gecko/netwerk/test/unit/test_auth_proxy.js

400 lines
12 KiB
JavaScript

/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/**
* This tests the automatic login to the proxy with password,
* if the password is stored and the browser is restarted.
*
* <copied from="test_authentication.js"/>
*/
Cu.import("resource://testing-common/httpd.js");
Cu.import("resource://gre/modules/NetUtil.jsm");
const FLAG_RETURN_FALSE = 1 << 0;
const FLAG_WRONG_PASSWORD = 1 << 1;
const FLAG_PREVIOUS_FAILED = 1 << 2;
function AuthPrompt2(proxyFlags, hostFlags) {
this.proxyCred.flags = proxyFlags;
this.hostCred.flags = hostFlags;
}
AuthPrompt2.prototype = {
proxyCred : { user: "proxy", pass: "guest",
realmExpected: "intern", flags : 0 },
hostCred : { user: "host", pass: "guest",
realmExpected: "extern", flags : 0 },
QueryInterface: function authprompt2_qi(iid) {
if (iid.equals(Ci.nsISupports) ||
iid.equals(Ci.nsIAuthPrompt2))
return this;
throw Cr.NS_ERROR_NO_INTERFACE;
},
promptAuth:
function ap2_promptAuth(channel, encryptionLevel, authInfo)
{
try {
// never HOST and PROXY set at the same time in prompt
do_check_eq((authInfo.flags & Ci.nsIAuthInformation.AUTH_HOST) != 0,
(authInfo.flags & Ci.nsIAuthInformation.AUTH_PROXY) == 0);
var isProxy = (authInfo.flags & Ci.nsIAuthInformation.AUTH_PROXY) != 0;
var cred = isProxy ? this.proxyCred : this.hostCred;
dump("with flags: " +
((cred.flags & FLAG_WRONG_PASSWORD) !=0 ? "wrong password" : "")+" "+
((cred.flags & FLAG_PREVIOUS_FAILED) !=0 ? "previous failed" : "")+" "+
((cred.flags & FLAG_RETURN_FALSE) !=0 ? "return false" : "") + "\n");
// PROXY properly set by necko (checked using realm)
do_check_eq(cred.realmExpected, authInfo.realm);
// PREVIOUS_FAILED properly set by necko
do_check_eq((cred.flags & FLAG_PREVIOUS_FAILED) != 0,
(authInfo.flags & Ci.nsIAuthInformation.PREVIOUS_FAILED) != 0);
if (cred.flags & FLAG_RETURN_FALSE)
{
cred.flags |= FLAG_PREVIOUS_FAILED;
cred.flags &= ~FLAG_RETURN_FALSE;
return false;
}
authInfo.username = cred.user;
if (cred.flags & FLAG_WRONG_PASSWORD) {
authInfo.password = cred.pass + ".wrong";
cred.flags |= FLAG_PREVIOUS_FAILED;
// Now clear the flag to avoid an infinite loop
cred.flags &= ~FLAG_WRONG_PASSWORD;
} else {
authInfo.password = cred.pass;
cred.flags &= ~FLAG_PREVIOUS_FAILED;
}
return true;
} catch (e) { do_throw(e); }
},
asyncPromptAuth:
function ap2_async(channel, callback, context, encryptionLevel, authInfo)
{
try {
var me = this;
var allOverAndDead = false;
do_execute_soon(function() {
try {
if (allOverAndDead)
throw "already canceled";
var ret = me.promptAuth(channel, encryptionLevel, authInfo);
if (!ret)
callback.onAuthCancelled(context, true);
else
callback.onAuthAvailable(context, authInfo);
allOverAndDead = true;
} catch (e) { do_throw(e); }
});
return new Cancelable(function() {
if (allOverAndDead)
throw "can't cancel, already ran";
callback.onAuthAvailable(context, authInfo);
allOverAndDead = true;
});
} catch (e) { do_throw(e); }
}
};
function Cancelable(onCancelFunc) {
this.onCancelFunc = onCancelFunc;
}
Cancelable.prototype = {
QueryInterface: function cancelable_qi(iid) {
if (iid.equals(Ci.nsISupports) ||
iid.equals(Ci.nsICancelable))
return this;
throw Cr.NS_ERROR_NO_INTERFACE;
},
cancel: function cancel() {
try {
this.onCancelFunc();
} catch (e) { do_throw(e); }
}
};
function Requestor(proxyFlags, hostFlags) {
this.proxyFlags = proxyFlags;
this.hostFlags = hostFlags;
}
Requestor.prototype = {
QueryInterface: function requestor_qi(iid) {
if (iid.equals(Ci.nsISupports) ||
iid.equals(Ci.nsIInterfaceRequestor))
return this;
throw Cr.NS_ERROR_NO_INTERFACE;
},
getInterface: function requestor_gi(iid) {
if (iid.equals(Ci.nsIAuthPrompt)) {
dump("authprompt1 not implemented\n");
throw Cr.NS_ERROR_NO_INTERFACE;
}
if (iid.equals(Ci.nsIAuthPrompt2)) {
try {
// Allow the prompt to store state by caching it here
if (!this.prompt2)
this.prompt2 = new AuthPrompt2(this.proxyFlags, this.hostFlags);
return this.prompt2;
} catch (e) { do_throw(e); }
}
throw Cr.NS_ERROR_NO_INTERFACE;
},
prompt2: null
};
var listener = {
expectedCode: -1, // uninitialized
onStartRequest: function test_onStartR(request, ctx) {
try {
// Proxy auth cancellation return failures to avoid spoofing
if (!Components.isSuccessCode(request.status) &&
(this.expectedCode != 407))
do_throw("Channel should have a success code!");
if (!(request instanceof Ci.nsIHttpChannel))
do_throw("Expecting an HTTP channel");
do_check_eq(this.expectedCode, request.responseStatus);
// If we expect 200, the request should have succeeded
do_check_eq(this.expectedCode == 200, request.requestSucceeded);
var cookie = "";
try {
cookie = request.getRequestHeader("Cookie");
} catch (e) { }
do_check_eq(cookie, "");
} catch (e) {
do_throw("Unexpected exception: " + e);
}
throw Cr.NS_ERROR_ABORT;
},
onDataAvailable: function test_ODA() {
do_throw("Should not get any data!");
},
onStopRequest: function test_onStopR(request, ctx, status) {
do_check_eq(status, Cr.NS_ERROR_ABORT);
if (current_test < (tests.length - 1)) {
// First, need to clear the auth cache
Cc["@mozilla.org/network/http-auth-manager;1"]
.getService(Ci.nsIHttpAuthManager)
.clearAll();
current_test++;
tests[current_test]();
} else {
do_test_pending();
httpserv.stop(do_test_finished);
}
do_test_finished();
}
};
function makeChan(url) {
if (!url)
url = "http://somesite/";
return NetUtil.newChannel({uri: url, loadUsingSystemPrincipal: true})
.QueryInterface(Ci.nsIHttpChannel);
}
var current_test = 0;
var httpserv = null;
function run_test() {
httpserv = new HttpServer();
httpserv.registerPathHandler("/", proxyAuthHandler);
httpserv.identity.add("http", "somesite", 80);
httpserv.start(-1);
const prefs = Cc["@mozilla.org/preferences-service;1"]
.getService(Ci.nsIPrefBranch);
prefs.setCharPref("network.proxy.http", "localhost");
prefs.setIntPref("network.proxy.http_port", httpserv.identity.primaryPort);
prefs.setCharPref("network.proxy.no_proxies_on", "");
prefs.setIntPref("network.proxy.type", 1);
// Turn off the authentication dialog blocking for this test.
prefs.setIntPref("network.auth.subresource-http-auth-allow", 2);
tests[current_test]();
}
function test_proxy_returnfalse() {
dump("\ntest: proxy returnfalse\n");
var chan = makeChan();
chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 0);
listener.expectedCode = 407; // Proxy Unauthorized
chan.asyncOpen2(listener);
do_test_pending();
}
function test_proxy_wrongpw() {
dump("\ntest: proxy wrongpw\n");
var chan = makeChan();
chan.notificationCallbacks = new Requestor(FLAG_WRONG_PASSWORD, 0);
listener.expectedCode = 200; // Eventually OK
chan.asyncOpen2(listener);
do_test_pending();
}
function test_all_ok() {
dump("\ntest: all ok\n");
var chan = makeChan();
chan.notificationCallbacks = new Requestor(0, 0);
listener.expectedCode = 200; // OK
chan.asyncOpen2(listener);
do_test_pending();
}
function test_proxy_407_cookie() {
var chan = makeChan();
chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 0);
chan.setRequestHeader("X-Set-407-Cookie", "1", false);
listener.expectedCode = 407; // Proxy Unauthorized
chan.asyncOpen2(listener);
do_test_pending();
}
function test_proxy_200_cookie() {
var chan = makeChan();
chan.notificationCallbacks = new Requestor(0, 0);
chan.setRequestHeader("X-Set-407-Cookie", "1", false);
listener.expectedCode = 200; // OK
chan.asyncOpen2(listener);
do_test_pending();
}
function test_host_returnfalse() {
dump("\ntest: host returnfalse\n");
var chan = makeChan();
chan.notificationCallbacks = new Requestor(0, FLAG_RETURN_FALSE);
listener.expectedCode = 401; // Host Unauthorized
chan.asyncOpen2(listener);
do_test_pending();
}
function test_host_wrongpw() {
dump("\ntest: host wrongpw\n");
var chan = makeChan();
chan.notificationCallbacks = new Requestor(0, FLAG_WRONG_PASSWORD);
listener.expectedCode = 200; // Eventually OK
chan.asyncOpen2(listener);
do_test_pending();
}
function test_proxy_wrongpw_host_wrongpw() {
dump("\ntest: proxy wrongpw, host wrongpw\n");
var chan = makeChan();
chan.notificationCallbacks =
new Requestor(FLAG_WRONG_PASSWORD, FLAG_WRONG_PASSWORD);
listener.expectedCode = 200; // OK
chan.asyncOpen2(listener);
do_test_pending();
}
function test_proxy_wrongpw_host_returnfalse() {
dump("\ntest: proxy wrongpw, host return false\n");
var chan = makeChan();
chan.notificationCallbacks =
new Requestor(FLAG_WRONG_PASSWORD, FLAG_RETURN_FALSE);
listener.expectedCode = 401; // Host Unauthorized
chan.asyncOpen2(listener);
do_test_pending();
}
var tests = [test_proxy_returnfalse, test_proxy_wrongpw, test_all_ok,
test_proxy_407_cookie, test_proxy_200_cookie,
test_host_returnfalse, test_host_wrongpw,
test_proxy_wrongpw_host_wrongpw, test_proxy_wrongpw_host_returnfalse];
// PATH HANDLERS
// Proxy
function proxyAuthHandler(metadata, response) {
try {
var realm = "intern";
// btoa("proxy:guest"), but that function is not available here
var expectedHeader = "Basic cHJveHk6Z3Vlc3Q=";
var body;
if (metadata.hasHeader("Proxy-Authorization") &&
metadata.getHeader("Proxy-Authorization") == expectedHeader)
{
dump("proxy password ok\n");
response.setHeader("Proxy-Authenticate",
'Basic realm="' + realm + '"', false);
hostAuthHandler(metadata, response);
}
else
{
dump("proxy password required\n");
response.setStatusLine(metadata.httpVersion, 407,
"Unauthorized by HTTP proxy");
response.setHeader("Proxy-Authenticate",
'Basic realm="' + realm + '"', false);
if (metadata.hasHeader("X-Set-407-Cookie")) {
response.setHeader("Set-Cookie", "chewy", false);
}
body = "failed";
response.bodyOutputStream.write(body, body.length);
}
} catch (e) { do_throw(e); }
}
// Host /auth
function hostAuthHandler(metadata, response) {
try {
var realm = "extern";
// btoa("host:guest"), but that function is not available here
var expectedHeader = "Basic aG9zdDpndWVzdA==";
var body;
if (metadata.hasHeader("Authorization") &&
metadata.getHeader("Authorization") == expectedHeader)
{
dump("host password ok\n");
response.setStatusLine(metadata.httpVersion, 200,
"OK, authorized for host");
response.setHeader("WWW-Authenticate",
'Basic realm="' + realm + '"', false);
body = "success";
}
else
{
dump("host password required\n");
response.setStatusLine(metadata.httpVersion, 401,
"Unauthorized by HTTP server host");
response.setHeader("WWW-Authenticate",
'Basic realm="' + realm + '"', false);
body = "failed";
}
response.bodyOutputStream.write(body, body.length);
} catch (e) { do_throw(e); }
}