Bug 623836: part 1: use lowercase headers where we're supposed to. r=philiKON

services/sync/modules/resource.js

@@ -71,7 +71,7 @@ function BrokenBasicAuthenticator(identity) {
 }
 BrokenBasicAuthenticator.prototype = {
   onRequest: function BasicAuth_onRequest(headers) {
-    headers['Authorization'] = 'Basic ' +
+    headers['authorization'] = 'Basic ' +
       btoa(this._id.username + ':' + this._id.password);
     return headers;
   }
@@ -82,7 +82,7 @@ function BasicAuthenticator(identity) {
 }
 BasicAuthenticator.prototype = {
   onRequest: function onRequest(headers) {
-    headers['Authorization'] = 'Basic ' +
+    headers['authorization'] = 'Basic ' +
       btoa(this._id.username + ':' + this._id.passwordUTF8);
     return headers;
   }
@@ -227,7 +227,7 @@ AsyncResource.prototype = {
     // Avoid calling the authorizer more than once.
     let headers = this.headers;
     for (let key in headers) {
-      if (key == 'Authorization')
+      if (key == 'authorization')
         this._log.trace("HTTP Header " + key + ": ***** (suppressed)");
       else
         this._log.trace("HTTP Header " + key + ": " + headers[key]);

services/sync/tests/unit/test_resource.js

@@ -221,6 +221,23 @@ function run_test() {
   let did401 = false;
   Observers.add("weave:resource:status:401", function() did401 = true);
 
+  _("Test that the BasicAuthenticator doesn't screw up header case.");
+  let res1 = new Resource("http://localhost:8080/foo");
+  res1.setHeader("Authorization", "Basic foobar");
+  res1.authenticator = new NoOpAuthenticator();
+  do_check_eq(res1._headers["authorization"], "Basic foobar");
+  do_check_eq(res1.headers["authorization"], "Basic foobar");
+  let id = new Identity("secret", "guest", "guest");
+  res1.authenticator = new BasicAuthenticator(id);
+
+  // In other words... it correctly overwrites our downcased version
+  // when accessed through .headers.
+  do_check_eq(res1._headers["authorization"], "Basic foobar");
+  do_check_eq(res1.headers["authorization"], "Basic Z3Vlc3Q6Z3Vlc3Q=");
+  do_check_eq(res1._headers["authorization"], "Basic Z3Vlc3Q6Z3Vlc3Q=");
+  do_check_true(!res1._headers["Authorization"]);
+  do_check_true(!res1.headers["Authorization"]);
+
   _("GET a password protected resource (test that it'll fail w/o pass, no throw)");
   let res2 = new Resource("http://localhost:8080/protected");
   content = res2.get();

services/sync/tests/unit/test_resource_async.js

@@ -206,6 +206,26 @@ function run_test() {
       next();
     }));
 
+  }, function (next) {
+
+    _("Test that the BasicAuthenticator doesn't screw up header case.");
+    let res1 = new AsyncResource("http://localhost:8080/foo");
+    res1.setHeader("Authorization", "Basic foobar");
+    res1.authenticator = new NoOpAuthenticator();
+    do_check_eq(res1._headers["authorization"], "Basic foobar");
+    do_check_eq(res1.headers["authorization"], "Basic foobar");
+    let id = new Identity("secret", "guest", "guest");
+    res1.authenticator = new BasicAuthenticator(id);
+
+    // In other words... it correctly overwrites our downcased version
+    // when accessed through .headers.
+    do_check_eq(res1._headers["authorization"], "Basic foobar");
+    do_check_eq(res1.headers["authorization"], "Basic Z3Vlc3Q6Z3Vlc3Q=");
+    do_check_eq(res1._headers["authorization"], "Basic Z3Vlc3Q6Z3Vlc3Q=");
+    do_check_true(!res1._headers["Authorization"]);
+    do_check_true(!res1.headers["Authorization"]);
+    next();
+
   }, function (next) {
 
     _("GET a password protected resource (test that it'll fail w/o pass, no throw)");