        $key_val[1] =~ s{"}{}g;    # remove the quotes
        @key_val;
    } split /, /, substr( $www_auth, 7 );    #7 == length "Digest "
    $mech->content_lacks( "foo", "no output" );
    my $response = '';
    {
        my $password = 'Circle Of Life';
        my $realm    = $www_auth_params{realm};
        my $nonce    = $www_auth_params{nonce};
        my $cnonce   = '0a4f113b';
        my $opaque   = $www_auth_params{opaque};
        my $nc       = '00000001';
        my $method   = 'GET';
        my $qop      = 'auth';
        $uri         ||= '/moose';
        my $ctx = Digest::MD5->new;
        $ctx->add( join( ':', $username, $realm, $password ) );
        my $A1_digest = $ctx->hexdigest;
        $ctx = Digest::MD5->new;
        $ctx->add( join( ':', $method, $uri ) );
        my $A2_digest = $ctx->hexdigest;
        my $digest = Digest::MD5::md5_hex(
            join( ':',
                $A1_digest, $nonce, $qop ? ( $nc, $cnonce, $qop ) : (), $A2_digest )
        );

        $response = qq{Digest username="$username", realm="$realm", nonce="$nonce", uri="$uri", qop=$qop, nc=$nc, cnonce="$cnonce", response="$digest", opaque="$opaque"};
    }
    my $r = HTTP::Request->new( GET => "http://localhost" . $uri );
    $mech->request($r);
    $r->headers->push_header( Authorization => $response );
    $mech->request($r);
    is( $mech->status, 200, "status is 200" );
    $mech->content_contains( $username, "Mufasa output" );
}

do_test('Mufasa');
do_test('Mufasa2');
do_test('Mufasa', '/moose?moose_id=1'); # Digest auth includes the full URL path, so need to test query strings
Commit	Line	Data
007935b8	1	#!/usr/bin/perl
007935b8	2	use strict;
007935b8	3	use warnings;
007935b8	4	use Test::More;
007935b8	5	BEGIN {
	6	eval { require Test::WWW::Mechanize::Catalyst }
	7	or plan skip_all =>
	8	"Test::WWW::Mechanize::Catalyst is needed for this test";
5b51e987	9	eval { require Catalyst::Plugin::Cache }
007935b8	10	or plan skip_all =>
5b51e987	11	"Catalyst::Plugin::Cache is needed for this test";
513d8ab6	12	eval { require Cache::FileCache }
5b51e987	13	or plan skip_all =>
5b51e987	14	"Cache::FileCache is needed for this test";
2dad9ca6	15	plan tests => 12;
007935b8	16	}
c5a1fa88	17	use Digest::MD5;
007935b8	18	use HTTP::Request;
007935b8	19	{
007935b8	20	package AuthTestApp;
	21	use Catalyst qw/
	22	Authentication
5b51e987	23	Cache
007935b8	24	/;
007935b8	25	use Test::More;
513d8ab6	26	our %users;
007935b8	27	sub moose : Local {
007935b8	28	my ( $self, $c ) = @_;
513d8ab6	29	#$c->authenticate( { realm => 'testrealm@host.com' } );
513d8ab6	30	$c->authenticate();
007935b8	31	$c->res->body( $c->user->id );
007935b8	32	}
c5a1fa88	33	my $digest_pass = Digest::MD5->new;
	34	$digest_pass->add('Mufasa2:testrealm@host.com:Circle Of Life');
	35	%users = (
	36	Mufasa => { pass => "Circle Of Life", },
	37	Mufasa2 => { pass => $digest_pass->hexdigest, },
	38	);
5b51e987	39	__PACKAGE__->config->{cache}{backend} = {
	40	class => 'Cache::FileCache',
	41	};
513d8ab6	42	__PACKAGE__->config( authentication => {
	43	default_realm => 'testrealm@host.com',
	44	realms => {
	45	'testrealm@host.com' => {
	46	store => {
	47	class => 'Minimal',
	48	users => \%users,
	49	},
	50	credential => {
	51	class => 'HTTP',
	52	type => 'digest',
490754a8	53	password_type => 'clear',
490754a8	54	password_field => 'pass'
513d8ab6	55	},
	56	},
	57	},
	58	});
007935b8	59	__PACKAGE__->setup;
007935b8	60	}
007935b8	61	use Test::WWW::Mechanize::Catalyst qw/AuthTestApp/;
a14203f8	62
c5a1fa88	63	sub do_test {
c5a1fa88	64	my $username = shift;
2dad9ca6	65	my $uri = shift;
c5a1fa88	66	my $mech = Test::WWW::Mechanize::Catalyst->new;
	67	$mech->get("http://localhost/moose");
	68	is( $mech->status, 401, "status is 401" );
	69	my $www_auth = $mech->res->headers->header('WWW-Authenticate');
	70	my %www_auth_params = map {
	71	my @key_val = split /=/, $_, 2;
	72	$key_val[0] = lc $key_val[0];
	73	$key_val[1] =~ s{"}{}g; # remove the quotes
	74	@key_val;
	75	} split /, /, substr( $www_auth, 7 ); #7 == length "Digest "
	76	$mech->content_lacks( "foo", "no output" );
	77	my $response = '';
	78	{
	79	my $password = 'Circle Of Life';
	80	my $realm = $www_auth_params{realm};
	81	my $nonce = $www_auth_params{nonce};
	82	my $cnonce = '0a4f113b';
	83	my $opaque = $www_auth_params{opaque};
	84	my $nc = '00000001';
	85	my $method = 'GET';
	86	my $qop = 'auth';
2dad9ca6	87	$uri \|\|= '/moose';
c5a1fa88	88	my $ctx = Digest::MD5->new;
	89	$ctx->add( join( ':', $username, $realm, $password ) );
	90	my $A1_digest = $ctx->hexdigest;
	91	$ctx = Digest::MD5->new;
	92	$ctx->add( join( ':', $method, $uri ) );
	93	my $A2_digest = $ctx->hexdigest;
	94	my $digest = Digest::MD5::md5_hex(
	95	join( ':',
	96	$A1_digest, $nonce, $qop ? ( $nc, $cnonce, $qop ) : (), $A2_digest )
	97	);
	98
	99	$response = qq{Digest username="$username", realm="$realm", nonce="$nonce", uri="$uri", qop=$qop, nc=$nc, cnonce="$cnonce", response="$digest", opaque="$opaque"};
	100	}
2dad9ca6	101	my $r = HTTP::Request->new( GET => "http://localhost" . $uri );
c5a1fa88	102	$mech->request($r);
	103	$r->headers->push_header( Authorization => $response );
	104	$mech->request($r);
	105	is( $mech->status, 200, "status is 200" );
	106	$mech->content_contains( $username, "Mufasa output" );
007935b8	107	}
513d8ab6	108
c5a1fa88	109	do_test('Mufasa');
2dad9ca6	110	do_test('Mufasa2');
2dad9ca6	111	do_test('Mufasa', '/moose?moose_id=1'); # Digest auth includes the full URL path, so need to test query strings