diff options
| author |   Anders Heimer <[email protected]> | 2026-06-10 09:40:13 +0200 |
|---|---|---|
| committer |   Yoann Congal <[email protected]> | 2026-06-11 11:50:29 +0200 |
| commit | acfe02fa38b5da9e6a36c6cedcf91d4fcbefbfbd (patch) | |
| tree | d14a547848b8dbbd57e2b6b6339d3901a15b687b | |
| parent | 73625fd3cb82bd3f9241f77d4b1e9b77fc828860 (diff) | |
tests/fetch: cover checkstatus redirect auth handling2.18
Add local HTTP server tests for Wget.checkstatus() redirects. They check
that Authorization is kept for same-origin redirects and dropped when the
target has a different origin.
Signed-off-by: Anders Heimer <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
(cherry picked from commit c687d42b81b17e7a2399099cab0f1a6aafcf6520)
Signed-off-by: Yoann Congal <[email protected]>
| -rw-r--r-- | lib/bb/tests/fetch.py | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/lib/bb/tests/fetch.py b/lib/bb/tests/fetch.py index e661ff0d8..c071401e6 100644 --- a/lib/bb/tests/fetch.py +++ b/lib/bb/tests/fetch.py @@ -7,6 +7,7 @@ # import contextlib +import http.server import shutil import unittest import unittest.mock @@ -18,6 +19,7 @@ import os import signal import subprocess import tarfile +import threading from bb.fetch2 import URI import bb import bb.utils @@ -1643,6 +1645,41 @@ class FetchCheckStatusTest(FetcherTest): "ftp://sourceware.org/pub/libffi/libffi-1.20.tar.gz", ] + def _start_checkstatus_server(self): + class CheckStatusHTTPRequestHandler(http.server.BaseHTTPRequestHandler): + def do_HEAD(self): + self.server.requests.append((self.path, dict(self.headers))) + if self.path == "/a" and self.server.redirect_url: + self.send_response(302) + self.send_header("Location", self.server.redirect_url) + self.end_headers() + return + self.send_response(200) + self.end_headers() + + def log_message(self, format_str, *args): + pass + + server = http.server.HTTPServer(("127.0.0.1", 0), CheckStatusHTTPRequestHandler) + server.redirect_url = None + server.requests = [] + thread = threading.Thread(target=server.serve_forever, kwargs={"poll_interval": 0.05}) + thread.daemon = True + thread.start() + + def stop_server(): + server.shutdown() + thread.join() + server.server_close() + + self.addCleanup(stop_server) + return server + + def _checkstatus(self, url): + fetch = bb.fetch2.Fetch([url], self.d) + ud = fetch.ud[url] + return ud.method.checkstatus(fetch, ud, self.d) + @skipIfNoNetwork() def test_wget_checkstatus(self): fetch = bb.fetch2.Fetch(self.test_wget_uris, self.d) @@ -1670,6 +1707,31 @@ class FetchCheckStatusTest(FetcherTest): connection_cache.close_connections() + def test_wget_checkstatus_same_origin_redirect_keeps_auth(self): + server = self._start_checkstatus_server() + server.redirect_url = "http://127.0.0.1:%s/b" % server.server_port + + url = "http://127.0.0.1:%s/a;user=user;pswd=pass" % server.server_port + self.assertTrue(self._checkstatus(url)) + + self.assertEqual(len(server.requests), 2) + redirected_headers = {k.lower(): v for k, v in server.requests[1][1].items()} + self.assertIn("authorization", redirected_headers) + + def test_wget_checkstatus_different_origin_redirect_drops_auth(self): + origin = self._start_checkstatus_server() + target = self._start_checkstatus_server() + # Same host but different port is a different origin. + origin.redirect_url = "http://127.0.0.1:%s/b" % target.server_port + + url = "http://127.0.0.1:%s/a;user=user;pswd=pass" % origin.server_port + self.assertTrue(self._checkstatus(url)) + + self.assertEqual(len(origin.requests), 1) + self.assertEqual(len(target.requests), 1) + redirected_headers = {k.lower(): v for k, v in target.requests[0][1].items()} + self.assertNotIn("authorization", redirected_headers) + class GitMakeShallowTest(FetcherTest): def setUp(self): |