3 files changed, 60 insertions, 2 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 9734566..f014b99 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1744,7 +1744,7 @@ dependencies = [
 [[package]]
 name = "rstest"
 version = "0.2.2"
-source = "git+https://github.com/la10736/rstest.git#9f2ac13853e876ffef76f49443e7f2eca17cba92"
+source = "git+https://github.com/la10736/rstest.git#833bca6718f929992c57170a98f256cec3ac2036"
 dependencies = [
  "cfg-if 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
  "proc-macro2 0.4.29 (registry+https://github.com/rust-lang/crates.io-index)",
diff --git a/src/args.rs b/src/args.rs
index 63799a0..a67583a 100644
--- a/src/args.rs
+++ b/src/args.rs
@@ -40,6 +40,7 @@ struct CLIArgs {
 
     /// Set authentication. Currently supported formats:
     /// username:password, username:sha256:hash, username:sha512:hash
+    /// (e.g. joe:123, joe:sha256:a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3)
     #[structopt(short = "a", long = "auth", parse(try_from_str = "parse_auth"))]
     auth: Option<auth::RequiredAuth>,
 
diff --git a/tests/auth.rs b/tests/auth.rs
index 9882a39..0e5f9b7 100644
--- a/tests/auth.rs
+++ b/tests/auth.rs
@@ -25,7 +25,7 @@ use reqwest::StatusCode;
         "testpassword"
     ),
 )]
-fn auth_works(
+fn auth_accepts(
     tmpdir: TempDir,
     port: u16,
     cli_auth_arg: &str,
@@ -62,3 +62,60 @@ fn auth_works(
 
     Ok(())
 }
+
+#[rstest_parametrize(
+    cli_auth_arg, client_username, client_password,
+    case("rightuser:rightpassword", "wronguser", "rightpassword"),
+    case(
+        "rightuser:sha256:314eee236177a721d0e58d3ca4ff01795cdcad1e8478ba8183a2e58d69c648c0",
+        "wronguser",
+        "rightpassword"
+    ),
+    case(
+        "rightuser:sha512:84ec4056571afeec9f5b59453305877e9a66c3f9a1d91733fde759b370c1d540b9dc58bfc88c5980ad2d020c3a8ee84f21314a180856f5a82ba29ecba29e2cab",
+        "wronguser",
+        "rightpassword"
+    ),
+    case("rightuser:rightpassword", "rightuser", "wrongpassword"),
+    case(
+        "rightuser:sha256:314eee236177a721d0e58d3ca4ff01795cdcad1e8478ba8183a2e58d69c648c0",
+        "rightuser",
+        "wrongpassword"
+    ),
+    case(
+        "rightuser:sha512:84ec4056571afeec9f5b59453305877e9a66c3f9a1d91733fde759b370c1d540b9dc58bfc88c5980ad2d020c3a8ee84f21314a180856f5a82ba29ecba29e2cab",
+        "rightuser",
+        "wrongpassword"
+    ),
+)]
+fn auth_rejects(
+    tmpdir: TempDir,
+    port: u16,
+    cli_auth_arg: &str,
+    client_username: &str,
+    client_password: &str,
+) -> Result<(), Error> {
+    let mut child = Command::cargo_bin("miniserve")?
+        .arg(tmpdir.path())
+        .arg("-p")
+        .arg(port.to_string())
+        .arg("-a")
+        .arg(cli_auth_arg)
+        .stdout(Stdio::null())
+        .spawn()?;
+
+    sleep(Duration::from_secs(1));
+
+    let client = reqwest::Client::new();
+    let status = client
+        .get(format!("http://localhost:{}", port).as_str())
+        .basic_auth(client_username, Some(client_password))
+        .send()?
+        .status();
+
+    assert_eq!(status, StatusCode::UNAUTHORIZED);
+
+    child.kill()?;
+
+    Ok(())
+}