diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2013-05-27 19:45:12 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2013-05-27 19:45:12 +0200 |
| commit | ac419bf562c4196f819edd124be82da96f81ba95 (patch) | |
| tree | e0e69e15ac568893f31a59b1db2d186580f85271 /tests/data | |
| parent | 520833cbe1601feed1c6473bd28c4c894e7ee63e (diff) | |
Digest auth: escape user names with \ or " in them
When sending the HTTP Authorization: header for digest, the user name
needs to be escaped if it contains a double-quote or backslash.
Test 1229 was added to verify
Reported and fixed by: Nach M. S
Bug: http://curl.haxx.se/bug/view.cgi?id=1230
Diffstat (limited to 'tests/data')
| -rw-r--r-- | tests/data/Makefile.am | 2 | ||||
| -rw-r--r-- | tests/data/test1229 | 82 |
2 files changed, 83 insertions, 1 deletions
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index d54152f41..48204a15f 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -93,7 +93,7 @@ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \ test1216 test1217 test1218 test1219 \ test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 \ -test1228 \ +test1228 test1229 \ \ test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \ test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \ diff --git a/tests/data/test1229 b/tests/data/test1229 new file mode 100644 index 000000000..dcb55e886 --- /dev/null +++ b/tests/data/test1229 @@ -0,0 +1,82 @@ +<testcase> +<info> +<keywords> +HTTP +HTTP GET +HTTP Digest auth +</keywords> +</info> +# Server-side +<reply> +<data> +HTTP/1.1 401 Authorization Required swsclose
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 26
+
+This is not the real page +</data> + +# This is supposed to be returned when the server gets a +# Authorization: Digest line passed-in from the client +<data1000> +HTTP/1.1 200 OK swsclose
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 23
+
+This IS the real page! +</data1000> + +<datacheck> +HTTP/1.1 401 Authorization Required swsclose
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 26
+
+HTTP/1.1 200 OK swsclose
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 23
+
+This IS the real page! +</datacheck> + +</reply> + +# Client-side +<client> +<server> +http +</server> +<features> +crypto +</features> + <name> +HTTP with Digest authorization with user name needing escape + </name> + <command> +http://%5cuser%22:password@%HOSTIP:%HTTPPORT/1229 --digest +</command> +</client> + +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<protocol> +GET /1229 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+GET /1229 HTTP/1.1
+Authorization: Digest username="\\user\"", realm="testrealm", nonce="1053604145", uri="/1229", response="f2694d426040712584c156d3de72b8d6"
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol> +</verify> +</testcase> |