1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/netwerk/test/unit/test_auth_proxy.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,369 @@
1.4 +/* -*- Mode: Java; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
1.5 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.6 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.7 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.8 +
1.9 +/**
1.10 + * This tests the automatic login to the proxy with password,
1.11 + * if the password is stored and the browser is restarted.
1.12 + *
1.13 + * <copied from="test_authentication.js"/>
1.14 + */
1.15 +
1.16 +Cu.import("resource://testing-common/httpd.js");
1.17 +
1.18 +const FLAG_RETURN_FALSE = 1 << 0;
1.19 +const FLAG_WRONG_PASSWORD = 1 << 1;
1.20 +const FLAG_PREVIOUS_FAILED = 1 << 2;
1.21 +
1.22 +function AuthPrompt2(proxyFlags, hostFlags) {
1.23 + this.proxyCred.flags = proxyFlags;
1.24 + this.hostCred.flags = hostFlags;
1.25 +}
1.26 +AuthPrompt2.prototype = {
1.27 + proxyCred : { user: "proxy", pass: "guest",
1.28 + realmExpected: "intern", flags : 0 },
1.29 + hostCred : { user: "host", pass: "guest",
1.30 + realmExpected: "extern", flags : 0 },
1.31 +
1.32 + QueryInterface: function authprompt2_qi(iid) {
1.33 + if (iid.equals(Ci.nsISupports) ||
1.34 + iid.equals(Ci.nsIAuthPrompt2))
1.35 + return this;
1.36 + throw Cr.NS_ERROR_NO_INTERFACE;
1.37 + },
1.38 +
1.39 + promptAuth:
1.40 + function ap2_promptAuth(channel, encryptionLevel, authInfo)
1.41 + {
1.42 + try {
1.43 +
1.44 + // never HOST and PROXY set at the same time in prompt
1.45 + do_check_eq((authInfo.flags & Ci.nsIAuthInformation.AUTH_HOST) != 0,
1.46 + (authInfo.flags & Ci.nsIAuthInformation.AUTH_PROXY) == 0);
1.47 +
1.48 + var isProxy = (authInfo.flags & Ci.nsIAuthInformation.AUTH_PROXY) != 0;
1.49 + var cred = isProxy ? this.proxyCred : this.hostCred;
1.50 +
1.51 + dump("with flags: " +
1.52 + ((cred.flags & FLAG_WRONG_PASSWORD) !=0 ? "wrong password" : "")+" "+
1.53 + ((cred.flags & FLAG_PREVIOUS_FAILED) !=0 ? "previous failed" : "")+" "+
1.54 + ((cred.flags & FLAG_RETURN_FALSE) !=0 ? "return false" : "") + "\n");
1.55 +
1.56 + // PROXY properly set by necko (checked using realm)
1.57 + do_check_eq(cred.realmExpected, authInfo.realm);
1.58 +
1.59 + // PREVIOUS_FAILED properly set by necko
1.60 + do_check_eq((cred.flags & FLAG_PREVIOUS_FAILED) != 0,
1.61 + (authInfo.flags & Ci.nsIAuthInformation.PREVIOUS_FAILED) != 0);
1.62 +
1.63 + if (cred.flags & FLAG_RETURN_FALSE)
1.64 + {
1.65 + cred.flags |= FLAG_PREVIOUS_FAILED;
1.66 + cred.flags &= ~FLAG_RETURN_FALSE;
1.67 + return false;
1.68 + }
1.69 +
1.70 + authInfo.username = cred.user;
1.71 + if (cred.flags & FLAG_WRONG_PASSWORD) {
1.72 + authInfo.password = cred.pass + ".wrong";
1.73 + cred.flags |= FLAG_PREVIOUS_FAILED;
1.74 + // Now clear the flag to avoid an infinite loop
1.75 + cred.flags &= ~FLAG_WRONG_PASSWORD;
1.76 + } else {
1.77 + authInfo.password = cred.pass;
1.78 + cred.flags &= ~FLAG_PREVIOUS_FAILED;
1.79 + }
1.80 + return true;
1.81 +
1.82 + } catch (e) { do_throw(e); }
1.83 + },
1.84 +
1.85 + asyncPromptAuth:
1.86 + function ap2_async(channel, callback, context, encryptionLevel, authInfo)
1.87 + {
1.88 + try {
1.89 + var me = this;
1.90 + var allOverAndDead = false;
1.91 + do_execute_soon(function() {
1.92 + try {
1.93 + if (allOverAndDead)
1.94 + throw "already canceled";
1.95 + var ret = me.promptAuth(channel, encryptionLevel, authInfo);
1.96 + if (!ret)
1.97 + callback.onAuthCancelled(context, true);
1.98 + else
1.99 + callback.onAuthAvailable(context, authInfo);
1.100 + allOverAndDead = true;
1.101 + } catch (e) { do_throw(e); }
1.102 + });
1.103 + return new Cancelable(function() {
1.104 + if (allOverAndDead)
1.105 + throw "can't cancel, already ran";
1.106 + callback.onAuthAvailable(context, authInfo);
1.107 + allOverAndDead = true;
1.108 + });
1.109 + } catch (e) { do_throw(e); }
1.110 + }
1.111 +};
1.112 +
1.113 +function Cancelable(onCancelFunc) {
1.114 + this.onCancelFunc = onCancelFunc;
1.115 +}
1.116 +Cancelable.prototype = {
1.117 + QueryInterface: function cancelable_qi(iid) {
1.118 + if (iid.equals(Ci.nsISupports) ||
1.119 + iid.equals(Ci.nsICancelable))
1.120 + return this;
1.121 + throw Cr.NS_ERROR_NO_INTERFACE;
1.122 + },
1.123 + cancel: function cancel() {
1.124 + try {
1.125 + this.onCancelFunc();
1.126 + } catch (e) { do_throw(e); }
1.127 + }
1.128 +};
1.129 +
1.130 +function Requestor(proxyFlags, hostFlags) {
1.131 + this.proxyFlags = proxyFlags;
1.132 + this.hostFlags = hostFlags;
1.133 +}
1.134 +Requestor.prototype = {
1.135 + QueryInterface: function requestor_qi(iid) {
1.136 + if (iid.equals(Ci.nsISupports) ||
1.137 + iid.equals(Ci.nsIInterfaceRequestor))
1.138 + return this;
1.139 + throw Cr.NS_ERROR_NO_INTERFACE;
1.140 + },
1.141 +
1.142 + getInterface: function requestor_gi(iid) {
1.143 + if (iid.equals(Ci.nsIAuthPrompt)) {
1.144 + dump("authprompt1 not implemented\n");
1.145 + throw Cr.NS_ERROR_NO_INTERFACE;
1.146 + }
1.147 + if (iid.equals(Ci.nsIAuthPrompt2)) {
1.148 + try {
1.149 + // Allow the prompt to store state by caching it here
1.150 + if (!this.prompt2)
1.151 + this.prompt2 = new AuthPrompt2(this.proxyFlags, this.hostFlags);
1.152 + return this.prompt2;
1.153 + } catch (e) { do_throw(e); }
1.154 + }
1.155 + throw Cr.NS_ERROR_NO_INTERFACE;
1.156 + },
1.157 +
1.158 + prompt2: null
1.159 +};
1.160 +
1.161 +var listener = {
1.162 + expectedCode: -1, // uninitialized
1.163 +
1.164 + onStartRequest: function test_onStartR(request, ctx) {
1.165 + try {
1.166 + // Proxy auth cancellation return failures to avoid spoofing
1.167 + if (!Components.isSuccessCode(request.status) &&
1.168 + (this.expectedCode != 407))
1.169 + do_throw("Channel should have a success code!");
1.170 +
1.171 + if (!(request instanceof Ci.nsIHttpChannel))
1.172 + do_throw("Expecting an HTTP channel");
1.173 +
1.174 + do_check_eq(this.expectedCode, request.responseStatus);
1.175 + // If we expect 200, the request should have succeeded
1.176 + do_check_eq(this.expectedCode == 200, request.requestSucceeded);
1.177 +
1.178 + } catch (e) {
1.179 + do_throw("Unexpected exception: " + e);
1.180 + }
1.181 +
1.182 + throw Cr.NS_ERROR_ABORT;
1.183 + },
1.184 +
1.185 + onDataAvailable: function test_ODA() {
1.186 + do_throw("Should not get any data!");
1.187 + },
1.188 +
1.189 + onStopRequest: function test_onStopR(request, ctx, status) {
1.190 + do_check_eq(status, Cr.NS_ERROR_ABORT);
1.191 +
1.192 + if (current_test < (tests.length - 1)) {
1.193 + // First, need to clear the auth cache
1.194 + Cc["@mozilla.org/network/http-auth-manager;1"]
1.195 + .getService(Ci.nsIHttpAuthManager)
1.196 + .clearAll();
1.197 +
1.198 + current_test++;
1.199 + tests[current_test]();
1.200 + } else {
1.201 + do_test_pending();
1.202 + httpserv.stop(do_test_finished);
1.203 + }
1.204 +
1.205 + do_test_finished();
1.206 + }
1.207 +};
1.208 +
1.209 +function makeChan(url) {
1.210 + if (!url)
1.211 + url = "http://somesite/";
1.212 + var ios = Cc["@mozilla.org/network/io-service;1"]
1.213 + .getService(Ci.nsIIOService);
1.214 + var chan = ios.newChannel(url, null, null)
1.215 + .QueryInterface(Ci.nsIHttpChannel);
1.216 +
1.217 + return chan;
1.218 +}
1.219 +
1.220 +var current_test = 0;
1.221 +var httpserv = null;
1.222 +
1.223 +function run_test() {
1.224 + httpserv = new HttpServer();
1.225 + httpserv.registerPathHandler("/", proxyAuthHandler);
1.226 + httpserv.identity.add("http", "somesite", 80);
1.227 + httpserv.start(-1);
1.228 +
1.229 + const prefs = Cc["@mozilla.org/preferences-service;1"]
1.230 + .getService(Ci.nsIPrefBranch);
1.231 + prefs.setCharPref("network.proxy.http", "localhost");
1.232 + prefs.setIntPref("network.proxy.http_port", httpserv.identity.primaryPort);
1.233 + prefs.setCharPref("network.proxy.no_proxies_on", "");
1.234 + prefs.setIntPref("network.proxy.type", 1);
1.235 +
1.236 + tests[current_test]();
1.237 +}
1.238 +
1.239 +function test_proxy_returnfalse() {
1.240 + dump("\ntest: proxy returnfalse\n");
1.241 + var chan = makeChan();
1.242 + chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 0);
1.243 + listener.expectedCode = 407; // Proxy Unauthorized
1.244 + chan.asyncOpen(listener, null);
1.245 +
1.246 + do_test_pending();
1.247 +}
1.248 +
1.249 +function test_proxy_wrongpw() {
1.250 + dump("\ntest: proxy wrongpw\n");
1.251 + var chan = makeChan();
1.252 + chan.notificationCallbacks = new Requestor(FLAG_WRONG_PASSWORD, 0);
1.253 + listener.expectedCode = 200; // Eventually OK
1.254 + chan.asyncOpen(listener, null);
1.255 + do_test_pending();
1.256 +}
1.257 +
1.258 +function test_all_ok() {
1.259 + dump("\ntest: all ok\n");
1.260 + var chan = makeChan();
1.261 + chan.notificationCallbacks = new Requestor(0, 0);
1.262 + listener.expectedCode = 200; // OK
1.263 + chan.asyncOpen(listener, null);
1.264 + do_test_pending();
1.265 +}
1.266 +
1.267 +function test_host_returnfalse() {
1.268 + dump("\ntest: host returnfalse\n");
1.269 + var chan = makeChan();
1.270 + chan.notificationCallbacks = new Requestor(0, FLAG_RETURN_FALSE);
1.271 + listener.expectedCode = 401; // Host Unauthorized
1.272 + chan.asyncOpen(listener, null);
1.273 +
1.274 + do_test_pending();
1.275 +}
1.276 +
1.277 +function test_host_wrongpw() {
1.278 + dump("\ntest: host wrongpw\n");
1.279 + var chan = makeChan();
1.280 + chan.notificationCallbacks = new Requestor(0, FLAG_WRONG_PASSWORD);
1.281 + listener.expectedCode = 200; // Eventually OK
1.282 + chan.asyncOpen(listener, null);
1.283 + do_test_pending();
1.284 +}
1.285 +
1.286 +function test_proxy_wrongpw_host_wrongpw() {
1.287 + dump("\ntest: proxy wrongpw, host wrongpw\n");
1.288 + var chan = makeChan();
1.289 + chan.notificationCallbacks =
1.290 + new Requestor(FLAG_WRONG_PASSWORD, FLAG_WRONG_PASSWORD);
1.291 + listener.expectedCode = 200; // OK
1.292 + chan.asyncOpen(listener, null);
1.293 + do_test_pending();
1.294 +}
1.295 +
1.296 +function test_proxy_wrongpw_host_returnfalse() {
1.297 + dump("\ntest: proxy wrongpw, host return false\n");
1.298 + var chan = makeChan();
1.299 + chan.notificationCallbacks =
1.300 + new Requestor(FLAG_WRONG_PASSWORD, FLAG_RETURN_FALSE);
1.301 + listener.expectedCode = 401; // Host Unauthorized
1.302 + chan.asyncOpen(listener, null);
1.303 + do_test_pending();
1.304 +}
1.305 +
1.306 +var tests = [test_proxy_returnfalse, test_proxy_wrongpw, test_all_ok,
1.307 + test_host_returnfalse, test_host_wrongpw,
1.308 + test_proxy_wrongpw_host_wrongpw, test_proxy_wrongpw_host_returnfalse];
1.309 +
1.310 +
1.311 +// PATH HANDLERS
1.312 +
1.313 +// Proxy
1.314 +function proxyAuthHandler(metadata, response) {
1.315 + try {
1.316 + var realm = "intern";
1.317 + // btoa("proxy:guest"), but that function is not available here
1.318 + var expectedHeader = "Basic cHJveHk6Z3Vlc3Q=";
1.319 +
1.320 + var body;
1.321 + if (metadata.hasHeader("Proxy-Authorization") &&
1.322 + metadata.getHeader("Proxy-Authorization") == expectedHeader)
1.323 + {
1.324 + dump("proxy password ok\n");
1.325 + response.setHeader("Proxy-Authenticate",
1.326 + 'Basic realm="' + realm + '"', false);
1.327 +
1.328 + hostAuthHandler(metadata, response);
1.329 + }
1.330 + else
1.331 + {
1.332 + dump("proxy password required\n");
1.333 + response.setStatusLine(metadata.httpVersion, 407,
1.334 + "Unauthorized by HTTP proxy");
1.335 + response.setHeader("Proxy-Authenticate",
1.336 + 'Basic realm="' + realm + '"', false);
1.337 + body = "failed";
1.338 + response.bodyOutputStream.write(body, body.length);
1.339 + }
1.340 + } catch (e) { do_throw(e); }
1.341 +}
1.342 +
1.343 +// Host /auth
1.344 +function hostAuthHandler(metadata, response) {
1.345 + try {
1.346 + var realm = "extern";
1.347 + // btoa("host:guest"), but that function is not available here
1.348 + var expectedHeader = "Basic aG9zdDpndWVzdA==";
1.349 +
1.350 + var body;
1.351 + if (metadata.hasHeader("Authorization") &&
1.352 + metadata.getHeader("Authorization") == expectedHeader)
1.353 + {
1.354 + dump("host password ok\n");
1.355 + response.setStatusLine(metadata.httpVersion, 200,
1.356 + "OK, authorized for host");
1.357 + response.setHeader("WWW-Authenticate",
1.358 + 'Basic realm="' + realm + '"', false);
1.359 + body = "success";
1.360 + }
1.361 + else
1.362 + {
1.363 + dump("host password required\n");
1.364 + response.setStatusLine(metadata.httpVersion, 401,
1.365 + "Unauthorized by HTTP server host");
1.366 + response.setHeader("WWW-Authenticate",
1.367 + 'Basic realm="' + realm + '"', false);
1.368 + body = "failed";
1.369 + }
1.370 + response.bodyOutputStream.write(body, body.length);
1.371 + } catch (e) { do_throw(e); }
1.372 +}
