test 2027/2030: take duplicate Digest requests into account

With the reversion of ce8311c7e49eca and the new clear logic, this flaw
is present and we allow it.

1 files changed, 24 insertions, 0 deletions

diff --git a/tests/data/test2030 b/tests/data/test2030
index 18659e8d2..53d3f9122 100644
--- a/tests/data/test2030
+++ b/tests/data/test2030
@@ -13,6 +13,18 @@ HTTP NTLM auth
 <!-- Alternate the order that Digest and NTLM headers appear in responses to
 ensure that the order doesn't matter. -->
 
+<!--
+
+ Explanation for the duplicate 400 requests:
+
+ libcurl doesn't detect that a given Digest password is wrong already on the
+ first 401 response (as the data400 gives). libcurl will instead consider the
+ new response just as a duplicate and it sends another and detects the auth
+ problem on the second 401 response!
+
+-->
+
+
 <!-- First request has NTLM auth, wrong password -->
 <data100>
 HTTP/1.1 401 Need Digest or NTLM auth

@@ -186,6 +198,13 @@ Content-Length: 29
 WWW-Authenticate: NTLM

 WWW-Authenticate: Digest realm="testrealm", nonce="7"

 

+HTTP/1.1 401 Sorry wrong password (3)

+Server: Microsoft-IIS/5.0

+Content-Type: text/html; charset=iso-8859-1

+Content-Length: 29

+WWW-Authenticate: NTLM

+WWW-Authenticate: Digest realm="testrealm", nonce="7"

+

 This is a bad password page!
 HTTP/1.1 200 Things are fine in server land (2)

 Server: Microsoft-IIS/5.0

@@ -259,6 +278,11 @@ Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/2
 Host: %HOSTIP:%HTTPPORT

 Accept: */*

 

+GET /20300400 HTTP/1.1

+Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20300400", response="d6262e9147db08c62ff2f53b515861e8"

+Host: %HOSTIP:%HTTPPORT

+Accept: */*

+

 GET /20300500 HTTP/1.1

 Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/20300500", response="198757e61163a779cf24ed4c49c1ad7d"

 Host: %HOSTIP:%HTTPPORT