Adding test support for the other mongrel configuration header

git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2752 980ebf18-57e1-0310-9a29-db15c13687c0

3 files changed, 28 insertions, 3 deletions

diff --git a/lib/puppet/configuration.rb b/lib/puppet/configuration.rb
index 79ada647b..65e0d9fa8 100644
--- a/lib/puppet/configuration.rb
+++ b/lib/puppet/configuration.rb
@@ -313,6 +313,10 @@ module Puppet
         :ssl_client_header => ["HTTP_X_CLIENT_DN", "The header containing an authenticated
             client's SSL DN.  Only used with Mongrel.  This header must be set by the proxy
             to the authenticated client's SSL DN (e.g., ``/CN=puppet.reductivelabs.com``).
+            See the `UsingMongrel`:trac: wiki page for more information."],
+        :ssl_client_verify_header => ["HTTP_X_CLIENT_VERIFY", "The header containing the status
+            message of the client verification. Only used with Mongrel.  This header must be set by the proxy
+            to 'SUCCESS' if the client successfully authenticated, and anything else otherwise.
             See the `UsingMongrel`:trac: wiki page for more information."]
     )
 
diff --git a/lib/puppet/network/server/mongrel.rb b/lib/puppet/network/server/mongrel.rb
index 37a10d348..5bce40756 100644
--- a/lib/puppet/network/server/mongrel.rb
+++ b/lib/puppet/network/server/mongrel.rb
@@ -118,7 +118,7 @@ module Puppet::Network
             ip = params["REMOTE_ADDR"]
             if dn = params[Puppet[:ssl_client_header]] and dn.include?("/CN=")
                 client = dn.sub("/CN=", '')
-                valid = (params["HTTP_X_CLIENT_VERIFY"] == 'SUCCESS')
+                valid = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
             else
                 client = Resolv.getname(ip)
                 valid = false
diff --git a/test/network/server/mongrel_test.rb b/test/network/server/mongrel_test.rb
index 75568561b..b7a383872 100755
--- a/test/network/server/mongrel_test.rb
+++ b/test/network/server/mongrel_test.rb
@@ -3,6 +3,7 @@
 $:.unshift("../../lib") if __FILE__ =~ /\.rb$/
 
 require 'puppettest'
+require 'mocha'
 
 class TestMongrelServer < PuppetTest::TestCase
     confine "Missing mongrel" => Puppet.features.mongrel?
@@ -25,14 +26,34 @@ class TestMongrelServer < PuppetTest::TestCase
 
         ip = Facter.value(:ipaddress)
         params["REMOTE_ADDR"] = ip
+        params[Puppet[:ssl_client_header]] = ""
+        params[Puppet[:ssl_client_verify_header]] = "failure"
+        info = nil
+        Resolv.expects(:getname).with(ip).returns("host.domain.com").times(3)
+        assert_nothing_raised("Could not call client_info") do
+            info = mongrel.send(:client_info, obj)
+        end
+        assert(! info.authenticated?, "Client info object was marked valid even though headers were missing")
+        assert_equal(ip, info.ip, "Did not copy over ip correctly")
+
+        assert_equal("host.domain.com", info.name, "Did not copy over hostname correctly")
+
+        # Now add a valid auth header.
         params[Puppet[:ssl_client_header]] = "/CN=host.domain.com"
+        assert_nothing_raised("Could not call client_info") do
+            info = mongrel.send(:client_info, obj)
+        end
+        assert(! info.authenticated?, "Client info object was marked valid even though the verify header was fals")
+        assert_equal(ip, info.ip, "Did not copy over ip correctly")
+        assert_equal("host.domain.com", info.name, "Did not copy over hostname correctly")
 
-        info = nil
+        # Now change the verify header to be true
+        params[Puppet[:ssl_client_verify_header]] = "SUCCESS"
         assert_nothing_raised("Could not call client_info") do
             info = mongrel.send(:client_info, obj)
         end
 
-        assert(info.authenticated?, "Client info object was not marked valid even though the header was present")
+        assert(info.authenticated?, "Client info object was not marked valid even though all headers were correct")
         assert_equal(ip, info.ip, "Did not copy over ip correctly")
         assert_equal("host.domain.com", info.name, "Did not copy over hostname correctly")