From aea50598fbf168ecc795d3f0f221ddf484b68d5a Mon Sep 17 00:00:00 2001 From: Witold Wasiczko Date: Wed, 7 Nov 2018 00:11:47 +0100 Subject: [PATCH] Pass with append string still valid --- test/Adapter/Http/ApacheResolverTest.php | 24 ++++++++++++++++++- .../Http/TestAsset/htbasic-append.crypt | 1 + 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 test/Adapter/Http/TestAsset/htbasic-append.crypt diff --git a/test/Adapter/Http/ApacheResolverTest.php b/test/Adapter/Http/ApacheResolverTest.php index e6c630e..cc647fb 100644 --- a/test/Adapter/Http/ApacheResolverTest.php +++ b/test/Adapter/Http/ApacheResolverTest.php @@ -159,7 +159,29 @@ public function testResolveNoUsers($file) $this->assertFalse($result->isValid()); } - /** + public function testResolveNoValidPasswordWithoutPrependSign() + { + list($username, $password) = explode(':', base64_decode(base64_encode('admink:admin'))); + $path = __DIR__ . '/TestAsset/htbasic-append.crypt'; + + $this->_apache->setFile($path); + $result = $this->_apache->resolve($username, null, $password); + $this->assertInstanceOf('Zend\Authentication\Result', $result); + $this->assertTrue($result->isValid()); + } + + public function testResolveNoValidPasswordWithPrependSign() + { + list($username, $password) = explode(':', base64_decode(base64_encode('admink:admin').'X')); + $path = __DIR__ . '/TestAsset/htbasic-append.crypt'; + + $this->_apache->setFile($path); + $result = $this->_apache->resolve($username, null, $password); + $this->assertInstanceOf('Zend\Authentication\Result', $result); + $this->assertFalse($result->isValid()); + } + + /** * Ensure that resolve() failed for not valid password * * @dataProvider providePasswordFiles diff --git a/test/Adapter/Http/TestAsset/htbasic-append.crypt b/test/Adapter/Http/TestAsset/htbasic-append.crypt new file mode 100644 index 0000000..7299c0b --- /dev/null +++ b/test/Adapter/Http/TestAsset/htbasic-append.crypt @@ -0,0 +1 @@ +admink:E6nt1mxRx7/6. \ No newline at end of file