1# vi:filetype=
2
3use lib 'lib';
4use Test::Nginx::Socket;
5
6repeat_each(2);
7
8plan tests => repeat_each() * (2 * blocks() + 7);
9
10no_long_string();
11
12no_shuffle();
13
14run_tests();
15
16#no_diff();
17
18__DATA__
19
20=== TEST 1: key with default iv
21--- config
22    encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";
23    encrypted_session_expires 0;
24
25    location /encode {
26        set $a 'abc';
27
28        set_encrypt_session $res $a;
29
30        set_encode_base32 $ppres $res;
31
32        echo "res = $ppres";
33
34        set_decrypt_session $b $res;
35        echo "b = $b";
36    }
37--- request
38    GET /encode
39--- response_body
40res = ktrp3n437q42laejppc9d4bg0jpv0ejie106ooo65od9lf5huhs0====
41b = abc
42--- error_log
43encrypted_session: expires=0
44
45
46
47=== TEST 2: key with custom iv
48--- config
49    encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";
50    encrypted_session_iv "12345678";
51    encrypted_session_expires 0;
52
53    location /encode {
54        set $a 'abc';
55
56        set_encrypt_session $res $a;
57
58        set_encode_base32 $ppres $res;
59
60        echo "res = $ppres";
61
62        set_decrypt_session $b $res;
63        echo "b = $b";
64    }
65--- request
66    GET /encode
67--- response_body
68res = ktrp3n437q42laejppc9d4bg0hul4pmqhc8tn2laae40aakqfoh0====
69b = abc
70
71
72
73=== TEST 3: key with custom iv
74--- config
75    encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";
76    #encrypted_session_key "abcdefghijklmnopqrstuvwx";
77    encrypted_session_iv "12345678";
78    encrypted_session_expires 3;
79
80    location /encode {
81        set $a 'abc';
82
83        set_encrypt_session $res $a;
84
85        set_encode_base32 $ppres $res;
86
87        echo "res = $ppres";
88
89        set_decrypt_session $b $res;
90        echo "b = $b";
91    }
92--- request
93    GET /encode
94--- response_body_like
95^res = [0-9a-v=]{30,}
96b = abc$
97--- error_log
98encrypted_session: expires=3
99
100
101
102=== TEST 4: key with custom iv
103--- config
104    encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";
105    encrypted_session_iv "12345678";
106    encrypted_session_expires 1d;
107
108    location /encode {
109        set_encrypt_session $res '1234';
110        set_encode_base32 $res;
111
112        echo "res = $res";
113    }
114--- request
115    GET /encode
116--- response_body_like
117^res = [0-9a-v=]{30,}$
118
119
120
121=== TEST 5: key with custom iv
122--- config
123    encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";
124    encrypted_session_iv "12345678";
125    encrypted_session_expires 1d;
126
127    location /foo {
128        set $uid 1315;
129        set_encrypt_session $session $uid;
130        set_encode_base32 $session;
131
132        #echo $session;
133        echo_exec /bar _s=$session;
134    }
135
136    location /bar {
137        encrypted_session_expires 30d;
138        set_unescape_uri $session $arg__s;
139        set_decode_base32 $session;
140        set_decrypt_session $uid $session;
141        echo $uid;
142    }
143--- request
144    GET /foo
145--- response_body
1461315
147
148
149
150=== TEST 6: decoder (bad md5 checksum)
151valid: ktrp3n437q42laejppc9d4bg0j0i6np4tdpovhgdum09l7a0rg10====
152--- config
153    encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";
154    encrypted_session_iv "12345678";
155    encrypted_session_expires 1d;
156
157    location /decode {
158        set_unescape_uri $session $arg__s;
159        set_decode_base32 $session;
160        set_decrypt_session $uid $session;
161        echo '[$uid]';
162    }
163--- request
164GET /decode?_s=3trp3n437q42laejppc9d4bg0j0i6np4tdpovhgdum09l7a0rg10====
165--- response_body
166[]
167
168
169
170=== TEST 7: decoder (bad md5 checksum)
171valid: ktrp3n437q42laejppc9d4bg0j0i6np4tdpovhgdum09l7a0rg10====
172--- config
173    encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";
174    encrypted_session_iv "12345678";
175    encrypted_session_expires 1d;
176
177    location /decode {
178        set_unescape_uri $session $arg__s;
179        set_decode_base32 $session;
180        set_decrypt_session $uid $session;
181        echo '[$uid]';
182    }
183--- request
184GET /decode?_s=ktrp3n437q42laejppc9d4bg0j0i6np4tdpovhgdum09laa0rg10====
185--- response_body
186[]
187
188
189
190=== TEST 8: expired
191--- config
192    encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";
193    encrypted_session_expires 1;
194
195    location /encode {
196        set $a 'abc';
197        set_encrypt_session $res $a;
198        echo -n $res;
199    }
200
201    location /decode {
202        set_decrypt_session $b $args;
203        echo "decrypted: $b";
204    }
205
206    location /t {
207        content_by_lua '
208            local res = ngx.location.capture("/encode")
209            ngx.sleep(1.1)
210            res = ngx.location.capture("/decode?" .. res.body)
211            ngx.say(res.body)
212        ';
213    }
214--- request
215    GET /t
216--- response_body_like
217decrypted:
218--- no_error_log
219[error]
220--- error_log eval
221qr/encrypted_session: session expired: \d+ <= \d+/
222
223
224
225=== TEST 9: variable expires with if's (8d)
226--- config
227    encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";
228    encrypted_session_expires 0;
229
230    location ~* '^/t/(\S+)' {
231        set $duration $1;
232        set $a 'abc';
233        if ($duration = '16d') {
234            encrypted_session_expires 16d;
235        }
236        if ($duration = '8d') {
237            encrypted_session_expires 8d;
238        }
239        if ($duration = '1d') {
240            encrypted_session_expires 1d;
241        }
242        set_encrypt_session $res $a;
243        set_encode_base32 $ppres $res;
244        add_header "X-Foo" $ppres;
245        return 204;
246    }
247--- request
248    GET /t/8d
249--- error_code: 204
250--- response_headers_like chop
251X-Foo: [a-z0-9=]+$
252--- error_log
253encrypted_session: expires=691200
254
255
256
257=== TEST 10: variable expires with if's (1d)
258--- config
259    encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";
260    encrypted_session_expires 0;
261
262    location ~* '^/t/(\S+)' {
263        set $duration $1;
264        set $a 'abc';
265        if ($duration = '16d') {
266            encrypted_session_expires 16d;
267        }
268        if ($duration = '8d') {
269            encrypted_session_expires 8d;
270        }
271        if ($duration = '1d') {
272            encrypted_session_expires 1d;
273        }
274        set_encrypt_session $res $a;
275        set_encode_base32 $ppres $res;
276        add_header "X-Foo" $ppres;
277        return 204;
278    }
279--- request
280    GET /t/1d
281--- error_code: 204
282--- response_headers_like chop
283X-Foo: [a-z0-9=]+$
284--- error_log
285encrypted_session: expires=86400
286
287
288
289=== TEST 11: variable expires with if's (16d)
290--- config
291    encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";
292    encrypted_session_expires 0;
293
294    location ~* '^/t/(\S+)' {
295        set $duration $1;
296        set $a 'abc';
297        if ($duration = '16d') {
298            encrypted_session_expires 16d;
299        }
300        if ($duration = '8d') {
301            encrypted_session_expires 8d;
302        }
303        if ($duration = '1d') {
304            encrypted_session_expires 1d;
305        }
306        set_encrypt_session $res $a;
307        set_encode_base32 $ppres $res;
308        add_header "X-Foo" $ppres;
309        return 204;
310    }
311--- request
312    GET /t/16d
313--- error_code: 204
314--- response_headers_like chop
315X-Foo: [a-z0-9=]+$
316--- error_log
317encrypted_session: expires=1382400
318
319