xref: /aosp_15_r20/external/curl/tests/http/test_14_auth.py (revision 6236dae45794135f37c4eb022389c904c8b0090d) 
1*6236dae4SAndroid Build Coastguard Worker#!/usr/bin/env python3
2*6236dae4SAndroid Build Coastguard Worker# -*- coding: utf-8 -*-
3*6236dae4SAndroid Build Coastguard Worker#***************************************************************************
4*6236dae4SAndroid Build Coastguard Worker#                                  _   _ ____  _
5*6236dae4SAndroid Build Coastguard Worker#  Project                     ___| | | |  _ \| |
6*6236dae4SAndroid Build Coastguard Worker#                             / __| | | | |_) | |
7*6236dae4SAndroid Build Coastguard Worker#                            | (__| |_| |  _ <| |___
8*6236dae4SAndroid Build Coastguard Worker#                             \___|\___/|_| \_\_____|
9*6236dae4SAndroid Build Coastguard Worker#
10*6236dae4SAndroid Build Coastguard Worker# Copyright (C) Daniel Stenberg, <[email protected]>, et al.
11*6236dae4SAndroid Build Coastguard Worker#
12*6236dae4SAndroid Build Coastguard Worker# This software is licensed as described in the file COPYING, which
13*6236dae4SAndroid Build Coastguard Worker# you should have received as part of this distribution. The terms
14*6236dae4SAndroid Build Coastguard Worker# are also available at https://curl.se/docs/copyright.html.
15*6236dae4SAndroid Build Coastguard Worker#
16*6236dae4SAndroid Build Coastguard Worker# You may opt to use, copy, modify, merge, publish, distribute and/or sell
17*6236dae4SAndroid Build Coastguard Worker# copies of the Software, and permit persons to whom the Software is
18*6236dae4SAndroid Build Coastguard Worker# furnished to do so, under the terms of the COPYING file.
19*6236dae4SAndroid Build Coastguard Worker#
20*6236dae4SAndroid Build Coastguard Worker# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21*6236dae4SAndroid Build Coastguard Worker# KIND, either express or implied.
22*6236dae4SAndroid Build Coastguard Worker#
23*6236dae4SAndroid Build Coastguard Worker# SPDX-License-Identifier: curl
24*6236dae4SAndroid Build Coastguard Worker#
25*6236dae4SAndroid Build Coastguard Worker###########################################################################
26*6236dae4SAndroid Build Coastguard Worker#
27*6236dae4SAndroid Build Coastguard Workerimport logging
28*6236dae4SAndroid Build Coastguard Workerimport os
29*6236dae4SAndroid Build Coastguard Workerimport pytest
30*6236dae4SAndroid Build Coastguard Worker
31*6236dae4SAndroid Build Coastguard Workerfrom testenv import Env, CurlClient
32*6236dae4SAndroid Build Coastguard Worker
33*6236dae4SAndroid Build Coastguard Worker
34*6236dae4SAndroid Build Coastguard Workerlog = logging.getLogger(__name__)
35*6236dae4SAndroid Build Coastguard Worker
36*6236dae4SAndroid Build Coastguard Worker
37*6236dae4SAndroid Build Coastguard Workerclass TestAuth:
38*6236dae4SAndroid Build Coastguard Worker
39*6236dae4SAndroid Build Coastguard Worker    @pytest.fixture(autouse=True, scope='class')
40*6236dae4SAndroid Build Coastguard Worker    def _class_scope(self, env, httpd, nghttpx):
41*6236dae4SAndroid Build Coastguard Worker        if env.have_h3():
42*6236dae4SAndroid Build Coastguard Worker            nghttpx.start_if_needed()
43*6236dae4SAndroid Build Coastguard Worker        env.make_data_file(indir=env.gen_dir, fname="data-10m", fsize=10*1024*1024)
44*6236dae4SAndroid Build Coastguard Worker        httpd.clear_extra_configs()
45*6236dae4SAndroid Build Coastguard Worker        httpd.reload()
46*6236dae4SAndroid Build Coastguard Worker
47*6236dae4SAndroid Build Coastguard Worker    # download 1 file, not authenticated
48*6236dae4SAndroid Build Coastguard Worker    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
49*6236dae4SAndroid Build Coastguard Worker    def test_14_01_digest_get_noauth(self, env: Env, httpd, nghttpx, repeat, proto):
50*6236dae4SAndroid Build Coastguard Worker        if proto == 'h3' and not env.have_h3():
51*6236dae4SAndroid Build Coastguard Worker            pytest.skip("h3 not supported")
52*6236dae4SAndroid Build Coastguard Worker        curl = CurlClient(env=env)
53*6236dae4SAndroid Build Coastguard Worker        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
54*6236dae4SAndroid Build Coastguard Worker        r = curl.http_download(urls=[url], alpn_proto=proto)
55*6236dae4SAndroid Build Coastguard Worker        r.check_response(http_status=401)
56*6236dae4SAndroid Build Coastguard Worker
57*6236dae4SAndroid Build Coastguard Worker    # download 1 file, authenticated
58*6236dae4SAndroid Build Coastguard Worker    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
59*6236dae4SAndroid Build Coastguard Worker    def test_14_02_digest_get_auth(self, env: Env, httpd, nghttpx, repeat, proto):
60*6236dae4SAndroid Build Coastguard Worker        if proto == 'h3' and not env.have_h3():
61*6236dae4SAndroid Build Coastguard Worker            pytest.skip("h3 not supported")
62*6236dae4SAndroid Build Coastguard Worker        curl = CurlClient(env=env)
63*6236dae4SAndroid Build Coastguard Worker        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
64*6236dae4SAndroid Build Coastguard Worker        r = curl.http_download(urls=[url], alpn_proto=proto, extra_args=[
65*6236dae4SAndroid Build Coastguard Worker            '--digest', '--user', 'test:test'
66*6236dae4SAndroid Build Coastguard Worker        ])
67*6236dae4SAndroid Build Coastguard Worker        r.check_response(http_status=200)
68*6236dae4SAndroid Build Coastguard Worker
69*6236dae4SAndroid Build Coastguard Worker    # PUT data, authenticated
70*6236dae4SAndroid Build Coastguard Worker    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
71*6236dae4SAndroid Build Coastguard Worker    def test_14_03_digest_put_auth(self, env: Env, httpd, nghttpx, repeat, proto):
72*6236dae4SAndroid Build Coastguard Worker        if proto == 'h3' and not env.have_h3():
73*6236dae4SAndroid Build Coastguard Worker            pytest.skip("h3 not supported")
74*6236dae4SAndroid Build Coastguard Worker        data='0123456789'
75*6236dae4SAndroid Build Coastguard Worker        curl = CurlClient(env=env)
76*6236dae4SAndroid Build Coastguard Worker        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
77*6236dae4SAndroid Build Coastguard Worker        r = curl.http_upload(urls=[url], data=data, alpn_proto=proto, extra_args=[
78*6236dae4SAndroid Build Coastguard Worker            '--digest', '--user', 'test:test'
79*6236dae4SAndroid Build Coastguard Worker        ])
80*6236dae4SAndroid Build Coastguard Worker        r.check_response(http_status=200)
81*6236dae4SAndroid Build Coastguard Worker
82*6236dae4SAndroid Build Coastguard Worker    # PUT data, digest auth large pw
83*6236dae4SAndroid Build Coastguard Worker    @pytest.mark.parametrize("proto", ['h2', 'h3'])
84*6236dae4SAndroid Build Coastguard Worker    def test_14_04_digest_large_pw(self, env: Env, httpd, nghttpx, repeat, proto):
85*6236dae4SAndroid Build Coastguard Worker        if proto == 'h3' and not env.have_h3():
86*6236dae4SAndroid Build Coastguard Worker            pytest.skip("h3 not supported")
87*6236dae4SAndroid Build Coastguard Worker        data='0123456789'
88*6236dae4SAndroid Build Coastguard Worker        password = 'x' * 65535
89*6236dae4SAndroid Build Coastguard Worker        curl = CurlClient(env=env)
90*6236dae4SAndroid Build Coastguard Worker        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
91*6236dae4SAndroid Build Coastguard Worker        r = curl.http_upload(urls=[url], data=data, alpn_proto=proto, extra_args=[
92*6236dae4SAndroid Build Coastguard Worker            '--digest', '--user', f'test:{password}',
93*6236dae4SAndroid Build Coastguard Worker            '--trace-config', 'http/2,http/3'
94*6236dae4SAndroid Build Coastguard Worker        ])
95*6236dae4SAndroid Build Coastguard Worker        # digest does not submit the password, but a hash of it, so all
96*6236dae4SAndroid Build Coastguard Worker        # works and, since the pw is not correct, we get a 401
97*6236dae4SAndroid Build Coastguard Worker        r.check_response(http_status=401)
98*6236dae4SAndroid Build Coastguard Worker
99*6236dae4SAndroid Build Coastguard Worker    # PUT data, basic auth large pw
100*6236dae4SAndroid Build Coastguard Worker    @pytest.mark.parametrize("proto", ['h2', 'h3'])
101*6236dae4SAndroid Build Coastguard Worker    def test_14_05_basic_large_pw(self, env: Env, httpd, nghttpx, repeat, proto):
102*6236dae4SAndroid Build Coastguard Worker        if proto == 'h3' and not env.have_h3():
103*6236dae4SAndroid Build Coastguard Worker            pytest.skip("h3 not supported")
104*6236dae4SAndroid Build Coastguard Worker        if proto == 'h3' and not env.curl_uses_lib('ngtcp2'):
105*6236dae4SAndroid Build Coastguard Worker            # See <https://github.com/cloudflare/quiche/issues/1573>
106*6236dae4SAndroid Build Coastguard Worker            pytest.skip("quiche/openssl-quic have problems with large requests")
107*6236dae4SAndroid Build Coastguard Worker        # just large enough that nghttp2 will submit
108*6236dae4SAndroid Build Coastguard Worker        password = 'x' * (47 * 1024)
109*6236dae4SAndroid Build Coastguard Worker        fdata = os.path.join(env.gen_dir, 'data-10m')
110*6236dae4SAndroid Build Coastguard Worker        curl = CurlClient(env=env)
111*6236dae4SAndroid Build Coastguard Worker        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
112*6236dae4SAndroid Build Coastguard Worker        r = curl.http_upload(urls=[url], data=f'@{fdata}', alpn_proto=proto, extra_args=[
113*6236dae4SAndroid Build Coastguard Worker            '--basic', '--user', f'test:{password}',
114*6236dae4SAndroid Build Coastguard Worker            '--trace-config', 'http/2,http/3'
115*6236dae4SAndroid Build Coastguard Worker        ])
116*6236dae4SAndroid Build Coastguard Worker        # but apache denies on length limit
117*6236dae4SAndroid Build Coastguard Worker        r.check_response(http_status=431)
118*6236dae4SAndroid Build Coastguard Worker
119*6236dae4SAndroid Build Coastguard Worker    # PUT data, basic auth with very large pw
120*6236dae4SAndroid Build Coastguard Worker    @pytest.mark.parametrize("proto", ['h2', 'h3'])
121*6236dae4SAndroid Build Coastguard Worker    def test_14_06_basic_very_large_pw(self, env: Env, httpd, nghttpx, repeat, proto):
122*6236dae4SAndroid Build Coastguard Worker        if proto == 'h3' and not env.have_h3():
123*6236dae4SAndroid Build Coastguard Worker            pytest.skip("h3 not supported")
124*6236dae4SAndroid Build Coastguard Worker        if proto == 'h3' and env.curl_uses_lib('quiche'):
125*6236dae4SAndroid Build Coastguard Worker            # See <https://github.com/cloudflare/quiche/issues/1573>
126*6236dae4SAndroid Build Coastguard Worker            pytest.skip("quiche has problems with large requests")
127*6236dae4SAndroid Build Coastguard Worker        password = 'x' * (64 * 1024)
128*6236dae4SAndroid Build Coastguard Worker        fdata = os.path.join(env.gen_dir, 'data-10m')
129*6236dae4SAndroid Build Coastguard Worker        curl = CurlClient(env=env)
130*6236dae4SAndroid Build Coastguard Worker        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
131*6236dae4SAndroid Build Coastguard Worker        r = curl.http_upload(urls=[url], data=f'@{fdata}', alpn_proto=proto, extra_args=[
132*6236dae4SAndroid Build Coastguard Worker            '--basic', '--user', f'test:{password}'
133*6236dae4SAndroid Build Coastguard Worker        ])
134*6236dae4SAndroid Build Coastguard Worker        # Depending on protocol, we might have an error sending or
135*6236dae4SAndroid Build Coastguard Worker        # the server might shutdown the connection and we see the error
136*6236dae4SAndroid Build Coastguard Worker        # on receiving
137*6236dae4SAndroid Build Coastguard Worker        assert r.exit_code in [55, 56], f'{self.dump_logs()}'
138