Unit tests for Cookie passing to subrequests when using an nginx modu…

…le rather than upstream/fastcgi Tests generated in the process of exploring issue evanmiller#107, no functional changes but verifying that headers_in.cookies are not broken by zeroing the headers_in structure.
anthonyryan1 · Apr 9, 2023 · a63f78c · a63f78c
1 parent 39dc908
commit a63f78c
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 4 deletions.
diff --git a/t/nginx.conf b/t/nginx.conf
@@ -61,6 +61,18 @@ http {
             alias  html;
         }
 
+        location /with_auth/module_cookie {
+            userid on;
+            add_header X-UID $uid_got;
+            # This test covers nginx module using headers_in.cookies
+            # not just userid_filter
+            if ($uid_got != "uid=0100007F16203264C975BD0C02030303") {
+                return 403;
+            }
+
+            alias  html;
+        }
+
         location /with_auth/x_auth_token {
             if ($http_x_auth_token = "") {
                 return 403;

diff --git a/t/nginx/conf/nginx.conf b/t/nginx/conf/nginx.conf
@@ -47,10 +47,39 @@ http {
         }
 
         location /zip {
-            add_header X-Archive-Files  zip;
-            add_header Last-Modified    "Wed, 15 Nov 1995 04:58:08 GMT";
-            add_header ETag             "3.14159";
+            add_header X-Archive-Files          zip;
+            add_header X-Archive-Pass-Headers   $arg_pass_headers;
+            add_header Last-Modified            "Wed, 15 Nov 1995 04:58:08 GMT";
+            add_header ETag                     "3.14159";
         } 
+
+        location /with_auth/cookie {
+            if ($http_cookie = "") {
+                return 403;
+            }
+
+            alias  html;
+        }
+
+        location /with_auth/module_cookie {
+            userid on;
+            add_header X-UID $uid_got;
+            # This test covers nginx module using headers_in.cookies
+            # not just userid_filter
+            if ($uid_got != "uid=0100007F16203264C975BD0C02030303") {
+                return 403;
+            }
+
+            alias  html;
+        }
+
+        location /with_auth/x_auth_token {
+            if ($http_x_auth_token = "") {
+                return 403;
+            }
+
+            alias  html;
+        }
     }
 
     server {
@@ -72,6 +101,27 @@ http {
             alias       html;
         }
 
+        location /internal {
+            internal;
+            alias       html;
+        }
+
+        location /with_auth/ {
+            proxy_pass                  http://ziplist;
+        }
+
+        location = @not_directory {
+            rewrite .* /file1.txt break;
+
+            root       html;
+        }
+
+        location = @directory_not {
+            rewrite .* /file2.txt break;
+
+            root       html;
+        }
+
         #error_page  404              /404.html;
 
         # redirect server error pages to the static page /50x.html

diff --git a/t/nginx/html/zip-authorized-files-module-cookie.txt b/t/nginx/html/zip-authorized-files-module-cookie.txt
@@ -0,0 +1,2 @@
+1a6349c5 24 /with_auth/module_cookie/file1.txt file1.txt
+5d70c4d3 25 /with_auth/module_cookie/file2.txt file2.txt
diff --git a/t/ziptest.pl b/t/ziptest.pl
@@ -2,7 +2,7 @@
 
 # TODO tests for Zip64
 
-use Test::More tests => 121;
+use Test::More tests => 127;
 use LWP::UserAgent;
 use Archive::Zip;
 
@@ -187,6 +187,23 @@ ($$)
 is($zip->memberNamed("file1.txt")->isBinaryFile(), 1, "file1.txt exists in archive");
 is($zip->memberNamed("file2.txt")->isBinaryFile(), 1, "file2.txt exists in archive");
 
+$response = $ua->get("$http_root/zip-authorized-files-module-cookie.txt?pass_headers=Cookie");
+is($response->code, 500, "Server error on attempt to use authorizable file without Cookie sent (module)");
+
+$response = $ua->get("$http_root/zip-authorized-files-module-cookie.txt", "Cookie" => "uid=fwAAAWQyIBYMvXXJAwMDAg==");
+is($response->code, 500, "Server error on attempt to use authorizable file without Cookie (module)");
+
+
+$response = $ua->get("$http_root/zip-authorized-files-module-cookie.txt", "Cookie" => "uid=0000000000000000000000==");
+is($response->code, 500, "Server error on attempt to use authorizable file with bad Cookie (module)");
+
+$response = $ua->get("$http_root/zip-authorized-files-module-cookie.txt?pass_headers=Cookie", "Cookie" => "uid=fwAAAWQyIBYMvXXJAwMDAg==");
+is($response->code, 200, "Returns OK when Cookie header field is passed (module)");
+$zip = write_temp_zip($response->content);
+is($zip->memberNamed("file1.txt")->isBinaryFile(), 1, "file1.txt exists in archive");
+is($zip->memberNamed("file2.txt")->isBinaryFile(), 1, "file2.txt exists in archive");
+
+
 $response = $ua->get("$http_root/zip-authorized-files-x.txt", "X-Auth-Token" => "verified");
 is($response->code, 500, "Server error on attempt to use authorizable file without X-Auth-Token");