HTTP Digest authentication [#1230 state:resolved]

2 files changed, 161 insertions, 0 deletions

diff --git a/actionpack/test/controller/http_digest_authentication_test.rb b/actionpack/test/controller/http_digest_authentication_test.rb
new file mode 100644
index 0000000000..d5c8636a9e
--- /dev/null
+++ b/actionpack/test/controller/http_digest_authentication_test.rb
@@ -0,0 +1,73 @@
+require 'abstract_unit'
+
+class HttpDigestAuthenticationTest < Test::Unit::TestCase
+  include ActionController::HttpAuthentication::Digest
+  
+  class DummyController
+    attr_accessor :headers, :renders, :request, :response
+
+    def initialize
+      @headers, @renders = {}, []
+      @request = ActionController::TestRequest.new
+      @response = ActionController::TestResponse.new
+      request.session.session_id = "test_session"
+    end
+    
+    def render(options)
+      self.renderers << options
+    end
+  end
+  
+  def setup
+    @controller = DummyController.new
+    @credentials = {
+      :username => "dhh",
+      :realm    => "testrealm@host.com",
+      :nonce    => ActionController::HttpAuthentication::Digest.nonce(@controller.request),
+      :qop      => "auth",
+      :nc       => "00000001",
+      :cnonce   => "0a4f113b",
+      :opaque   => ActionController::HttpAuthentication::Digest.opaque(@controller.request),
+      :uri      => "http://test.host/"
+    }
+    @encoded_credentials = ActionController::HttpAuthentication::Digest.encode_credentials("GET", @credentials, "secret")
+  end
+
+  def test_decode_credentials
+    set_headers
+    assert_equal @credentials, decode_credentials(@controller.request) 
+  end 
+    
+  def test_nonce_format
+    assert_nothing_thrown do
+      validate_nonce(@controller.request, nonce(@controller.request))
+    end
+  end
+  
+  def test_authenticate_should_raise_for_nil_password
+    set_headers ActionController::HttpAuthentication::Digest.encode_credentials(:get, @credentials, nil)
+    assert_raise ActionController::HttpAuthentication::Error do
+      authenticate(@controller, @credentials[:realm]) { |user| user == "dhh" && "secret" }
+    end
+  end 
+  
+  def test_authenticate_should_raise_for_incorrect_password 
+    set_headers
+    assert_raise ActionController::HttpAuthentication::Error do
+      authenticate(@controller, @credentials[:realm]) { |user| user == "dhh" && "bad password" }
+    end
+  end 
+ 
+  def test_authenticate_should_not_raise_for_correct_password 
+    set_headers
+    assert_nothing_thrown do
+      authenticate(@controller, @credentials[:realm]) { |user| user == "dhh" && "secret" }
+    end
+  end 
+
+  private
+    def set_headers(value = @encoded_credentials, name = 'HTTP_AUTHORIZATION', method = "GET")
+      @controller.request.env[name] = value
+      @controller.request.env["REQUEST_METHOD"] = method
+    end
+end
diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb
index c28050fe0d..53cebf768e 100644
--- a/actionpack/test/controller/integration_test.rb
+++ b/actionpack/test/controller/integration_test.rb
@@ -8,7 +8,25 @@ class SessionTest < Test::Unit::TestCase
   }
 
   def setup
+    @credentials = {
+      :username => "username",
+      :realm    => "MyApp",
+      :nonce    => ActionController::HttpAuthentication::Digest.nonce("session_id"),
+      :qop      => "auth",
+      :nc       => "00000001",
+      :cnonce   => "0a4f113b",
+      :opaque   => ActionController::HttpAuthentication::Digest.opaque("session_id"),
+      :uri      => "/index"
+    }
+
     @session = ActionController::Integration::Session.new(StubApp)
+    @session.nonce = @credentials[:nonce]
+    @session.opaque = @credentials[:opaque]
+    @session.realm = @credentials[:realm]
+  end
+
+  def encoded_credentials(method)
+    ActionController::HttpAuthentication::Digest.encode_credentials(method, @credentials, "password")
   end
 
   def test_https_bang_works_and_sets_truth_by_default
@@ -132,6 +150,76 @@ class SessionTest < Test::Unit::TestCase
     @session.head(path,params,headers)
   end
 
+  def test_get_with_basic 
+    path = "/index"; params = "blah"; headers = {:location => 'blah'} 
+    expected_headers = headers.merge(:authorization => "Basic dXNlcm5hbWU6cGFzc3dvcmQ=\n")  
+    @session.expects(:process).with(:get,path,params,expected_headers) 
+    @session.get_with_basic(path,params,headers,'username','password') 
+  end 
+ 
+  def test_post_with_basic 
+    path = "/index"; params = "blah"; headers = {:location => 'blah'} 
+    expected_headers = headers.merge(:authorization => "Basic dXNlcm5hbWU6cGFzc3dvcmQ=\n")  
+    @session.expects(:process).with(:post,path,params,expected_headers) 
+    @session.post_with_basic(path,params,headers,'username','password') 
+  end 
+ 
+  def test_put_with_basic 
+    path = "/index"; params = "blah"; headers = {:location => 'blah'} 
+    expected_headers = headers.merge(:authorization => "Basic dXNlcm5hbWU6cGFzc3dvcmQ=\n")  
+    @session.expects(:process).with(:put,path,params,expected_headers) 
+    @session.put_with_basic(path,params,headers,'username','password') 
+  end 
+ 
+  def test_delete_with_basic 
+    path = "/index"; params = "blah"; headers = {:location => 'blah'} 
+    expected_headers = headers.merge(:authorization => "Basic dXNlcm5hbWU6cGFzc3dvcmQ=\n")  
+    @session.expects(:process).with(:delete,path,params,expected_headers) 
+    @session.delete_with_basic(path,params,headers,'username','password') 
+  end 
+ 
+  def test_head_with_basic 
+    path = "/index"; params = "blah"; headers = {:location => 'blah'} 
+    expected_headers = headers.merge(:authorization => "Basic dXNlcm5hbWU6cGFzc3dvcmQ=\n")  
+    @session.expects(:process).with(:head,path,params,expected_headers) 
+    @session.head_with_basic(path,params,headers,'username','password') 
+  end 
+ 
+  def test_get_with_digest 
+    path = "/index"; params = "blah"; headers = {:location => 'blah'} 
+    expected_headers = headers.merge(:authorization => encoded_credentials(:get))
+    @session.expects(:process).with(:get,path,params,expected_headers) 
+    @session.get_with_digest(path,params,headers,'username','password') 
+  end 
+ 
+  def test_post_with_digest 
+    path = "/index"; params = "blah"; headers = {:location => 'blah'} 
+    expected_headers = headers.merge(:authorization => encoded_credentials(:post))
+    @session.expects(:process).with(:post,path,params,expected_headers) 
+    @session.post_with_digest(path,params,headers,'username','password') 
+  end 
+ 
+  def test_put_with_digest 
+    path = "/index"; params = "blah"; headers = {:location => 'blah'} 
+    expected_headers = headers.merge(:authorization => encoded_credentials(:put)) 
+    @session.expects(:process).with(:put,path,params,expected_headers) 
+    @session.put_with_digest(path,params,headers,'username','password') 
+  end 
+ 
+  def test_delete_with_digest 
+    path = "/index"; params = "blah"; headers = {:location => 'blah'} 
+    expected_headers = headers.merge(:authorization => encoded_credentials(:delete))
+    @session.expects(:process).with(:delete,path,params,expected_headers) 
+    @session.delete_with_digest(path,params,headers,'username','password') 
+  end 
+ 
+  def test_head_with_digest 
+    path = "/index"; params = "blah"; headers = {:location => 'blah'} 
+    expected_headers = headers.merge(:authorization => encoded_credentials(:head)) 
+    @session.expects(:process).with(:head,path,params,expected_headers) 
+    @session.head_with_digest(path,params,headers,'username','password') 
+  end 
+
   def test_xml_http_request_get
     path = "/index"; params = "blah"; headers = {:location => 'blah'}
     headers_after_xhr = headers.merge(