1#!/usr/bin/env python3 2# -*- coding: utf-8 -*- 3#*************************************************************************** 4# _ _ ____ _ 5# Project ___| | | | _ \| | 6# / __| | | | |_) | | 7# | (__| |_| | _ <| |___ 8# \___|\___/|_| \_\_____| 9# 10# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 11# 12# This software is licensed as described in the file COPYING, which 13# you should have received as part of this distribution. The terms 14# are also available at https://curl.se/docs/copyright.html. 15# 16# You may opt to use, copy, modify, merge, publish, distribute and/or sell 17# copies of the Software, and permit persons to whom the Software is 18# furnished to do so, under the terms of the COPYING file. 19# 20# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21# KIND, either express or implied. 22# 23# SPDX-License-Identifier: curl 24# 25########################################################################### 26# 27import difflib 28import filecmp 29import logging 30import os 31import pytest 32 33from testenv import Env, CurlClient, LocalClient 34 35 36log = logging.getLogger(__name__) 37 38 39class TestAuth: 40 41 @pytest.fixture(autouse=True, scope='class') 42 def _class_scope(self, env, httpd, nghttpx): 43 if env.have_h3(): 44 nghttpx.start_if_needed() 45 env.make_data_file(indir=env.gen_dir, fname="data-10m", fsize=10*1024*1024) 46 httpd.clear_extra_configs() 47 httpd.reload() 48 49 # download 1 file, not authenticated 50 @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3']) 51 def test_14_01_digest_get_noauth(self, env: Env, httpd, nghttpx, repeat, proto): 52 if proto == 'h3' and not env.have_h3(): 53 pytest.skip("h3 not supported") 54 curl = CurlClient(env=env) 55 url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json' 56 r = curl.http_download(urls=[url], alpn_proto=proto) 57 r.check_response(http_status=401) 58 59 # download 1 file, authenticated 60 @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3']) 61 def test_14_02_digest_get_auth(self, env: Env, httpd, nghttpx, repeat, proto): 62 if proto == 'h3' and not env.have_h3(): 63 pytest.skip("h3 not supported") 64 curl = CurlClient(env=env) 65 url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json' 66 r = curl.http_download(urls=[url], alpn_proto=proto, extra_args=[ 67 '--digest', '--user', 'test:test' 68 ]) 69 r.check_response(http_status=200) 70 71 # PUT data, authenticated 72 @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3']) 73 def test_14_03_digest_put_auth(self, env: Env, httpd, nghttpx, repeat, proto): 74 if proto == 'h3' and not env.have_h3(): 75 pytest.skip("h3 not supported") 76 data='0123456789' 77 curl = CurlClient(env=env) 78 url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json' 79 r = curl.http_upload(urls=[url], data=data, alpn_proto=proto, extra_args=[ 80 '--digest', '--user', 'test:test' 81 ]) 82 r.check_response(http_status=200) 83 84 # PUT data, digest auth large pw 85 @pytest.mark.parametrize("proto", ['h2', 'h3']) 86 def test_14_04_digest_large_pw(self, env: Env, httpd, nghttpx, repeat, proto): 87 if proto == 'h3' and not env.have_h3(): 88 pytest.skip("h3 not supported") 89 data='0123456789' 90 password = 'x' * 65535 91 curl = CurlClient(env=env) 92 url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json' 93 r = curl.http_upload(urls=[url], data=data, alpn_proto=proto, extra_args=[ 94 '--digest', '--user', f'test:{password}', 95 '--trace-config', 'http/2,http/3' 96 ]) 97 # digest does not submit the password, but a hash of it, so all 98 # works and, since the pw is not correct, we get a 401 99 r.check_response(http_status=401) 100 101 # PUT data, basic auth large pw 102 @pytest.mark.parametrize("proto", ['h2', 'h3']) 103 def test_14_05_basic_large_pw(self, env: Env, httpd, nghttpx, repeat, proto): 104 if proto == 'h3' and not env.have_h3(): 105 pytest.skip("h3 not supported") 106 if proto == 'h3' and not env.curl_uses_lib('ngtcp2'): 107 # See <https://github.com/cloudflare/quiche/issues/1573> 108 pytest.skip("quiche/openssl-quic have problems with large requests") 109 # just large enough that nghttp2 will submit 110 password = 'x' * (47 * 1024) 111 fdata = os.path.join(env.gen_dir, 'data-10m') 112 curl = CurlClient(env=env) 113 url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json' 114 r = curl.http_upload(urls=[url], data=f'@{fdata}', alpn_proto=proto, extra_args=[ 115 '--basic', '--user', f'test:{password}', 116 '--trace-config', 'http/2,http/3' 117 ]) 118 # but apache denies on length limit 119 r.check_response(http_status=431) 120 121 # PUT data, basic auth with very large pw 122 @pytest.mark.parametrize("proto", ['h2', 'h3']) 123 def test_14_06_basic_very_large_pw(self, env: Env, httpd, nghttpx, repeat, proto): 124 if proto == 'h3' and not env.have_h3(): 125 pytest.skip("h3 not supported") 126 if proto == 'h3' and env.curl_uses_lib('quiche'): 127 # See <https://github.com/cloudflare/quiche/issues/1573> 128 pytest.skip("quiche has problems with large requests") 129 password = 'x' * (64 * 1024) 130 fdata = os.path.join(env.gen_dir, 'data-10m') 131 curl = CurlClient(env=env) 132 url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json' 133 r = curl.http_upload(urls=[url], data=f'@{fdata}', alpn_proto=proto, extra_args=[ 134 '--basic', '--user', f'test:{password}' 135 ]) 136 # Depending on protocol, we might have an error sending or 137 # the server might shutdown the connection and we see the error 138 # on receiving 139 assert r.exit_code in [55, 56], f'{self.dump_logs()}' 140