1# vi:filetype= 2 3use lib 'lib'; 4use Test::Nginx::Socket; 5 6repeat_each(2); 7 8plan tests => repeat_each() * (2 * blocks() + 7); 9 10no_long_string(); 11 12no_shuffle(); 13 14run_tests(); 15 16#no_diff(); 17 18__DATA__ 19 20=== TEST 1: key with default iv 21--- config 22 encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456"; 23 encrypted_session_expires 0; 24 25 location /encode { 26 set $a 'abc'; 27 28 set_encrypt_session $res $a; 29 30 set_encode_base32 $ppres $res; 31 32 echo "res = $ppres"; 33 34 set_decrypt_session $b $res; 35 echo "b = $b"; 36 } 37--- request 38 GET /encode 39--- response_body 40res = ktrp3n437q42laejppc9d4bg0jpv0ejie106ooo65od9lf5huhs0==== 41b = abc 42--- error_log 43encrypted_session: expires=0 44 45 46 47=== TEST 2: key with custom iv 48--- config 49 encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456"; 50 encrypted_session_iv "12345678"; 51 encrypted_session_expires 0; 52 53 location /encode { 54 set $a 'abc'; 55 56 set_encrypt_session $res $a; 57 58 set_encode_base32 $ppres $res; 59 60 echo "res = $ppres"; 61 62 set_decrypt_session $b $res; 63 echo "b = $b"; 64 } 65--- request 66 GET /encode 67--- response_body 68res = ktrp3n437q42laejppc9d4bg0hul4pmqhc8tn2laae40aakqfoh0==== 69b = abc 70 71 72 73=== TEST 3: key with custom iv 74--- config 75 encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456"; 76 #encrypted_session_key "abcdefghijklmnopqrstuvwx"; 77 encrypted_session_iv "12345678"; 78 encrypted_session_expires 3; 79 80 location /encode { 81 set $a 'abc'; 82 83 set_encrypt_session $res $a; 84 85 set_encode_base32 $ppres $res; 86 87 echo "res = $ppres"; 88 89 set_decrypt_session $b $res; 90 echo "b = $b"; 91 } 92--- request 93 GET /encode 94--- response_body_like 95^res = [0-9a-v=]{30,} 96b = abc$ 97--- error_log 98encrypted_session: expires=3 99 100 101 102=== TEST 4: key with custom iv 103--- config 104 encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456"; 105 encrypted_session_iv "12345678"; 106 encrypted_session_expires 1d; 107 108 location /encode { 109 set_encrypt_session $res '1234'; 110 set_encode_base32 $res; 111 112 echo "res = $res"; 113 } 114--- request 115 GET /encode 116--- response_body_like 117^res = [0-9a-v=]{30,}$ 118 119 120 121=== TEST 5: key with custom iv 122--- config 123 encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456"; 124 encrypted_session_iv "12345678"; 125 encrypted_session_expires 1d; 126 127 location /foo { 128 set $uid 1315; 129 set_encrypt_session $session $uid; 130 set_encode_base32 $session; 131 132 #echo $session; 133 echo_exec /bar _s=$session; 134 } 135 136 location /bar { 137 encrypted_session_expires 30d; 138 set_unescape_uri $session $arg__s; 139 set_decode_base32 $session; 140 set_decrypt_session $uid $session; 141 echo $uid; 142 } 143--- request 144 GET /foo 145--- response_body 1461315 147 148 149 150=== TEST 6: decoder (bad md5 checksum) 151valid: ktrp3n437q42laejppc9d4bg0j0i6np4tdpovhgdum09l7a0rg10==== 152--- config 153 encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456"; 154 encrypted_session_iv "12345678"; 155 encrypted_session_expires 1d; 156 157 location /decode { 158 set_unescape_uri $session $arg__s; 159 set_decode_base32 $session; 160 set_decrypt_session $uid $session; 161 echo '[$uid]'; 162 } 163--- request 164GET /decode?_s=3trp3n437q42laejppc9d4bg0j0i6np4tdpovhgdum09l7a0rg10==== 165--- response_body 166[] 167 168 169 170=== TEST 7: decoder (bad md5 checksum) 171valid: ktrp3n437q42laejppc9d4bg0j0i6np4tdpovhgdum09l7a0rg10==== 172--- config 173 encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456"; 174 encrypted_session_iv "12345678"; 175 encrypted_session_expires 1d; 176 177 location /decode { 178 set_unescape_uri $session $arg__s; 179 set_decode_base32 $session; 180 set_decrypt_session $uid $session; 181 echo '[$uid]'; 182 } 183--- request 184GET /decode?_s=ktrp3n437q42laejppc9d4bg0j0i6np4tdpovhgdum09laa0rg10==== 185--- response_body 186[] 187 188 189 190=== TEST 8: expired 191--- config 192 encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456"; 193 encrypted_session_expires 1; 194 195 location /encode { 196 set $a 'abc'; 197 set_encrypt_session $res $a; 198 echo -n $res; 199 } 200 201 location /decode { 202 set_decrypt_session $b $args; 203 echo "decrypted: $b"; 204 } 205 206 location /t { 207 content_by_lua ' 208 local res = ngx.location.capture("/encode") 209 ngx.sleep(1.1) 210 res = ngx.location.capture("/decode?" .. res.body) 211 ngx.say(res.body) 212 '; 213 } 214--- request 215 GET /t 216--- response_body_like 217decrypted: 218--- no_error_log 219[error] 220--- error_log eval 221qr/encrypted_session: session expired: \d+ <= \d+/ 222 223 224 225=== TEST 9: variable expires with if's (8d) 226--- config 227 encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456"; 228 encrypted_session_expires 0; 229 230 location ~* '^/t/(\S+)' { 231 set $duration $1; 232 set $a 'abc'; 233 if ($duration = '16d') { 234 encrypted_session_expires 16d; 235 } 236 if ($duration = '8d') { 237 encrypted_session_expires 8d; 238 } 239 if ($duration = '1d') { 240 encrypted_session_expires 1d; 241 } 242 set_encrypt_session $res $a; 243 set_encode_base32 $ppres $res; 244 add_header "X-Foo" $ppres; 245 return 204; 246 } 247--- request 248 GET /t/8d 249--- error_code: 204 250--- response_headers_like chop 251X-Foo: [a-z0-9=]+$ 252--- error_log 253encrypted_session: expires=691200 254 255 256 257=== TEST 10: variable expires with if's (1d) 258--- config 259 encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456"; 260 encrypted_session_expires 0; 261 262 location ~* '^/t/(\S+)' { 263 set $duration $1; 264 set $a 'abc'; 265 if ($duration = '16d') { 266 encrypted_session_expires 16d; 267 } 268 if ($duration = '8d') { 269 encrypted_session_expires 8d; 270 } 271 if ($duration = '1d') { 272 encrypted_session_expires 1d; 273 } 274 set_encrypt_session $res $a; 275 set_encode_base32 $ppres $res; 276 add_header "X-Foo" $ppres; 277 return 204; 278 } 279--- request 280 GET /t/1d 281--- error_code: 204 282--- response_headers_like chop 283X-Foo: [a-z0-9=]+$ 284--- error_log 285encrypted_session: expires=86400 286 287 288 289=== TEST 11: variable expires with if's (16d) 290--- config 291 encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456"; 292 encrypted_session_expires 0; 293 294 location ~* '^/t/(\S+)' { 295 set $duration $1; 296 set $a 'abc'; 297 if ($duration = '16d') { 298 encrypted_session_expires 16d; 299 } 300 if ($duration = '8d') { 301 encrypted_session_expires 8d; 302 } 303 if ($duration = '1d') { 304 encrypted_session_expires 1d; 305 } 306 set_encrypt_session $res $a; 307 set_encode_base32 $ppres $res; 308 add_header "X-Foo" $ppres; 309 return 204; 310 } 311--- request 312 GET /t/16d 313--- error_code: 204 314--- response_headers_like chop 315X-Foo: [a-z0-9=]+$ 316--- error_log 317encrypted_session: expires=1382400 318 319