--- embedaddon/lighttpd/tests/mod-auth.t	2013/10/14 10:32:47	1.1.1.1
+++ embedaddon/lighttpd/tests/mod-auth.t	2016/11/02 10:35:00	1.1.1.2
@@ -8,7 +8,7 @@ BEGIN {
 
 use strict;
 use IO::Socket;
-use Test::More tests => 17;
+use Test::More tests => 20;
 use LightyTest;
 
 my $tf = LightyTest->new();
@@ -83,9 +83,27 @@ EOF
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (sha, wrong password)');
 
+$t->{REQUEST}  = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: Basic YXByLW1kNTphcHItbWQ1
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (apr-md5)');
 
+$t->{REQUEST}  = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: Basic YXByLW1kNTphcHItbWQ2
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (apr-md5, wrong password)');
+
 SKIP: {
-	skip "no md5 for crypt under cygwin", 1 if $^O eq 'cygwin';
+	skip "no crypt-md5 under cygwin", 1 if $^O eq 'cygwin';
+	skip "no crypt-md5 under darwin", 1 if $^O eq 'darwin';
 $t->{REQUEST}  = ( <<EOF
 GET /server-config HTTP/1.0
 Host: auth-htpasswd.example.org
@@ -93,7 +111,7 @@ Authorization: Basic bWQ1Om1kNQ==
 EOF
  );
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
-ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (md5)');
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (crypt-md5)');
 }
 
 $t->{REQUEST}  = ( <<EOF
@@ -115,6 +133,9 @@ EOF
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
 ok($tf->handle_http($t) == 0, 'Digest-Auth: missing qop, no crash');
 
+# (Note: test case is invalid; mismatch between request line and uri="..."
+#  is not what is intended to be tested here, but that is what is invalid)
+# https://redmine.lighttpd.net/issues/477
 ## this should not crash
 $t->{REQUEST}  = ( <<EOF
 GET /server-status HTTP/1.0
@@ -137,34 +158,38 @@ EOF
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
 ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid Base64');
 
-
 $t->{REQUEST}  = ( <<EOF
 GET /server-status HTTP/1.0
-User-Agent: Wget/1.9.1
-Authorization: Digest username="jan", realm="jan",
-	nonce="b1d12348b4620437c43dd61c50ae4639", algorithm="md5-sess",
-	uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001",
-	cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7",
-	nc="asd",
-	response="29B32C2953C763C6D033C8A49983B87E"
+Authorization: Digest username="jan", realm="download archiv",
+	nonce="b3b26457000000003a9b34a3cd56d26e48a52a498ac9765d4b",
+	uri="/server-status", qop=auth, nc=00000001,
+	algorithm="md5-sess", response="049b000fb00ab51dddea6f093a96aa2e"
 EOF
  );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
 ok($tf->handle_http($t) == 0, 'Digest-Auth: md5-sess + missing cnonce');
 
+ $t->{REQUEST}  = ( <<EOF
+GET /server-status HTTP/1.0
+Authorization: Digest username="jan", realm="download archiv",
+	nonce="b3b26457000000003a9b34a3cd56d26e48a52a498ac9765d4b",
+	uri="/server-status", qop=auth, nc=00000001, cnonce="65ee1b37",
+	algorithm="md5", response="049b000fb00ab51dddea6f093a96aa2e"
+EOF
+  );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401, 'WWW-Authenticate' => '/, stale=true$/' } ];
+ok($tf->handle_http($t) == 0, 'Digest-Auth: stale nonce');
+
 $t->{REQUEST}  = ( <<EOF
 GET /server-status HTTP/1.0
-User-Agent: Wget/1.9.1
-Authorization: Digest username="jan", realm="jan",
-	nonce="b1d12348b4620437c43dd61c50ae4639", algorithm="md5-sess",
-	uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001",
-	cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7",
-	nc="asd",
-	response="29B32C2953C763C6D033C8A49983B87E"     
+Authorization: Digest username="jan", realm="download archiv",
+	nonce="b3b26457000000003a9b34a3cd56d26e48a52a498ac9765d4b",
+	uri="/server-status", qop=auth, nc=00000001, cnonce="65ee1b37",
+	algorithm="md5", response="049b000fb00ab51dddea6f093a96aa2e"     
 EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
-ok($tf->handle_http($t) == 0, 'Digest-Auth: trailing WS');
+ ); # note: trailing whitespace at end of request line above is intentional
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401, 'WWW-Authenticate' => '/, stale=true$/' } ];
+ok($tf->handle_http($t) == 0, 'Digest-Auth: trailing WS, stale nonce');