[apt.git] / test / integration / test-authentication-basic

#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture 'i386'

insertpackage 'unstable' 'foo' 'all' '1'
setupaptarchive --no-update
exit

changetohttpswebserver --authorization="$(printf '%s' 'star:hunter2' | base64 )"

echo 'See, when YOU type hunter2, it shows to us as *******' > aptarchive/bash

testauthfailure() {
	testfailure apthelper download-file "${1}/bash" ./downloaded/bash
	# crappy test, but http and https output are wastely different…
	testsuccess grep 401 rootdir/tmp/testfailure.output
	testfailure test -s ./downloaded/bash
}

testauthsuccess() {
	testsuccess apthelper download-file "${1}/bash" ./downloaded/bash
	testfileequal ./downloaded/bash "$(cat aptarchive/bash)"
	testfilestats ./downloaded/bash '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644"
	rm -f ./downloaded/bash

	# lets see if got/retains acceptable permissions
	if [ -n "$AUTHCONF" ]; then
		if [ "$(id -u)" = '0' ]; then
			testfilestats "$AUTHCONF" '%U:%G:%a' '=' "_apt:root:600"
		else
			testfilestats "$AUTHCONF" '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:600"
		fi
	fi

	rm -rf rootdir/var/lib/apt/lists
	testsuccess aptget update
	testsuccessequal 'Reading package lists...
Building dependency tree...
The following NEW packages will be installed:
  foo
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Inst foo (1 unstable [all])
Conf foo (1 unstable [all])' aptget install foo -s
}

authfile() {
	local AUTHCONF='rootdir/etc/apt/auth.conf'
	rm -f "$AUTHCONF"
	printf '%s' "$1" > "$AUTHCONF"
	chmod 600 "$AUTHCONF"
}

runtest() {
	# unauthorized fails
	authfile ''
	testauthfailure "$1"

	# good auth
	authfile 'machine localhost
login star
password hunter2'
	testauthsuccess "$1"

	# bad auth
	authfile 'machine localhost
login anonymous
password hunter2'
	testauthfailure "$1"

	# 2 stanzas: unmatching + good auth
	authfile 'machine debian.org
login debian
password jessie

machine localhost
login star
password hunter2'
	testauthsuccess "$1"
}

msgmsg 'server basic auth'
rewritesourceslist "http://localhost:${APTHTTPPORT}"
runtest "http://localhost:${APTHTTPPORT}"
rewritesourceslist "https://localhost:${APTHTTPSPORT}"
runtest "https://localhost:${APTHTTPSPORT}"
rewritesourceslist "http://localhost:${APTHTTPPORT}"

msgmsg 'proxy to server basic auth'
webserverconfig 'aptwebserver::request::absolute' 'uri'
export http_proxy="http://localhost:${APTHTTPPORT}"
runtest "http://localhost:${APTHTTPPORT}"
unset http_proxy

msgmsg 'proxy basic auth to server basic auth'
webserverconfig 'aptwebserver::proxy-authorization' "$(printf 'moon:deer2' | base64)"
export http_proxy="http://moon:deer2@localhost:${APTHTTPPORT}"
runtest "http://localhost:${APTHTTPPORT}"

msgmsg 'proxy basic auth to server'
authfile ''
webserverconfig 'aptwebserver::authorization' ''
testauthsuccess "http://localhost:${APTHTTPPORT}"
Commit	Line	Data
b0314abb DK	1	#!/bin/sh
	2	set -e
	3
3abb6a6a DK	4	TESTDIR="$(readlink -f "$(dirname "$0")")"
3abb6a6a DK	5	. "$TESTDIR/framework"
b0314abb DK	6
	7	setupenvironment
	8	configarchitecture 'i386'
	9
	10	insertpackage 'unstable' 'foo' 'all' '1'
	11	setupaptarchive --no-update
87d6947d	12	exit
b0314abb DK	13
	14	changetohttpswebserver --authorization="$(printf '%s' 'star:hunter2' \| base64 )"
	15
	16	echo 'See, when YOU type hunter2, it shows to us as *******' > aptarchive/bash
	17
	18	testauthfailure() {
	19	testfailure apthelper download-file "${1}/bash" ./downloaded/bash
	20	# crappy test, but http and https output are wastely different…
	21	testsuccess grep 401 rootdir/tmp/testfailure.output
e52aad52	22	testfailure test -s ./downloaded/bash
b0314abb DK	23	}
	24
	25	testauthsuccess() {
	26	testsuccess apthelper download-file "${1}/bash" ./downloaded/bash
	27	testfileequal ./downloaded/bash "$(cat aptarchive/bash)"
4bb006d1	28	testfilestats ./downloaded/bash '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644"
b0314abb DK	29	rm -f ./downloaded/bash
	30
	31	# lets see if got/retains acceptable permissions
	32	if [ -n "$AUTHCONF" ]; then
	33	if [ "$(id -u)" = '0' ]; then
	34	testfilestats "$AUTHCONF" '%U:%G:%a' '=' "_apt:root:600"
	35	else
4bb006d1	36	testfilestats "$AUTHCONF" '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:600"
b0314abb DK	37	fi
	38	fi
	39
	40	rm -rf rootdir/var/lib/apt/lists
	41	testsuccess aptget update
25b86db1	42	testsuccessequal 'Reading package lists...
b0314abb DK	43	Building dependency tree...
	44	The following NEW packages will be installed:
	45	foo
	46	0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
	47	Inst foo (1 unstable [all])
	48	Conf foo (1 unstable [all])' aptget install foo -s
	49	}
	50
	51	authfile() {
	52	local AUTHCONF='rootdir/etc/apt/auth.conf'
	53	rm -f "$AUTHCONF"
	54	printf '%s' "$1" > "$AUTHCONF"
	55	chmod 600 "$AUTHCONF"
	56	}
	57
	58	runtest() {
	59	# unauthorized fails
	60	authfile ''
	61	testauthfailure "$1"
	62
	63	# good auth
	64	authfile 'machine localhost
	65	login star
	66	password hunter2'
	67	testauthsuccess "$1"
	68
	69	# bad auth
	70	authfile 'machine localhost
	71	login anonymous
	72	password hunter2'
	73	testauthfailure "$1"
	74
	75	# 2 stanzas: unmatching + good auth
	76	authfile 'machine debian.org
	77	login debian
	78	password jessie
	79
	80	machine localhost
	81	login star
	82	password hunter2'
	83	testauthsuccess "$1"
	84	}
	85
	86	msgmsg 'server basic auth'
6c0765c0 DK	87	rewritesourceslist "http://localhost:${APTHTTPPORT}"
	88	runtest "http://localhost:${APTHTTPPORT}"
	89	rewritesourceslist "https://localhost:${APTHTTPSPORT}"
	90	runtest "https://localhost:${APTHTTPSPORT}"
	91	rewritesourceslist "http://localhost:${APTHTTPPORT}"
b0314abb DK	92
	93	msgmsg 'proxy to server basic auth'
	94	webserverconfig 'aptwebserver::request::absolute' 'uri'
6c0765c0 DK	95	export http_proxy="http://localhost:${APTHTTPPORT}"
6c0765c0 DK	96	runtest "http://localhost:${APTHTTPPORT}"
b0314abb DK	97	unset http_proxy
	98
	99	msgmsg 'proxy basic auth to server basic auth'
	100	webserverconfig 'aptwebserver::proxy-authorization' "$(printf 'moon:deer2' \| base64)"
6c0765c0 DK	101	export http_proxy="http://moon:deer2@localhost:${APTHTTPPORT}"
6c0765c0 DK	102	runtest "http://localhost:${APTHTTPPORT}"
b0314abb DK	103
	104	msgmsg 'proxy basic auth to server'
	105	authfile ''
	106	webserverconfig 'aptwebserver::authorization' ''
6c0765c0	107	testauthsuccess "http://localhost:${APTHTTPPORT}"