[catagits/Catalyst-Authentication-Credential-HTTP.git] / t / live_app_digest.t

#!/usr/bin/perl

use strict;
use warnings;

use Test::More;

BEGIN {
    eval { require Test::WWW::Mechanize::Catalyst }
      or plan skip_all =>
      "Test::WWW::Mechanize::Catalyst is needed for this test";
    eval { require Catalyst::Plugin::Cache::FileCache }
      or plan skip_all =>
      "Catalyst::Plugin::Cache::FileCache is needed for this test";
    plan tests => 4;
}

use HTTP::Request;

{

    package AuthTestApp;
    use Catalyst qw/
      Authentication
      Authentication::Store::Minimal
      Authentication::Credential::HTTP
      Cache::FileCache
      /;

    use Test::More;

    our $users;

    sub moose : Local {
        my ( $self, $c ) = @_;

        $c->authorization_required( realm => 'testrealm@host.com' );

        $c->res->body( $c->user->id );
    }
    __PACKAGE__->config->{authentication}{http}{type} = 'digest';
    __PACKAGE__->config->{authentication}{users} = $users = {
        Mufasa => { password         => "Circle Of Life", },
    };

    __PACKAGE__->setup;
}

use Test::WWW::Mechanize::Catalyst qw/AuthTestApp/;

my $mech = Test::WWW::Mechanize::Catalyst->new;

$mech->get("http://localhost/moose");
is( $mech->status, 401, "status is 401" );

my $www_auth = $mech->res->headers->header('WWW-Authenticate');
my %www_auth_params = map {

    my @key_val = split /=/, $_, 2;

    $key_val[0] = lc $key_val[0];

    $key_val[1] =~ s{"}{}g;    # remove the quotes

    @key_val;

} split /, /, substr( $www_auth, 7 );    #7 == length "Digest "

$mech->content_lacks( "foo", "no output" );

my $response = '';
{
    my $username = 'Mufasa';

    my $password = 'Circle Of Life';

    my $realm    = $www_auth_params{realm};

    my $nonce    = $www_auth_params{nonce};

    my $cnonce   = '0a4f113b';

    my $opaque   = $www_auth_params{opaque};

    my $nc       = '00000001';

    my $method   = 'GET';

    my $qop      = 'auth';

    my $uri      = '/moose';

    my $ctx = Digest::MD5->new;

    $ctx->add( join( ':', $username, $realm, $password ) );

    my $A1_digest = $ctx->hexdigest;

    $ctx = Digest::MD5->new;

    $ctx->add( join( ':', $method, $uri ) );

    my $A2_digest = $ctx->hexdigest;

    my $digest = Digest::MD5::md5_hex(

        join( ':',

            $A1_digest, $nonce, $qop ? ( $nc, $cnonce, $qop ) : (), $A2_digest )

    );


    $response = qq{Digest username="$username", realm="$realm", nonce="$nonce", uri="$uri", qop=$qop, nc=$nc, cnonce="$cnonce", response="$digest", opaque="$opaque"};
}

my $r = HTTP::Request->new( GET => "http://localhost/moose" );
$mech->request($r);

$r->headers->push_header( Authorization => $response );
$mech->request($r);

is( $mech->status, 200, "status is 200" );
$mech->content_contains( "Mufasa", "Mufasa output" );
Commit	Line	Data
007935b8	1	#!/usr/bin/perl
	2
	3	use strict;
	4	use warnings;
	5
	6	use Test::More;
	7
	8	BEGIN {
	9	eval { require Test::WWW::Mechanize::Catalyst }
	10	or plan skip_all =>
	11	"Test::WWW::Mechanize::Catalyst is needed for this test";
	12	eval { require Catalyst::Plugin::Cache::FileCache }
	13	or plan skip_all =>
	14	"Catalyst::Plugin::Cache::FileCache is needed for this test";
	15	plan tests => 4;
	16	}
	17
	18	use HTTP::Request;
	19
	20	{
	21
	22	package AuthTestApp;
	23	use Catalyst qw/
	24	Authentication
	25	Authentication::Store::Minimal
	26	Authentication::Credential::HTTP
	27	Cache::FileCache
	28	/;
	29
	30	use Test::More;
	31
	32	our $users;
	33
	34	sub moose : Local {
	35	my ( $self, $c ) = @_;
	36
	37	$c->authorization_required( realm => 'testrealm@host.com' );
	38
	39	$c->res->body( $c->user->id );
	40	}
	41	__PACKAGE__->config->{authentication}{http}{type} = 'digest';
	42	__PACKAGE__->config->{authentication}{users} = $users = {
	43	Mufasa => { password => "Circle Of Life", },
	44	};
	45
	46	__PACKAGE__->setup;
	47	}
	48
	49	use Test::WWW::Mechanize::Catalyst qw/AuthTestApp/;
	50
	51	my $mech = Test::WWW::Mechanize::Catalyst->new;
	52
	53	$mech->get("http://localhost/moose");
	54	is( $mech->status, 401, "status is 401" );
	55
	56	my $www_auth = $mech->res->headers->header('WWW-Authenticate');
a14203f8	57	my %www_auth_params = map {
	58
	59	my @key_val = split /=/, $_, 2;
	60
	61	$key_val[0] = lc $key_val[0];
	62
	63	$key_val[1] =~ s{"}{}g; # remove the quotes
	64
	65	@key_val;
	66
007935b8	67	} split /, /, substr( $www_auth, 7 ); #7 == length "Digest "
	68
	69	$mech->content_lacks( "foo", "no output" );
	70
	71	my $response = '';
	72	{
a14203f8	73	my $username = 'Mufasa';
	74
	75	my $password = 'Circle Of Life';
	76
	77	my $realm = $www_auth_params{realm};
	78
	79	my $nonce = $www_auth_params{nonce};
	80
	81	my $cnonce = '0a4f113b';
	82
	83	my $opaque = $www_auth_params{opaque};
	84
	85	my $nc = '00000001';
	86
	87	my $method = 'GET';
	88
	89	my $qop = 'auth';
	90
007935b8	91	my $uri = '/moose';
007935b8	92
a14203f8	93	my $ctx = Digest::MD5->new;
	94
	95	$ctx->add( join( ':', $username, $realm, $password ) );
	96
007935b8	97	my $A1_digest = $ctx->hexdigest;
007935b8	98
a14203f8	99	$ctx = Digest::MD5->new;
	100
	101	$ctx->add( join( ':', $method, $uri ) );
	102
007935b8	103	my $A2_digest = $ctx->hexdigest;
007935b8	104
a14203f8	105	my $digest = Digest::MD5::md5_hex(
	106
	107	join( ':',
	108
	109	$A1_digest, $nonce, $qop ? ( $nc, $cnonce, $qop ) : (), $A2_digest )
	110
	111	);
	112
007935b8	113
	114	$response = qq{Digest username="$username", realm="$realm", nonce="$nonce", uri="$uri", qop=$qop, nc=$nc, cnonce="$cnonce", response="$digest", opaque="$opaque"};
	115	}
	116
	117	my $r = HTTP::Request->new( GET => "http://localhost/moose" );
	118	$mech->request($r);
	119
	120	$r->headers->push_header( Authorization => $response );
	121	$mech->request($r);
	122
	123	is( $mech->status, 200, "status is 200" );
	124	$mech->content_contains( "Mufasa", "Mufasa output" );
	125