[apt.git] / test / integration / test-authentication-basic

#!/bin/sh
set -e

TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework

setupenvironment
configarchitecture 'i386'

insertpackage 'unstable' 'foo' 'all' '1'
setupaptarchive --no-update

changetohttpswebserver --authorization="$(printf '%s' 'star:hunter2' | base64 )"

echo 'See, when YOU type hunter2, it shows to us as *******' > aptarchive/bash

testauthfailure() {
	testfailure apthelper download-file "${1}/bash" ./downloaded/bash
	# crappy test, but http and https output are wastely different…
	testsuccess grep 401 rootdir/tmp/testfailure.output
	testfailure test -s ./downloaded/bash
}

testauthsuccess() {
	testsuccess apthelper download-file "${1}/bash" ./downloaded/bash
	testfileequal ./downloaded/bash "$(cat aptarchive/bash)"
	testfilestats ./downloaded/bash '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644"
	rm -f ./downloaded/bash

	# lets see if got/retains acceptable permissions
	if [ -n "$AUTHCONF" ]; then
		if [ "$(id -u)" = '0' ]; then
			testfilestats "$AUTHCONF" '%U:%G:%a' '=' "_apt:root:600"
		else
			testfilestats "$AUTHCONF" '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:600"
		fi
	fi

	rm -rf rootdir/var/lib/apt/lists
	testsuccess aptget update
	testsuccessequal 'Reading package lists...
Building dependency tree...
The following NEW packages will be installed:
  foo
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Inst foo (1 unstable [all])
Conf foo (1 unstable [all])' aptget install foo -s
}

authfile() {
	local AUTHCONF='rootdir/etc/apt/auth.conf'
	rm -f "$AUTHCONF"
	printf '%s' "$1" > "$AUTHCONF"
	chmod 600 "$AUTHCONF"
}

runtest() {
	# unauthorized fails
	authfile ''
	testauthfailure "$1"

	# good auth
	authfile 'machine localhost
login star
password hunter2'
	testauthsuccess "$1"

	# bad auth
	authfile 'machine localhost
login anonymous
password hunter2'
	testauthfailure "$1"

	# 2 stanzas: unmatching + good auth
	authfile 'machine debian.org
login debian
password jessie

machine localhost
login star
password hunter2'
	testauthsuccess "$1"
}

msgmsg 'server basic auth'
rewritesourceslist 'http://localhost:8080'
runtest 'http://localhost:8080'
rewritesourceslist 'https://localhost:4433'
runtest 'https://localhost:4433'
rewritesourceslist 'http://localhost:8080'

msgmsg 'proxy to server basic auth'
webserverconfig 'aptwebserver::request::absolute' 'uri'
export http_proxy='http://localhost:8080'
runtest 'http://localhost:8080'
unset http_proxy

msgmsg 'proxy basic auth to server basic auth'
webserverconfig 'aptwebserver::proxy-authorization' "$(printf 'moon:deer2' | base64)"
export http_proxy='http://moon:deer2@localhost:8080'
runtest 'http://localhost:8080'

msgmsg 'proxy basic auth to server'
authfile ''
webserverconfig 'aptwebserver::authorization' ''
testauthsuccess 'http://localhost:8080'
Commit	Line	Data
b0314abb DK	1	#!/bin/sh
	2	set -e
	3
	4	TESTDIR=$(readlink -f $(dirname $0))
	5	. $TESTDIR/framework
	6
	7	setupenvironment
	8	configarchitecture 'i386'
	9
	10	insertpackage 'unstable' 'foo' 'all' '1'
	11	setupaptarchive --no-update
	12
	13	changetohttpswebserver --authorization="$(printf '%s' 'star:hunter2' \| base64 )"
	14
	15	echo 'See, when YOU type hunter2, it shows to us as *******' > aptarchive/bash
	16
	17	testauthfailure() {
	18	testfailure apthelper download-file "${1}/bash" ./downloaded/bash
	19	# crappy test, but http and https output are wastely different…
	20	testsuccess grep 401 rootdir/tmp/testfailure.output
e52aad52	21	testfailure test -s ./downloaded/bash
b0314abb DK	22	}
	23
	24	testauthsuccess() {
	25	testsuccess apthelper download-file "${1}/bash" ./downloaded/bash
	26	testfileequal ./downloaded/bash "$(cat aptarchive/bash)"
4bb006d1	27	testfilestats ./downloaded/bash '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644"
b0314abb DK	28	rm -f ./downloaded/bash
	29
	30	# lets see if got/retains acceptable permissions
	31	if [ -n "$AUTHCONF" ]; then
	32	if [ "$(id -u)" = '0' ]; then
	33	testfilestats "$AUTHCONF" '%U:%G:%a' '=' "_apt:root:600"
	34	else
4bb006d1	35	testfilestats "$AUTHCONF" '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:600"
b0314abb DK	36	fi
	37	fi
	38
	39	rm -rf rootdir/var/lib/apt/lists
	40	testsuccess aptget update
25b86db1	41	testsuccessequal 'Reading package lists...
b0314abb DK	42	Building dependency tree...
	43	The following NEW packages will be installed:
	44	foo
	45	0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
	46	Inst foo (1 unstable [all])
	47	Conf foo (1 unstable [all])' aptget install foo -s
	48	}
	49
	50	authfile() {
	51	local AUTHCONF='rootdir/etc/apt/auth.conf'
	52	rm -f "$AUTHCONF"
	53	printf '%s' "$1" > "$AUTHCONF"
	54	chmod 600 "$AUTHCONF"
	55	}
	56
	57	runtest() {
	58	# unauthorized fails
	59	authfile ''
	60	testauthfailure "$1"
	61
	62	# good auth
	63	authfile 'machine localhost
	64	login star
	65	password hunter2'
	66	testauthsuccess "$1"
	67
	68	# bad auth
	69	authfile 'machine localhost
	70	login anonymous
	71	password hunter2'
	72	testauthfailure "$1"
	73
	74	# 2 stanzas: unmatching + good auth
	75	authfile 'machine debian.org
	76	login debian
	77	password jessie
	78
	79	machine localhost
	80	login star
	81	password hunter2'
	82	testauthsuccess "$1"
	83	}
	84
	85	msgmsg 'server basic auth'
	86	rewritesourceslist 'http://localhost:8080'
	87	runtest 'http://localhost:8080'
	88	rewritesourceslist 'https://localhost:4433'
	89	runtest 'https://localhost:4433'
	90	rewritesourceslist 'http://localhost:8080'
	91
	92	msgmsg 'proxy to server basic auth'
	93	webserverconfig 'aptwebserver::request::absolute' 'uri'
	94	export http_proxy='http://localhost:8080'
	95	runtest 'http://localhost:8080'
	96	unset http_proxy
	97
	98	msgmsg 'proxy basic auth to server basic auth'
	99	webserverconfig 'aptwebserver::proxy-authorization' "$(printf 'moon:deer2' \| base64)"
	100	export http_proxy='http://moon:deer2@localhost:8080'
	101	runtest 'http://localhost:8080'
	102
	103	msgmsg 'proxy basic auth to server'
	104	authfile ''
	105	webserverconfig 'aptwebserver::authorization' ''
106	testauthsuccess 'http://localhost:8080'