2010-11-13 22:51:09 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
2010-11-20 19:47:35 +00:00
|
|
|
* DigestAuthenticationTest file
|
2010-11-13 22:51:09 +00:00
|
|
|
*
|
|
|
|
|
* PHP 5
|
|
|
|
|
*
|
|
|
|
|
* CakePHP(tm) Tests <http://book.cakephp.org/view/1196/Testing>
|
|
|
|
|
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
|
|
|
|
|
*
|
|
|
|
|
* Licensed under The MIT License
|
|
|
|
|
* Redistributions of files must retain the above copyright notice
|
|
|
|
|
*
|
|
|
|
|
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
|
|
|
|
|
* @link http://book.cakephp.org/view/1196/Testing CakePHP(tm) Tests
|
2010-12-24 18:57:20 +00:00
|
|
|
* @package cake.tests.cases.libs.http
|
2010-11-13 22:51:09 +00:00
|
|
|
* @since CakePHP(tm) v 2.0.0
|
|
|
|
|
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
|
|
|
|
|
*/
|
|
|
|
|
|
2011-02-22 04:34:21 +00:00
|
|
|
App::uses('HttpSocket', 'Network/Http');
|
|
|
|
|
App::uses('DigestAuthentication', 'Network/Http');
|
2010-11-13 22:51:09 +00:00
|
|
|
|
|
|
|
|
class DigestHttpSocket extends HttpSocket {
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* nextHeader attribute
|
|
|
|
|
*
|
|
|
|
|
* @var string
|
|
|
|
|
*/
|
|
|
|
|
public $nextHeader = '';
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* request method
|
|
|
|
|
*
|
|
|
|
|
* @param mixed $request
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function request($request) {
|
2010-11-24 23:14:52 +00:00
|
|
|
if ($request === false) {
|
|
|
|
|
if (isset($this->response['header']['WWW-Authenticate'])) {
|
|
|
|
|
unset($this->response['header']['WWW-Authenticate']);
|
|
|
|
|
}
|
|
|
|
|
return;
|
|
|
|
|
}
|
2010-11-13 23:47:25 +00:00
|
|
|
$this->response['header']['WWW-Authenticate'] = $this->nextHeader;
|
2010-11-13 22:51:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2010-11-20 19:47:35 +00:00
|
|
|
* DigestAuthenticationTest class
|
2010-11-13 22:51:09 +00:00
|
|
|
*
|
2010-12-24 18:57:20 +00:00
|
|
|
* @package cake.tests.cases.libs.http
|
2010-11-13 22:51:09 +00:00
|
|
|
*/
|
2010-11-20 19:47:35 +00:00
|
|
|
class DigestAuthenticationTest extends CakeTestCase {
|
2010-11-13 22:51:09 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Socket property
|
|
|
|
|
*
|
|
|
|
|
* @var mixed null
|
|
|
|
|
*/
|
|
|
|
|
public $HttpSocket = null;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This function sets up a HttpSocket instance we are going to use for testing
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function setUp() {
|
|
|
|
|
$this->HttpSocket = new DigestHttpSocket();
|
|
|
|
|
$this->HttpSocket->request['method'] = 'GET';
|
|
|
|
|
$this->HttpSocket->request['uri']['path'] = '/';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* We use this function to clean up after the test case was executed
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
function tearDown() {
|
|
|
|
|
unset($this->HttpSocket);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* testBasic method
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function testBasic() {
|
|
|
|
|
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51"';
|
|
|
|
|
$this->assertFalse(isset($this->HttpSocket->request['header']['Authorization']));
|
2010-12-03 23:57:15 +00:00
|
|
|
|
|
|
|
|
$auth = array('user' => 'admin', 'pass' => '1234');
|
|
|
|
|
DigestAuthentication::authentication($this->HttpSocket, $auth);
|
2010-11-13 22:51:09 +00:00
|
|
|
$this->assertTrue(isset($this->HttpSocket->request['header']['Authorization']));
|
2010-12-03 23:57:15 +00:00
|
|
|
$this->assertEqual($auth['realm'], 'The batcave');
|
|
|
|
|
$this->assertEqual($auth['nonce'], '4cded326c6c51');
|
2010-11-13 22:51:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* testQop method
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function testQop() {
|
|
|
|
|
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51"';
|
2010-12-03 23:57:15 +00:00
|
|
|
$auth = array('user' => 'admin', 'pass' => '1234');
|
|
|
|
|
DigestAuthentication::authentication($this->HttpSocket, $auth);
|
2010-11-13 22:51:09 +00:00
|
|
|
$expected = 'Digest username="admin", realm="The batcave", nonce="4cded326c6c51", uri="/", response="da7e2a46b471d77f70a9bb3698c8902b"';
|
|
|
|
|
$this->assertEqual($expected, $this->HttpSocket->request['header']['Authorization']);
|
2010-12-03 23:57:15 +00:00
|
|
|
$this->assertFalse(isset($auth['qop']));
|
|
|
|
|
$this->assertFalse(isset($auth['nc']));
|
2010-11-13 22:51:09 +00:00
|
|
|
|
|
|
|
|
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51",qop="auth"';
|
2010-12-03 23:57:15 +00:00
|
|
|
$auth = array('user' => 'admin', 'pass' => '1234');
|
|
|
|
|
DigestAuthentication::authentication($this->HttpSocket, $auth);
|
2010-11-13 22:51:09 +00:00
|
|
|
$expected = '@Digest username="admin", realm="The batcave", nonce="4cded326c6c51", uri="/", response="[a-z0-9]{32}", qop="auth", nc=00000001, cnonce="[a-z0-9]+"@';
|
|
|
|
|
$this->assertPattern($expected, $this->HttpSocket->request['header']['Authorization']);
|
2010-12-03 23:57:15 +00:00
|
|
|
$this->assertEqual($auth['qop'], 'auth');
|
|
|
|
|
$this->assertEqual($auth['nc'], 2);
|
2010-11-13 22:51:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* testOpaque method
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function testOpaque() {
|
|
|
|
|
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51"';
|
2010-12-03 23:57:15 +00:00
|
|
|
$auth = array('user' => 'admin', 'pass' => '1234');
|
|
|
|
|
DigestAuthentication::authentication($this->HttpSocket, $auth);
|
2010-11-13 22:51:09 +00:00
|
|
|
$this->assertFalse(strpos($this->HttpSocket->request['header']['Authorization'], 'opaque="d8ea7aa61a1693024c4cc3a516f49b3c"'));
|
|
|
|
|
|
|
|
|
|
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51",opaque="d8ea7aa61a1693024c4cc3a516f49b3c"';
|
2010-12-03 23:57:15 +00:00
|
|
|
$auth = array('user' => 'admin', 'pass' => '1234');
|
|
|
|
|
DigestAuthentication::authentication($this->HttpSocket, $auth);
|
2010-11-13 22:51:09 +00:00
|
|
|
$this->assertTrue(strpos($this->HttpSocket->request['header']['Authorization'], 'opaque="d8ea7aa61a1693024c4cc3a516f49b3c"') > 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* testMultipleRequest method
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function testMultipleRequest() {
|
|
|
|
|
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51",qop="auth"';
|
2010-12-03 23:57:15 +00:00
|
|
|
$auth = array('user' => 'admin', 'pass' => '1234');
|
|
|
|
|
DigestAuthentication::authentication($this->HttpSocket, $auth);
|
2010-11-13 22:51:09 +00:00
|
|
|
$this->assertTrue(strpos($this->HttpSocket->request['header']['Authorization'], 'nc=00000001') > 0);
|
2010-12-03 23:57:15 +00:00
|
|
|
$this->assertEqual($auth['nc'], 2);
|
2010-11-13 22:51:09 +00:00
|
|
|
|
2010-12-03 23:57:15 +00:00
|
|
|
DigestAuthentication::authentication($this->HttpSocket, $auth);
|
2010-11-13 22:51:09 +00:00
|
|
|
$this->assertTrue(strpos($this->HttpSocket->request['header']['Authorization'], 'nc=00000002') > 0);
|
2010-12-03 23:57:15 +00:00
|
|
|
$this->assertEqual($auth['nc'], 3);
|
2010-11-13 22:51:09 +00:00
|
|
|
$responsePos = strpos($this->HttpSocket->request['header']['Authorization'], 'response=');
|
|
|
|
|
$response = substr($this->HttpSocket->request['header']['Authorization'], $responsePos + 10, 32);
|
|
|
|
|
|
|
|
|
|
$this->HttpSocket->nextHeader = '';
|
2010-12-03 23:57:15 +00:00
|
|
|
DigestAuthentication::authentication($this->HttpSocket, $auth);
|
2010-11-13 22:51:09 +00:00
|
|
|
$this->assertTrue(strpos($this->HttpSocket->request['header']['Authorization'], 'nc=00000003') > 0);
|
2010-12-03 23:57:15 +00:00
|
|
|
$this->assertEqual($auth['nc'], 4);
|
2010-11-13 22:51:09 +00:00
|
|
|
$responsePos = strpos($this->HttpSocket->request['header']['Authorization'], 'response=');
|
|
|
|
|
$response2 = substr($this->HttpSocket->request['header']['Authorization'], $responsePos + 10, 32);
|
|
|
|
|
$this->assertNotEqual($response, $response2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* testPathChanged method
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function testPathChanged() {
|
|
|
|
|
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51"';
|
|
|
|
|
$this->HttpSocket->request['uri']['path'] = '/admin';
|
2010-12-03 23:57:15 +00:00
|
|
|
$auth = array('user' => 'admin', 'pass' => '1234');
|
|
|
|
|
DigestAuthentication::authentication($this->HttpSocket, $auth);
|
2010-11-13 22:51:09 +00:00
|
|
|
$responsePos = strpos($this->HttpSocket->request['header']['Authorization'], 'response=');
|
|
|
|
|
$response = substr($this->HttpSocket->request['header']['Authorization'], $responsePos + 10, 32);
|
|
|
|
|
$this->assertNotEqual($response, 'da7e2a46b471d77f70a9bb3698c8902b');
|
|
|
|
|
}
|
|
|
|
|
|
2010-11-24 23:14:52 +00:00
|
|
|
/**
|
|
|
|
|
* testNoDigestResponse method
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function testNoDigestResponse() {
|
|
|
|
|
$this->HttpSocket->nextHeader = false;
|
|
|
|
|
$this->HttpSocket->request['uri']['path'] = '/admin';
|
2010-12-03 23:57:15 +00:00
|
|
|
$auth = array('user' => 'admin', 'pass' => '1234');
|
|
|
|
|
DigestAuthentication::authentication($this->HttpSocket, $auth);
|
2010-11-24 23:14:52 +00:00
|
|
|
$this->assertFalse(isset($this->HttpSocket->request['header']['Authorization']));
|
|
|
|
|
}
|
|
|
|
|
|
2010-11-13 22:51:09 +00:00
|
|
|
}
|
