static void
do_clear_credentials_test (void)
{
SoupSession *session;
SoupAuthManager *manager;
char *uri;
SOUP_TEST_SKIP_IF_NO_APACHE;
session = soup_test_session_new (SOUP_TYPE_SESSION, NULL);
uri = g_strconcat (base_uri, "Digest/realm1/", NULL);
do_digest_nonce_test (session, "First", uri, TRUE, TRUE, TRUE);
manager = SOUP_AUTH_MANAGER (soup_session_get_feature (session, SOUP_TYPE_AUTH_MANAGER));
soup_auth_manager_clear_cached_credentials (manager);
do_digest_nonce_test (session, "Second", uri, TRUE, TRUE, TRUE);
g_free (uri);
soup_test_session_abort_unref (session);
}
static void
do_digest_expiration_test (void)
{
SoupSession *session;
char *uri;
SOUP_TEST_SKIP_IF_NO_APACHE;
session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
uri = g_strconcat (base_uri, "Digest/realm1/", NULL);
do_digest_nonce_test (session, "First", uri, TRUE, TRUE, TRUE);
g_free (uri);
sleep (2);
uri = g_strconcat (base_uri, "Digest/realm1/expire/", NULL);
do_digest_nonce_test (session, "Second", uri, TRUE, TRUE, FALSE);
sleep (1);
do_digest_nonce_test (session, "Third", uri, TRUE, FALSE, FALSE);
sleep (1);
do_digest_nonce_test (session, "Fourth", uri, TRUE, FALSE, FALSE);
g_free (uri);
soup_test_session_abort_unref (session);
}
static void
do_digest_expiration_test (const char *base_uri)
{
SoupSession *session;
char *uri;
debug_printf (1, "\nTesting digest nonce expiration:\n");
session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
uri = g_strconcat (base_uri, "Digest/realm1/", NULL);
do_digest_nonce_test (session, "First", uri, TRUE, TRUE);
g_free (uri);
sleep (2);
uri = g_strconcat (base_uri, "Digest/realm1/expire/", NULL);
do_digest_nonce_test (session, "Second", uri, TRUE, FALSE);
sleep (1);
do_digest_nonce_test (session, "Third", uri, FALSE, FALSE);
sleep (1);
do_digest_nonce_test (session, "Fourth", uri, FALSE, FALSE);
g_free (uri);
soup_test_session_abort_unref (session);
}
static void
do_message_do_not_use_auth_cache_test (void)
{
SoupSession *session;
SoupAuthManager *manager;
SoupURI *soup_uri;
char *uri;
char *uri_with_credentials;
SOUP_TEST_SKIP_IF_NO_APACHE;
session = soup_test_session_new (SOUP_TYPE_SESSION, NULL);
uri = g_strconcat (base_uri, "Digest/realm1/", NULL);
/* First check that cached credentials are not used */
do_digest_nonce_test (session, "First", uri, TRUE, TRUE, TRUE);
do_digest_nonce_test (session, "Second", uri, TRUE, FALSE, FALSE);
do_digest_nonce_test (session, "Third", uri, FALSE, TRUE, TRUE);
/* Passing credentials in the URI should always authenticate
* no matter whether the cache is used or not
*/
soup_uri = soup_uri_new (uri);
soup_uri_set_user (soup_uri, "user1");
soup_uri_set_password (soup_uri, "realm1");
uri_with_credentials = soup_uri_to_string (soup_uri, FALSE);
soup_uri_free (soup_uri);
do_digest_nonce_test (session, "Fourth", uri_with_credentials, FALSE, TRUE, FALSE);
g_free (uri_with_credentials);
manager = SOUP_AUTH_MANAGER (soup_session_get_feature (session, SOUP_TYPE_AUTH_MANAGER));
soup_auth_manager_clear_cached_credentials (manager);
/* Now check that credentials are not stored */
do_digest_nonce_test (session, "First", uri, FALSE, TRUE, TRUE);
do_digest_nonce_test (session, "Second", uri, TRUE, TRUE, TRUE);
do_digest_nonce_test (session, "Third", uri, TRUE, FALSE, FALSE);
g_free (uri);
soup_test_session_abort_unref (session);
}
int
main (int argc, char **argv)
{
SoupSession *session;
SoupMessage *msg;
const char *base_uri;
char *uri;
gboolean authenticated;
int i, ntests;
test_init (argc, argv, NULL);
apache_init ();
base_uri = "http://127.0.0.1:47524/";
/* Main tests */
current_tests = main_tests;
ntests = G_N_ELEMENTS (main_tests);
do_batch_tests (base_uri, ntests);
/* Re-login tests */
current_tests = relogin_tests;
ntests = G_N_ELEMENTS (relogin_tests);
do_batch_tests (base_uri, ntests);
/* And now for some regression tests */
loop = g_main_loop_new (NULL, TRUE);
debug_printf (1, "Testing pipelined auth (bug 271540):\n");
session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
authenticated = FALSE;
g_signal_connect (session, "authenticate",
G_CALLBACK (bug271540_authenticate), &authenticated);
uri = g_strconcat (base_uri, "Basic/realm1/", NULL);
for (i = 0; i < 10; i++) {
msg = soup_message_new (SOUP_METHOD_GET, uri);
g_object_set_data (G_OBJECT (msg), "#", GINT_TO_POINTER (i + 1));
g_signal_connect (msg, "wrote_headers",
G_CALLBACK (bug271540_sent), &authenticated);
soup_session_queue_message (session, msg,
bug271540_finished, &i);
}
g_free (uri);
g_main_loop_run (loop);
soup_test_session_abort_unref (session);
debug_printf (1, "\nTesting digest nonce expiration:\n");
/* We test two different things here:
*
* 1. If we get a 401 response with
* "WWW-Authenticate: Digest stale=true...", we should
* retry and succeed *without* the session asking for a
* password again.
*
* 2. If we get a successful response with
* "Authentication-Info: nextnonce=...", we should update
* the nonce automatically so as to avoid getting a
* stale nonce error on the next request.
*
* In our Apache config, /Digest/realm1 and
* /Digest/realm1/expire are set up to use the same auth info,
* but only the latter has an AuthDigestNonceLifetime (of 2
* seconds). The way nonces work in Apache, a nonce received
* from /Digest/realm1 will still expire in
* /Digest/realm1/expire, but it won't issue a nextnonce for a
* request in /Digest/realm1. This lets us test both
* behaviors.
*
* The expected conversation is:
*
* First message
* GET /Digest/realm1
*
* 401 Unauthorized
* WWW-Authenticate: Digest nonce=A
*
* [emit 'authenticate']
*
* GET /Digest/realm1
* Authorization: Digest nonce=A
*
* 200 OK
* [No Authentication-Info]
*
* [sleep 2 seconds: nonce A is no longer valid, but we have no
* way of knowing that]
*
* Second message
* GET /Digest/realm1/expire/
* Authorization: Digest nonce=A
*
* 401 Unauthorized
* WWW-Authenticate: Digest stale=true nonce=B
*
* GET /Digest/realm1/expire/
* Authorization: Digest nonce=B
*
* 200 OK
* Authentication-Info: nextnonce=C
*
* [sleep 1 second]
*
* Third message
* GET /Digest/realm1/expire/
* Authorization: Digest nonce=C
* [nonce=B would work here too]
*
* 200 OK
* Authentication-Info: nextnonce=D
*
* [sleep 1 second; nonces B and C are no longer valid, but D is]
*
* Fourth message
* GET /Digest/realm1/expire/
* Authorization: Digest nonce=D
*
* 200 OK
* Authentication-Info: nextnonce=D
*
*/
session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
uri = g_strconcat (base_uri, "Digest/realm1/", NULL);
do_digest_nonce_test (session, "First", uri, TRUE, TRUE);
g_free (uri);
sleep (2);
uri = g_strconcat (base_uri, "Digest/realm1/expire/", NULL);
do_digest_nonce_test (session, "Second", uri, TRUE, FALSE);
sleep (1);
do_digest_nonce_test (session, "Third", uri, FALSE, FALSE);
sleep (1);
do_digest_nonce_test (session, "Fourth", uri, FALSE, FALSE);
g_free (uri);
soup_test_session_abort_unref (session);
/* Async auth */
do_async_auth_test (base_uri);
/* Selecting correct auth when multiple auth types are available */
do_select_auth_test ();
g_main_loop_unref (loop);
test_cleanup ();
return errors != 0;
}
