xref: /curl/tests/http/test_14_auth.py (revision fa0ccd9f)
1#!/usr/bin/env python3
2# -*- coding: utf-8 -*-
3#***************************************************************************
4#                                  _   _ ____  _
5#  Project                     ___| | | |  _ \| |
6#                             / __| | | | |_) | |
7#                            | (__| |_| |  _ <| |___
8#                             \___|\___/|_| \_\_____|
9#
10# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
11#
12# This software is licensed as described in the file COPYING, which
13# you should have received as part of this distribution. The terms
14# are also available at https://curl.se/docs/copyright.html.
15#
16# You may opt to use, copy, modify, merge, publish, distribute and/or sell
17# copies of the Software, and permit persons to whom the Software is
18# furnished to do so, under the terms of the COPYING file.
19#
20# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21# KIND, either express or implied.
22#
23# SPDX-License-Identifier: curl
24#
25###########################################################################
26#
27import logging
28import os
29import pytest
30
31from testenv import Env, CurlClient
32
33
34log = logging.getLogger(__name__)
35
36
37class TestAuth:
38
39    @pytest.fixture(autouse=True, scope='class')
40    def _class_scope(self, env, httpd, nghttpx):
41        if env.have_h3():
42            nghttpx.start_if_needed()
43        env.make_data_file(indir=env.gen_dir, fname="data-10m", fsize=10*1024*1024)
44        httpd.clear_extra_configs()
45        httpd.reload()
46
47    # download 1 file, not authenticated
48    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
49    def test_14_01_digest_get_noauth(self, env: Env, httpd, nghttpx, repeat, proto):
50        if proto == 'h3' and not env.have_h3():
51            pytest.skip("h3 not supported")
52        curl = CurlClient(env=env)
53        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
54        r = curl.http_download(urls=[url], alpn_proto=proto)
55        r.check_response(http_status=401)
56
57    # download 1 file, authenticated
58    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
59    def test_14_02_digest_get_auth(self, env: Env, httpd, nghttpx, repeat, proto):
60        if proto == 'h3' and not env.have_h3():
61            pytest.skip("h3 not supported")
62        curl = CurlClient(env=env)
63        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
64        r = curl.http_download(urls=[url], alpn_proto=proto, extra_args=[
65            '--digest', '--user', 'test:test'
66        ])
67        r.check_response(http_status=200)
68
69    # PUT data, authenticated
70    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
71    def test_14_03_digest_put_auth(self, env: Env, httpd, nghttpx, repeat, proto):
72        if proto == 'h3' and not env.have_h3():
73            pytest.skip("h3 not supported")
74        data='0123456789'
75        curl = CurlClient(env=env)
76        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
77        r = curl.http_upload(urls=[url], data=data, alpn_proto=proto, extra_args=[
78            '--digest', '--user', 'test:test'
79        ])
80        r.check_response(http_status=200)
81
82    # PUT data, digest auth large pw
83    @pytest.mark.parametrize("proto", ['h2', 'h3'])
84    def test_14_04_digest_large_pw(self, env: Env, httpd, nghttpx, repeat, proto):
85        if proto == 'h3' and not env.have_h3():
86            pytest.skip("h3 not supported")
87        data='0123456789'
88        password = 'x' * 65535
89        curl = CurlClient(env=env)
90        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
91        r = curl.http_upload(urls=[url], data=data, alpn_proto=proto, extra_args=[
92            '--digest', '--user', f'test:{password}',
93            '--trace-config', 'http/2,http/3'
94        ])
95        # digest does not submit the password, but a hash of it, so all
96        # works and, since the pw is not correct, we get a 401
97        r.check_response(http_status=401)
98
99    # PUT data, basic auth large pw
100    @pytest.mark.parametrize("proto", ['h2', 'h3'])
101    def test_14_05_basic_large_pw(self, env: Env, httpd, nghttpx, repeat, proto):
102        if proto == 'h3' and not env.have_h3():
103            pytest.skip("h3 not supported")
104        if proto == 'h3' and not env.curl_uses_lib('ngtcp2'):
105            # See <https://github.com/cloudflare/quiche/issues/1573>
106            pytest.skip("quiche/openssl-quic have problems with large requests")
107        # just large enough that nghttp2 will submit
108        password = 'x' * (47 * 1024)
109        fdata = os.path.join(env.gen_dir, 'data-10m')
110        curl = CurlClient(env=env)
111        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
112        r = curl.http_upload(urls=[url], data=f'@{fdata}', alpn_proto=proto, extra_args=[
113            '--basic', '--user', f'test:{password}',
114            '--trace-config', 'http/2,http/3'
115        ])
116        # but apache denies on length limit
117        r.check_response(http_status=431)
118
119    # PUT data, basic auth with very large pw
120    @pytest.mark.parametrize("proto", ['h2', 'h3'])
121    def test_14_06_basic_very_large_pw(self, env: Env, httpd, nghttpx, repeat, proto):
122        if proto == 'h3' and not env.have_h3():
123            pytest.skip("h3 not supported")
124        if proto == 'h3' and env.curl_uses_lib('quiche'):
125            # See <https://github.com/cloudflare/quiche/issues/1573>
126            pytest.skip("quiche has problems with large requests")
127        password = 'x' * (64 * 1024)
128        fdata = os.path.join(env.gen_dir, 'data-10m')
129        curl = CurlClient(env=env)
130        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
131        r = curl.http_upload(urls=[url], data=f'@{fdata}', alpn_proto=proto, extra_args=[
132            '--basic', '--user', f'test:{password}'
133        ])
134        # Depending on protocol, we might have an error sending or
135        # the server might shutdown the connection and we see the error
136        # on receiving
137        assert r.exit_code in [55, 56], f'{r.dump_logs()}'
138