htauth 1.0.0

data/spec/digest_entry_spec.rb

@@ -0,0 +1,61 @@
+require File.join(File.dirname(__FILE__),"spec_helper.rb")
+
+require 'htauth/digest_entry'
+
+describe HTAuth::DigestEntry do
+    before(:each) do
+        @alice = HTAuth::DigestEntry.new("alice", "htauth")
+        @bob   = HTAuth::DigestEntry.new("bob", "htauth", "b secret")
+    end
+
+    it "initializes with a user and realm" do
+        @alice.user.should == "alice"
+        @alice.realm.should == "htauth"
+    end
+
+    it "has the correct digest for a password" do
+        @alice.password = "digit"
+        @alice.digest.should == "4ed9e5744c6747af8f292d28afd6372e"
+    end
+
+    it "returns username:realm for a key" do
+        @alice.key.should == "alice:htauth"
+    end
+
+    it "checks the password correctly" do
+        @bob.authenticated?("b secret").should == true
+    end
+
+    it "formats correctly when put to a string" do
+        @bob.to_s.should == "bob:htauth:fcbeab6821d2ab3b00934c958db0fd1e"
+    end
+
+    it "parses an input line" do
+        @bob_new = HTAuth::DigestEntry.from_line("bob:htauth:fcbeab6821d2ab3b00934c958db0fd1e")
+        @bob.user.should == @bob_new.user
+        @bob.digest.should == @bob_new.digest
+        @bob.realm.should == @bob_new.realm
+    end
+
+    it "knows if an input line is a possible entry and raises an exception" do
+        lambda { HTAuth::DigestEntry.is_entry!("#stuff") }.should raise_error(HTAuth::InvalidDigestEntry)
+        lambda { HTAuth::DigestEntry.is_entry!("this:that:other:stuff") }.should raise_error(HTAuth::InvalidDigestEntry)
+        lambda { HTAuth::DigestEntry.is_entry!("this:that:other") }.should raise_error(HTAuth::InvalidDigestEntry)
+        lambda { HTAuth::DigestEntry.is_entry!("this:that:0a90549e8ffb2dd62f98252a95d88xyz") }.should raise_error(HTAuth::InvalidDigestEntry)
+    end
+    
+    it "knows if an input line is a possible entry and returns false" do
+        HTAuth::DigestEntry.is_entry?("#stuff").should == false
+        HTAuth::DigestEntry.is_entry?("this:that:other:stuff").should == false 
+        HTAuth::DigestEntry.is_entry?("this:that:other").should == false 
+        HTAuth::DigestEntry.is_entry?("this:that:0a90549e8ffb2dd62f98252a95d88xyz").should == false
+    end
+    
+    it "knows if an input line is a possible entry and returns true" do
+        HTAuth::DigestEntry.is_entry?("bob:htauth:0a90549e8ffb2dd62f98252a95d88697").should == true
+    end
+
+    it "duplicates itself" do
+        @alice.dup.to_s.should == @alice.to_s
+    end
+end

data/spec/digest_file_spec.rb

@@ -0,0 +1,66 @@
+require File.join(File.dirname(__FILE__),"spec_helper.rb")
+
+require 'htauth/digest_file'
+require 'tempfile'
+
+describe HTAuth::DigestFile do
+
+    before(:each) do
+        @tf             = Tempfile.new("rpasswrd-digest")
+        @tf.write(IO.read(DIGEST_ORIGINAL_TEST_FILE))
+        @tf.close       
+        @digest_file    = HTAuth::DigestFile.new(@tf.path)
+        
+        @tf2                = Tempfile.new("rpasswrd-digest-empty")
+        @tf2.close
+        @empty_digest_file  = HTAuth::DigestFile.new(@tf2.path)
+    end
+
+    after(:each) do
+        @tf2.close(true)
+        @tf.close(true)
+    end
+
+    it "can add a new entry to an already existing digest file" do
+        @digest_file.add_or_update("charlie", "htauth-new", "c secret")
+        @digest_file.contents.should == IO.read(DIGEST_ADD_TEST_FILE)
+    end
+
+    it "can tell if an entry already exists in the digest file" do
+        @digest_file.has_entry?("alice", "htauth").should == true
+        @digest_file.has_entry?("alice", "some other realm").should == false
+    end
+    
+    it "can update an entry in an already existing digest file" do
+        @digest_file.add_or_update("alice", "htauth", "a new secret")
+        @digest_file.contents.should == IO.read(DIGEST_UPDATE_TEST_FILE)
+    end
+
+    it "fetches a copy of an entry" do
+        @digest_file.fetch("alice", "htauth").to_s.should == "alice:htauth:2f361db93147d84831eb34f19d05bfbb"
+    end
+
+    it "raises an error if an attempt is made to alter a non-existenet file" do
+        lambda { HTAuth::DigestFile.new("some-file") }.should raise_error(HTAuth::FileAccessError)
+    end
+
+    # this test will only work on systems that have /etc/ssh_host_rsa_key 
+    it "raises an error if an attempt is made to open a file where no permissions are granted" do
+        lambda { HTAuth::DigestFile.new("/etc/ssh_host_rsa_key") }.should raise_error(HTAuth::FileAccessError)
+    end
+
+    it "deletes an entry" do
+        @digest_file.delete("alice", "htauth")
+        @digest_file.contents.should == IO.read(DIGEST_DELETE_TEST_FILE)
+    end
+    
+    it "is usable in a ruby manner and yeilds itself when opened" do
+        HTAuth::DigestFile.open(@tf.path) do |pf|
+            pf.add_or_update("alice", "htauth", "a secret")
+            pf.delete('bob', 'htauth')
+        end
+        lines = IO.readlines(@tf.path)
+        lines.size.should == 1
+        lines.first.strip.should == "alice:htauth:2f361db93147d84831eb34f19d05bfbb"
+    end
+end

data/spec/digest_spec.rb

@@ -0,0 +1,150 @@
+require File.join(File.dirname(__FILE__),"spec_helper.rb")
+require 'htauth/digest'
+require 'tempfile'
+
+describe HTAuth::Digest do
+
+    before(:each) do
+
+        # existing 
+        @tf = Tempfile.new("rpasswrd-digest-test")
+        @tf.write(IO.read(DIGEST_ORIGINAL_TEST_FILE))
+        @tf.close       
+        @rdigest = HTAuth::Digest.new
+       
+        # new file
+        @new_file = File.join(File.dirname(@tf.path), "new-testfile")
+
+        # rework stdout and stderr
+        @stdout = StringIO.new
+        @old_stdout = $stdout
+        $stdout = @stdout
+
+        @stderr = StringIO.new
+        @old_stderr = $stderr
+        $stderr = @stderr
+
+        @stdin = StringIO.new
+        @old_stdin = $stdin
+        $stdin = @stdin
+    end
+
+    after(:each) do
+        @tf.close(true)
+        $stderr = @old_stderr
+        $stdout = @old_stdout
+        $stdin = @old_stdin
+        File.unlink(@new_file) if File.exist?(@new_file)
+    end
+
+    it "displays help appropriately" do
+        begin
+            @rdigest.run([ "-h" ])
+        rescue SystemExit => se
+            se.status.should == 1
+            @stdout.string.should =~ /passwordfile realm username/m
+        end
+    end
+
+    it "displays the version appropriately" do
+        begin
+            @rdigest.run([ "--version" ])
+        rescue SystemExit => se
+            se.status.should == 1
+            @stdout.string.should =~ /version #{HTAuth::VERSION}/
+        end
+    end
+    
+    it "creates a new file with one entries" do
+        begin
+            @stdin.puts "b secret"
+            @stdin.puts "b secret"
+            @stdin.rewind
+            @rdigest.run([ "-c", @new_file, "htauth", "bob" ])
+        rescue SystemExit => se
+            se.status.should == 0
+            IO.read(@new_file).should == IO.readlines(DIGEST_ORIGINAL_TEST_FILE).first
+        end
+    end
+
+    it "truncates an exiting file if told to create a new file" do
+        begin
+            @stdin.puts "b secret"
+            @stdin.puts "b secret"
+            @stdin.rewind
+            @rdigest.run([ "-c", @tf.path, "htauth", "bob"])
+        rescue SystemExit => se
+            se.status.should == 0
+            IO.read(@tf.path).should == IO.read(DIGEST_DELETE_TEST_FILE)
+        end
+    end
+
+    it "adds an entry to an existing file" do
+        begin
+            @stdin.puts "c secret"
+            @stdin.puts "c secret"
+            @stdin.rewind
+            @rdigest.run([ @tf.path, "htauth-new", "charlie" ])
+        rescue SystemExit => se
+            se.status.should == 0
+            IO.read(@tf.path).should == IO.read(DIGEST_ADD_TEST_FILE)
+        end
+    end
+
+    it "updates an entry in an existing file" do
+        begin
+            @stdin.puts "a new secret"
+            @stdin.puts "a new secret"
+            @stdin.rewind
+            @rdigest.run([ @tf.path, "htauth", "alice" ])
+        rescue SystemExit => se
+            @stderr.string.should == ""
+            se.status.should == 0
+            IO.read(@tf.path).should == IO.read(DIGEST_UPDATE_TEST_FILE)
+        end
+    end
+    
+    it "deletes an entry in an existing file" do
+        begin
+            @rdigest.run([ "-d", @tf.path, "htauth", "alice" ])
+        rescue SystemExit => se
+            @stderr.string.should == ""
+            se.status.should == 0
+            IO.read(@tf.path).should == IO.read(DIGEST_DELETE_TEST_FILE)
+        end
+    end
+
+    it "has an error if it does not have permissions on the file" do
+        begin
+            @stdin.puts "a secret"
+            @stdin.puts "a secret"
+            @stdin.rewind
+            @rdigest.run([ "-c", "/etc/you-cannot-create-me", "htauth", "alice"])
+        rescue SystemExit => se
+            @stderr.string.should =~ %r{Could not open password file /etc/you-cannot-create-me}m
+            se.status.should == 1
+        end
+    end
+
+    it "has an error if the input passwords do not match" do
+        begin
+            @stdin.puts "a secret"
+            @stdin.puts "a bad secret"
+            @stdin.rewind
+            @rdigest.run([ @tf.path, "htauth", "alice"])
+        rescue SystemExit => se
+            @stderr.string.should =~ /They don't match, sorry./m
+            se.status.should == 1
+        end
+    end
+
+    it "has an error if the options are incorrect" do
+        begin
+            @rdigest.run(["--blah"])
+        rescue SystemExit => se
+            @stderr.string.should =~ /ERROR:/m
+            se.status.should == 1
+        end
+    end
+
+end

data/spec/md5_spec.rb

@@ -0,0 +1,17 @@
+require File.join(File.dirname(__FILE__),"spec_helper.rb")
+
+require 'htauth/md5'
+
+describe HTAuth::Md5 do
+    it "has a prefix" do
+        HTAuth::Md5.new.prefix.should == "$apr1$"
+    end
+
+    it "encrypts the same way that apache does" do
+        apache_salt = "L0LDd/.."
+        apache_result = "$apr1$L0LDd/..$yhUzDjpxam5F1kWdtwMco1"
+        md5 = HTAuth::Md5.new({ 'salt' => apache_salt })
+        md5.encode("a secret").should == apache_result
+    end
+end
+

data/spec/passwd_entry_spec.rb

@@ -0,0 +1,139 @@
+
+require File.join(File.dirname(__FILE__),"spec_helper.rb")
+
+require 'htauth/passwd_entry'
+
+describe HTAuth::PasswdEntry do
+    before(:each) do
+        @alice = HTAuth::PasswdEntry.new("alice", "a secret", "crypt", { :salt => "mD" })
+        @bob   = HTAuth::PasswdEntry.new("bob", "b secret", "crypt", { :salt => "b8"})
+    end
+
+    it "initializes with a user and realm" do
+        @alice.user.should == "alice"
+    end
+
+    it "has the correct crypt password" do
+        @alice.password = "a secret"
+        @alice.digest.should == "mDwdZuXalQ5zk"
+    end
+
+    it "should encrypt correctly for md5" do
+        bob = HTAuth::PasswdEntry.new("bob", "b secret", "md5", { :salt => "lo1tk/.." })
+        bob.digest.should == "$apr1$lo1tk/..$CarApvZPee0F6Wj1U0GxZ1"
+    end
+    
+    it "should encrypt correctly for sha1" do
+        bob = HTAuth::PasswdEntry.new("bob", "b secret", "sha1", { :salt => @salt })
+        bob.digest.should == "{SHA}b/tjGXbX80MEKVnF200S43ca4hY="
+    end
+    
+    it "should encrypt correctly for plaintext" do
+        bob = HTAuth::PasswdEntry.new("bob", "b secret", "plaintext", { :salt => @salt })
+        bob.digest.should == "b secret"
+    end
+
+    it "encrypts with crypt as a default, when parsed from crypt()'d line" do
+        bob2 = HTAuth::PasswdEntry.from_line(@bob.to_s)
+        bob2.algorithm.should be_an_instance_of(Array)
+        bob2.algorithm.should have(2).items
+        bob2.password = "another secret"
+        bob2.algorithm.should be_an_instance_of(HTAuth::Crypt)
+    end
+
+    it "encrypts with crypt as a default, when parsed from plaintext line" do
+        p = HTAuth::PasswdEntry.new('paul', 'p secret', 'plaintext')
+        p2 = HTAuth::PasswdEntry.from_line(p.to_s)
+        p2.algorithm.should be_an_instance_of(Array)
+        p2.algorithm.should have(2).items
+        p2.password = "another secret"
+        p2.algorithm.should be_an_instance_of(HTAuth::Crypt)
+    end
+
+    it "encrypts with md5 as default, when parsed from an md5 line" do
+        m = HTAuth::PasswdEntry.new("mary", "m secret", "md5") 
+        m2 = HTAuth::PasswdEntry.from_line(m.to_s)
+        m2.algorithm.should be_an_instance_of(HTAuth::Md5)
+    end
+    
+    it "encrypts with sha1 as default, when parsed from an sha1 line" do
+        s = HTAuth::PasswdEntry.new("steve", "s secret", "sha1") 
+        s2 = HTAuth::PasswdEntry.from_line(s.to_s)
+        s2.algorithm.should be_an_instance_of(HTAuth::Sha1)
+    end
+
+    it "determins the algorithm to be crypt when checking a password" do
+        bob2 = HTAuth::PasswdEntry.from_line(@bob.to_s)
+        bob2.algorithm.should be_an_instance_of(Array)
+        bob2.algorithm.should have(2).items
+        bob2.authenticated?("b secret").should == true
+        bob2.algorithm.should be_an_instance_of(HTAuth::Crypt)
+    end
+    
+    it "determins the algorithm to be plain when checking a password" do
+        bob2 = HTAuth::PasswdEntry.from_line("bob:b secret")
+        bob2.algorithm.should be_an_instance_of(Array)
+        bob2.algorithm.should have(2).items
+        bob2.authenticated?("b secret").should == true
+        bob2.algorithm.should be_an_instance_of(HTAuth::Plaintext)
+    end
+
+    it "authenticates correctly against md5" do
+        m = HTAuth::PasswdEntry.new("mary", "m secret", "md5") 
+        m2 = HTAuth::PasswdEntry.from_line(m.to_s)
+        m2.authenticated?("m secret").should == true
+    end
+    
+    it "authenticates correctly against sha1" do
+        s = HTAuth::PasswdEntry.new("steve", "s secret", "sha1") 
+        s2 = HTAuth::PasswdEntry.from_line(s.to_s)
+        s2.authenticated?("s secret").should == true
+    end
+
+
+
+
+    it "returns username for a key" do
+        @alice.key.should == "alice"
+    end
+
+    it "checks the password correctly" do
+        @bob.authenticated?("b secret").should == true
+    end
+
+    it "formats correctly when put to a string" do
+        @bob.to_s.should == "bob:b8Ml4Jp9I0N8E"
+    end
+
+    it "parses an input line" do
+        @bob_new = HTAuth::PasswdEntry.from_line("bob:b8Ml4Jp9I0N8E")
+        @bob.user.should == @bob_new.user
+        @bob.digest.should == @bob_new.digest
+    end
+
+    it "knows if an input line is a possible entry and raises an exception" do
+        lambda { HTAuth::PasswdEntry.is_entry!("#stuff") }.should raise_error(HTAuth::InvalidPasswdEntry)
+        lambda { HTAuth::PasswdEntry.is_entry!("this:that:other:stuff") }.should raise_error(HTAuth::InvalidPasswdEntry)
+        lambda { HTAuth::PasswdEntry.is_entry!("this:that:other") }.should raise_error(HTAuth::InvalidPasswdEntry)
+        lambda { HTAuth::PasswdEntry.is_entry!("this:that:0a90549e8ffb2dd62f98252a95d88xyz") }.should raise_error(HTAuth::InvalidPasswdEntry)
+    end
+    
+    it "knows if an input line is a possible entry and returns false" do
+        HTAuth::PasswdEntry.is_entry?("#stuff").should == false
+        HTAuth::PasswdEntry.is_entry?("this:that:other:stuff").should == false 
+        HTAuth::PasswdEntry.is_entry?("this:that:other").should == false 
+        HTAuth::PasswdEntry.is_entry?("this:that:0a90549e8ffb2dd62f98252a95d88xyz").should == false
+    end
+    
+    it "knows if an input line is a possible entry and returns true" do
+        HTAuth::PasswdEntry.is_entry?("bob:irRm0g.SDfCyI").should == true
+        HTAuth::PasswdEntry.is_entry?("bob:b secreat").should == true
+        HTAuth::PasswdEntry.is_entry?("bob:{SHA}b/tjGXbX80MEKVnF200S43ca4hY=").should == true
+        HTAuth::PasswdEntry.is_entry?("bob:$apr1$lo1tk/..$CarApvZPee0F6Wj1U0GxZ1").should == true
+
+    end
+
+    it "duplicates itself" do
+        @alice.dup.to_s.should == @alice.to_s
+    end
+end

data/spec/passwd_file_spec.rb

@@ -0,0 +1,67 @@
+require File.join(File.dirname(__FILE__),"spec_helper.rb")
+
+require 'htauth/passwd_file'
+require 'tempfile'
+
+describe HTAuth::PasswdFile do
+
+    before(:each) do
+        @tf             = Tempfile.new("rpasswrd-passwd")
+        @tf.write(IO.read(PASSWD_ORIGINAL_TEST_FILE))
+        @tf.close       
+        @passwd_file    = HTAuth::PasswdFile.new(@tf.path)
+        
+        @tf2                = Tempfile.new("rpasswrd-passwd-empty")
+        @tf2.close
+        @empty_passwd_file  = HTAuth::PasswdFile.new(@tf2.path)
+    end
+
+    after(:each) do
+        @tf2.close(true)
+        @tf.close(true)
+    end
+
+    it "can add a new entry to an already existing passwd file" do
+        @passwd_file.add_or_update("charlie", "c secret", "sha1")
+        @passwd_file.contents.should == IO.read(PASSWD_ADD_TEST_FILE)
+    end
+
+    it "can tell if an entry already exists in the passwd file" do
+        @passwd_file.has_entry?("alice").should == true
+        @passwd_file.has_entry?("david").should == false
+    end
+    
+    it "can update an entry in an already existing passwd file, algorithm can change" do
+        @passwd_file.add_or_update("alice", "a new secret", "sha1")
+        @passwd_file.contents.should == IO.read(PASSWD_UPDATE_TEST_FILE)
+    end
+
+    it "fetches a copy of an entry" do
+        @passwd_file.fetch("alice").to_s.should == "alice:$apr1$DghnA...$CsPcgerfsI/Ryy0AOAJtb0"
+    end
+
+    it "raises an error if an attempt is made to alter a non-existenet file" do
+        lambda { HTAuth::PasswdFile.new("some-file") }.should raise_error(HTAuth::FileAccessError)
+    end
+
+    # this test will only work on systems that have /etc/ssh_host_rsa_key 
+    it "raises an error if an attempt is made to open a file where no permissions are granted" do
+        lambda { HTAuth::PasswdFile.new("/etc/ssh_host_rsa_key") }.should raise_error(HTAuth::FileAccessError)
+    end
+
+    it "deletes an entry" do
+        @passwd_file.delete("bob")
+        @passwd_file.contents.should == IO.read(PASSWD_DELETE_TEST_FILE)
+    end
+
+    it "is usable in a ruby manner and yeilds itself when opened" do
+        HTAuth::PasswdFile.open(@tf.path) do |pf|
+            pf.add_or_update("alice", "a new secret", "md5")
+            pf.delete('bob')
+        end
+        lines = IO.readlines(@tf.path)
+        lines.size.should == 1
+        lines.first.split(':').first.should == "alice"
+        lines.first.split(':').last.should =~ /\$apr1\$/
+    end
+end