From f9127f9a408efcee1d112a657a9a7e47a4bbd801 Mon Sep 17 00:00:00 2001
From: Emilien Mantel <emilien.mantel@debianiste.org>
Date: Thu, 3 Dec 2015 17:09:29 +0100
Subject: [PATCH] Manage auth basic on all vhost

---
 templates/etc/nginx/sites-available/_base.j2 |  6 +++++-
 tests/test.yml                               | 12 +++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2
index bfb90b4..472f2fa 100644
--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@@ -1,7 +1,7 @@
 {% set __listen = item.listen | default(['80']) %}
 {% set __listen_ssl = item.listen_ssl | default(['443']) %}
 {% set __location = item.location | default({}) %}
-{% macro htpasswd(htpasswd_name, indent=2) -%}
+{% macro htpasswd(htpasswd_name, indent=1) -%}
 {% for ht in nginx_htpasswd %}{% if ht.name == htpasswd_name %}
 {{ "\t" * indent }}auth_basic "{{ ht.description }}";
 {{ "\t" * indent }}auth_basic_user_file {{ nginx_htpasswd_dir }}/{{ ht.name }};
@@ -36,6 +36,10 @@ server {
 {% endfor %}
 {% endif %}
 
+{% if item.htpasswd is defined %}
+{{ htpasswd(item.htpasswd, 1) }}
+{% endif %}
+
 {% if not __location.has_key('/') %}
 	location / {
 {% block template_try_files %}
diff --git a/tests/test.yml b/tests/test.yml
index fa875a5..7cfc6e2 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -83,7 +83,7 @@
       with_items: ['test-php.local', 'test-php-index.local']
     - name: -- Add HTML file --
       copy: dest="{{ item }}/index.html" content="Index HTML test OK\n"
-      with_items: ['{{ nginx_root }}/test.local/public', '/var/tmp']
+      with_items: ['{{ nginx_root }}/test.local/public', '/var/tmp', '{{ nginx_root }}/test-htpasswd-all.local/public']
     - name: -- VERIFY VHOSTS --
       command: "curl -H 'Host: {{ item.name if item.name is string else item.name[0] }}' http://127.0.0.1{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
       with_items: nginx_vhosts
@@ -116,3 +116,13 @@
       changed_when: false
       register: authok
       failed_when: authok.stdout.find('hello') == -1
+    - name: -- VERIFY AUTH BASIC FAIL GLOBAL --
+      command: "curl -u fail:fail -H 'Host: test-htpasswd-all.local' http://127.0.0.1/"
+      changed_when: false
+      register: authgfail
+      failed_when: authgfail.stdout.find('401 Authorization Required') == -1
+    - name: -- VERIFY AUTH BASIC OK --
+      command: "curl -u hanx:qwerty -H 'Host: test-htpasswd-all.local' http://127.0.0.1/"
+      changed_when: false
+      register: authgok
+      failed_when: authgok.stdout.find('401 Authorization Required') != -1