Add more tests for HTTP authentication prompting.

2008-03-17 04:54:16 +00:00 · 2008-03-17 04:54:16 +00:00 · 7db7faae3d
--- a/toolkit/components/passwordmgr/test/Makefile.in
+++ b/toolkit/components/passwordmgr/test/Makefile.in
@ -46,9 +46,8 @@ include $(DEPTH)/config/autoconf.mk
 # Module name for xpcshell tests.
 MODULE		= test_passwordmgr

-# Test files for Mochitest
+# Mochitest tests
 MOCHI_TESTS = \
-		pwmgr_common.js \
 		test_0init.html \
 		test_basic_form.html \
 		test_basic_form_0pw.html \
@ -67,6 +66,11 @@ MOCHI_TESTS = \
 		test_zzz_finish.html \
 		$(NULL)

+MOCHI_CONTENT = \
+		pwmgr_common.js \
+		authenticate.sjs \
+		$(NULL)
+
 XPCSHELL_TESTS  = unit

 # This test doesn't pass because we can't ensure a cross-platform
@ -78,5 +82,5 @@ include $(topsrcdir)/config/rules.mk
 # Note: Invoke any additional (non-xpcshell) test programs here.
 check::

-libs:: $(MOCHI_TESTS)
+libs:: $(MOCHI_TESTS) $(MOCHI_CONTENT)
 	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)
--- a/toolkit/components/passwordmgr/test/authenticate.sjs
+++ b/toolkit/components/passwordmgr/test/authenticate.sjs
@ -0,0 +1,130 @@
+function handleRequest(request, response)
+{
+  try {
+    reallyHandleRequest(request, response);
+  } catch (e) {
+    response.setStatusLine("1.0", 200, "AlmostOK");
+    response.write("Error handling request: " + e);
+  }
+}
+
+
+function reallyHandleRequest(request, response) {
+  var match;
+  var requestAuth = true;
+
+  // Allow the caller to drive how authentication is processed via the query.
+  // Eg, http://localhost:8888/authenticate.sjs?user=foo&realm=bar
+  var query = request.queryString;
+
+  var expected_user = "", expected_pass = "", realm = "mochitest";
+  // user=xxx
+  match = /user=([^&]*)/.exec(query);
+  if (match)
+    expected_user = match[1];
+
+  // pass=xxx
+  match = /pass=([^&]*)/.exec(query);
+  if (match)
+    expected_pass = match[1];
+
+  // realm=xxx
+  match = /realm=([^&]*)/.exec(query);
+  if (match)
+    realm = match[1];
+
+
+  // Look for an authentication header, if any, in the request.
+  //
+  // EG: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+  // 
+  // This test only supports Basic auth. The value sent by the client is
+  // "username:password", obscured with base64 encoding.
+
+  var actual_user = "", actual_pass = "", authHeader;
+  if (request.hasHeader("Authorization")) {
+    authHeader = request.getHeader("Authorization");
+    match = /Basic (.+)/.exec(authHeader);
+    if (match.length != 2)
+        throw "Couldn't parse auth header: " + authHeader;
+
+    var userpass = base64ToString(match[1]); // no atob() :-(
+    match = /(.*):(.*)/.exec(userpass);
+    if (match.length != 3)
+        throw "Couldn't decode auth header: " + userpass;
+    actual_user = match[1];
+    actual_pass = match[2];
+  } 
+
+  // Don't request authentication if the credentials we got were what we
+  // expected.
+  if (expected_user == actual_user &&
+      expected_pass == actual_pass) {
+      requestAuth = false;
+  }
+
+  if (requestAuth) {
+    response.setStatusLine("1.0", 401, "Authentication required");
+    response.setHeader("WWW-Authenticate", "basic realm=\"" + realm + "\"", false);
+  } else {
+    response.setStatusLine("1.0", 200, "OK");
+  }
+
+  response.setHeader("Content-Type", "text/html", false);
+  response.write("Login: <span id='ok'>" + (requestAuth ? "FAIL" : "PASS") + "</span><br>\n");
+  response.write("Auth: <span id='auth'>" + authHeader + "</span><br>\n");
+  response.write("User: <span id='user'>" + actual_user + "</span><br>\n");
+  response.write("Pass: <span id='pass'>" + actual_pass + "</span><br>\n");
+}
+
+
+// base64 decoder
+//
+// Yoinked from extensions/xml-rpc/src/nsXmlRpcClient.js because btoa()
+// doesn't seem to exist. :-(
+/* Convert Base64 data to a string */
+const toBinaryTable = [
+    -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
+    -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
+    -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,62, -1,-1,-1,63,
+    52,53,54,55, 56,57,58,59, 60,61,-1,-1, -1, 0,-1,-1,
+    -1, 0, 1, 2,  3, 4, 5, 6,  7, 8, 9,10, 11,12,13,14,
+    15,16,17,18, 19,20,21,22, 23,24,25,-1, -1,-1,-1,-1,
+    -1,26,27,28, 29,30,31,32, 33,34,35,36, 37,38,39,40,
+    41,42,43,44, 45,46,47,48, 49,50,51,-1, -1,-1,-1,-1
+];
+const base64Pad = '=';
+
+function base64ToString(data) {
+
+    var result = '';
+    var leftbits = 0; // number of bits decoded, but yet to be appended
+    var leftdata = 0; // bits decoded, but yet to be appended
+
+    // Convert one by one.
+    for (var i = 0; i < data.length; i++) {
+        var c = toBinaryTable[data.charCodeAt(i) & 0x7f];
+        var padding = (data[i] == base64Pad);
+        // Skip illegal characters and whitespace
+        if (c == -1) continue;
+        
+        // Collect data into leftdata, update bitcount
+        leftdata = (leftdata << 6) | c;
+        leftbits += 6;
+
+        // If we have 8 or more bits, append 8 bits to the result
+        if (leftbits >= 8) {
+            leftbits -= 8;
+            // Append if not padding.
+            if (!padding)
+                result += String.fromCharCode((leftdata >> leftbits) & 0xff);
+            leftdata &= (1 << leftbits) - 1;
+        }
+    }
+
+    // If there are any bits left, the base64 string was corrupted
+    if (leftbits)
+        throw Components.Exception('Corrupted base64 string');
+
+    return result;
+}
--- a/toolkit/components/passwordmgr/test/test_prompt.html
+++ b/toolkit/components/passwordmgr/test/test_prompt.html
@ -12,6 +12,7 @@ Login Manager test: username/password prompts
 <p id="display"></p>

 <div id="content" style="display: none">
+  <iframe id="iframe"></iframe>
 </div>

 <pre id="test">
@ -19,7 +20,7 @@ Login Manager test: username/password prompts

 /** Test for Login Manager: username / password prompts. **/

-var pwmgr, login1, login2A, login2B;
+var pwmgr, login1, login2A, login2B, login3A, login3B;

 function initLogins() {
  pwmgr = Cc["@mozilla.org/login-manager;1"].
@ -31,6 +32,10 @@ function initLogins() {
            createInstance(Ci.nsILoginInfo);
  login2B = Cc["@mozilla.org/login-manager/loginInfo;1"].
            createInstance(Ci.nsILoginInfo);
+  login3A = Cc["@mozilla.org/login-manager/loginInfo;1"].
+            createInstance(Ci.nsILoginInfo);
+  login3B = Cc["@mozilla.org/login-manager/loginInfo;1"].
+            createInstance(Ci.nsILoginInfo);

  login1.init("http://example.com", null, "http://example.com",
              "", "examplepass", "", "");
@ -39,15 +44,27 @@ function initLogins() {
  login2B.init("http://example2.com", null, "http://example2.com",
               "user2name", "user2pass", "", "");

+  login3A.init("http://localhost:8888", null, "mochitest",
+               "mochiuser1", "mochipass1", "", "");
+  login3B.init("http://localhost:8888", null, "mochitest2",
+               "mochiuser2", "mochipass2", "", "");
+
  pwmgr.addLogin(login1);
  pwmgr.addLogin(login2A);
  pwmgr.addLogin(login2B);
+  pwmgr.addLogin(login3A);
+  pwmgr.addLogin(login3B);
 }

-function cleanupLogins() {
+function finishTest() {
+  ok(true, "finishTest removing testing logins...");
  pwmgr.removeLogin(login1);
  pwmgr.removeLogin(login2A);
  pwmgr.removeLogin(login2B);
+  pwmgr.removeLogin(login3A);
+  pwmgr.removeLogin(login3B);
+
+  SimpleTest.finish();
 }


@ -86,6 +103,7 @@ function getDialogDoc() {
 }


+var didDialog;
 function handleDialog(doc, testNum) {
  netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
  ok(true, "handleDialog running for test " + testNum);
@ -228,6 +246,16 @@ function handleDialog(doc, testNum) {
        passfield.setAttribute("value", "user2pass");
        break;

+    case 1000:
+        is(username, "mochiuser1", "Checking filled username");
+        is(password, "mochipass1", "Checking filled password");
+        break;
+
+    case 1001:
+        is(username, "mochiuser2", "Checking filled username");
+        is(password, "mochipass2", "Checking filled password");
+        break;
+
    default:
        ok(false, "Uhh, unhandled switch for testNum #" + testNum);
        break;
@ -239,6 +267,63 @@ function handleDialog(doc, testNum) {
    dialog.cancelDialog();

  ok(true, "handleDialog done");
+  didDialog = true;
+}
+
+
+function handleLoad() {
+  netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+  ok(true, "handleLoad running for test " + testNum);
+
+  if (testNum != 1002)
+    ok(didDialog, "handleDialog was invoked");
+
+  // The server echos back the user/pass it received.
+  var username = iframe.contentDocument.getElementById("user").textContent;
+  var password = iframe.contentDocument.getElementById("pass").textContent;
+  var authok = iframe.contentDocument.getElementById("ok").textContent;
+
+  switch(testNum) {
+    case 1000:
+        testNum++;
+        is(authok, "PASS", "Checking for successful authentication");
+        is(username, "mochiuser1", "Checking for echoed username");
+        is(password, "mochipass1", "Checking for echoed password");
+        startCallbackTimer();
+        // We've already authenticated to this host:port. For this next
+        // request, the existing auth should be sent, we'll get a 401 reply,
+        // and we should prompt for new auth.
+        iframe.src = "authenticate.sjs?user=mochiuser2&pass=mochipass2&realm=mochitest2";
+        break;
+
+    case 1001:
+        testNum++;
+        is(authok, "PASS", "Checking for successful authentication");
+        is(username, "mochiuser2", "Checking for echoed username");
+        is(password, "mochipass2", "Checking for echoed password");
+        // Now make a load that requests the realm from test 1000. It was
+        // already provided there, so auth will *not* be prompted for -- the
+        // networking layer already knows it!
+        didDialog = false; // [normally reset by startCallbackTimer()]
+        iframe.src = "authenticate.sjs?user=mochiuser1&pass=mochipass1";
+        break;
+
+
+    case 1002:
+        testNum++;
+        ok(!didDialog, "handleDialog was NOT invoked");
+        is(authok, "PASS", "Checking for successful authentication");
+        is(username, "mochiuser1", "Checking for echoed username");
+        is(password, "mochipass1", "Checking for echoed password");
+
+        finishTest();
+        break;
+
+    default:
+        ok(false, "Uhh, unhandled switch for testNum #" + testNum);
+        break;
+  }
+
 }


@ -263,6 +348,8 @@ ok(promptFac != null, "promptFac getService()");

 var timer; // keep in outer scope so it's not GC'd before firing
 function startCallbackTimer() {
+    didDialog = false;
+
    // Delay before the callback twiddles the prompt.
    const dialogDelay = 10;

@ -307,6 +394,8 @@ var authinfo = {
 };


+var iframe = document.getElementById("iframe");
+iframe.onload = handleLoad;

 var prompter1 = promptFac.getPrompt(window, Ci.nsIAuthPrompt);
 var prompter2 = promptFac.getPrompt(window, Ci.nsIAuthPrompt2);
@ -619,7 +708,14 @@ is(authinfo.password, "user2pass", "Checking returned password");
 // XXX check for checkbox / checkstate on old prompts?
 // XXX check NTLM domain stuff

-cleanupLogins();
+
+// ===== test 1000 =====
+testNum = 1000;
+startCallbackTimer();
+iframe.src = "authenticate.sjs?user=mochiuser1&pass=mochipass1";
+
+// ...remaining tests are drived by handleLoad()...
+SimpleTest.waitForExplicitFinish();
 </script>
 </pre>
 </body>