aboutsummaryrefslogtreecommitdiff
path: root/tests/data/test1229
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2013-05-27 19:45:12 +0200
committerDaniel Stenberg <daniel@haxx.se>2013-05-27 19:45:12 +0200
commitac419bf562c4196f819edd124be82da96f81ba95 (patch)
treee0e69e15ac568893f31a59b1db2d186580f85271 /tests/data/test1229
parent520833cbe1601feed1c6473bd28c4c894e7ee63e (diff)
Digest auth: escape user names with \ or " in them
When sending the HTTP Authorization: header for digest, the user name needs to be escaped if it contains a double-quote or backslash. Test 1229 was added to verify Reported and fixed by: Nach M. S Bug: http://curl.haxx.se/bug/view.cgi?id=1230
Diffstat (limited to 'tests/data/test1229')
-rw-r--r--tests/data/test122982
1 files changed, 82 insertions, 0 deletions
diff --git a/tests/data/test1229 b/tests/data/test1229
new file mode 100644
index 000000000..dcb55e886
--- /dev/null
+++ b/tests/data/test1229
@@ -0,0 +1,82 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP Digest auth
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+HTTP/1.1 401 Authorization Required swsclose
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 26
+
+This is not the real page
+</data>
+
+# This is supposed to be returned when the server gets a
+# Authorization: Digest line passed-in from the client
+<data1000>
+HTTP/1.1 200 OK swsclose
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 23
+
+This IS the real page!
+</data1000>
+
+<datacheck>
+HTTP/1.1 401 Authorization Required swsclose
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 26
+
+HTTP/1.1 200 OK swsclose
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 23
+
+This IS the real page!
+</datacheck>
+
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+crypto
+</features>
+ <name>
+HTTP with Digest authorization with user name needing escape
+ </name>
+ <command>
+http://%5cuser%22:password@%HOSTIP:%HTTPPORT/1229 --digest
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /1229 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+GET /1229 HTTP/1.1
+Authorization: Digest username="\\user\"", realm="testrealm", nonce="1053604145", uri="/1229", response="f2694d426040712584c156d3de72b8d6"
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>