toolkit/components/passwordmgr/test/auth2/authenticate.sjs@129ffea94266
toolkit/components/passwordmgr/test/auth2/authenticate.sjs
Sat, 03 Jan 2015 20:18:00 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 03 Jan 2015 20:18:00 +0100
- branch
- TOR_BUG_3246
- changeset 7
- 129ffea94266
- permissions
- -rw-r--r--
Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.
1 function handleRequest(request, response)
2 {
3 try {
4 reallyHandleRequest(request, response);
5 } catch (e) {
6 response.setStatusLine("1.0", 200, "AlmostOK");
7 response.write("Error handling request: " + e);
8 }
9 }
12 function reallyHandleRequest(request, response) {
13 var match;
14 var requestAuth = true, requestProxyAuth = true;
16 // Allow the caller to drive how authentication is processed via the query.
17 // Eg, http://localhost:8888/authenticate.sjs?user=foo&realm=bar
18 // The extra ? allows the user/pass/realm checks to succeed if the name is
19 // at the beginning of the query string.
20 var query = "?" + request.queryString;
22 var expected_user = "", expected_pass = "", realm = "mochitest";
23 var proxy_expected_user = "", proxy_expected_pass = "", proxy_realm = "mochi-proxy";
24 var huge = false, plugin = false, anonymous = false;
25 var authHeaderCount = 1;
26 // user=xxx
27 match = /[^_]user=([^&]*)/.exec(query);
28 if (match)
29 expected_user = match[1];
31 // pass=xxx
32 match = /[^_]pass=([^&]*)/.exec(query);
33 if (match)
34 expected_pass = match[1];
36 // realm=xxx
37 match = /[^_]realm=([^&]*)/.exec(query);
38 if (match)
39 realm = match[1];
41 // proxy_user=xxx
42 match = /proxy_user=([^&]*)/.exec(query);
43 if (match)
44 proxy_expected_user = match[1];
46 // proxy_pass=xxx
47 match = /proxy_pass=([^&]*)/.exec(query);
48 if (match)
49 proxy_expected_pass = match[1];
51 // proxy_realm=xxx
52 match = /proxy_realm=([^&]*)/.exec(query);
53 if (match)
54 proxy_realm = match[1];
56 // huge=1
57 match = /huge=1/.exec(query);
58 if (match)
59 huge = true;
61 // plugin=1
62 match = /plugin=1/.exec(query);
63 if (match)
64 plugin = true;
66 // multiple=1
67 match = /multiple=([^&]*)/.exec(query);
68 if (match)
69 authHeaderCount = match[1]+0;
71 // anonymous=1
72 match = /anonymous=1/.exec(query);
73 if (match)
74 anonymous = true;
76 // Look for an authentication header, if any, in the request.
77 //
78 // EG: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
79 //
80 // This test only supports Basic auth. The value sent by the client is
81 // "username:password", obscured with base64 encoding.
83 var actual_user = "", actual_pass = "", authHeader, authPresent = false;
84 if (request.hasHeader("Authorization")) {
85 authPresent = true;
86 authHeader = request.getHeader("Authorization");
87 match = /Basic (.+)/.exec(authHeader);
88 if (match.length != 2)
89 throw "Couldn't parse auth header: " + authHeader;
91 var userpass = base64ToString(match[1]); // no atob() :-(
92 match = /(.*):(.*)/.exec(userpass);
93 if (match.length != 3)
94 throw "Couldn't decode auth header: " + userpass;
95 actual_user = match[1];
96 actual_pass = match[2];
97 }
99 var proxy_actual_user = "", proxy_actual_pass = "";
100 if (request.hasHeader("Proxy-Authorization")) {
101 authHeader = request.getHeader("Proxy-Authorization");
102 match = /Basic (.+)/.exec(authHeader);
103 if (match.length != 2)
104 throw "Couldn't parse auth header: " + authHeader;
106 var userpass = base64ToString(match[1]); // no atob() :-(
107 match = /(.*):(.*)/.exec(userpass);
108 if (match.length != 3)
109 throw "Couldn't decode auth header: " + userpass;
110 proxy_actual_user = match[1];
111 proxy_actual_pass = match[2];
112 }
114 // Don't request authentication if the credentials we got were what we
115 // expected.
116 if (expected_user == actual_user &&
117 expected_pass == actual_pass) {
118 requestAuth = false;
119 }
120 if (proxy_expected_user == proxy_actual_user &&
121 proxy_expected_pass == proxy_actual_pass) {
122 requestProxyAuth = false;
123 }
125 if (anonymous) {
126 if (authPresent) {
127 response.setStatusLine("1.0", 400, "Unexpected authorization header found");
128 } else {
129 response.setStatusLine("1.0", 200, "Authorization header not found");
130 }
131 } else {
132 if (requestProxyAuth) {
133 response.setStatusLine("1.0", 407, "Proxy authentication required");
134 for (i = 0; i < authHeaderCount; ++i)
135 response.setHeader("Proxy-Authenticate", "basic realm=\"" + proxy_realm + "\"", true);
136 } else if (requestAuth) {
137 response.setStatusLine("1.0", 401, "Authentication required");
138 for (i = 0; i < authHeaderCount; ++i)
139 response.setHeader("WWW-Authenticate", "basic realm=\"" + realm + "\"", true);
140 } else {
141 response.setStatusLine("1.0", 200, "OK");
142 }
143 }
145 response.setHeader("Content-Type", "application/xhtml+xml", false);
146 response.write("<html xmlns='http://www.w3.org/1999/xhtml'>");
147 response.write("<p>Login: <span id='ok'>" + (requestAuth ? "FAIL" : "PASS") + "</span></p>\n");
148 response.write("<p>Proxy: <span id='proxy'>" + (requestProxyAuth ? "FAIL" : "PASS") + "</span></p>\n");
149 response.write("<p>Auth: <span id='auth'>" + authHeader + "</span></p>\n");
150 response.write("<p>User: <span id='user'>" + actual_user + "</span></p>\n");
151 response.write("<p>Pass: <span id='pass'>" + actual_pass + "</span></p>\n");
153 if (huge) {
154 response.write("<div style='display: none'>");
155 for (i = 0; i < 100000; i++) {
156 response.write("123456789\n");
157 }
158 response.write("</div>");
159 response.write("<span id='footnote'>This is a footnote after the huge content fill</span>");
160 }
162 if (plugin) {
163 response.write("<embed id='embedtest' style='width: 400px; height: 100px;' " +
164 "type='application/x-test'></embed>\n");
165 }
167 response.write("</html>");
168 }
171 // base64 decoder
172 //
173 // Yoinked from extensions/xml-rpc/src/nsXmlRpcClient.js because btoa()
174 // doesn't seem to exist. :-(
175 /* Convert Base64 data to a string */
176 const toBinaryTable = [
177 -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
178 -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
179 -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,62, -1,-1,-1,63,
180 52,53,54,55, 56,57,58,59, 60,61,-1,-1, -1, 0,-1,-1,
181 -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10, 11,12,13,14,
182 15,16,17,18, 19,20,21,22, 23,24,25,-1, -1,-1,-1,-1,
183 -1,26,27,28, 29,30,31,32, 33,34,35,36, 37,38,39,40,
184 41,42,43,44, 45,46,47,48, 49,50,51,-1, -1,-1,-1,-1
185 ];
186 const base64Pad = '=';
188 function base64ToString(data) {
190 var result = '';
191 var leftbits = 0; // number of bits decoded, but yet to be appended
192 var leftdata = 0; // bits decoded, but yet to be appended
194 // Convert one by one.
195 for (var i = 0; i < data.length; i++) {
196 var c = toBinaryTable[data.charCodeAt(i) & 0x7f];
197 var padding = (data[i] == base64Pad);
198 // Skip illegal characters and whitespace
199 if (c == -1) continue;
201 // Collect data into leftdata, update bitcount
202 leftdata = (leftdata << 6) | c;
203 leftbits += 6;
205 // If we have 8 or more bits, append 8 bits to the result
206 if (leftbits >= 8) {
207 leftbits -= 8;
208 // Append if not padding.
209 if (!padding)
210 result += String.fromCharCode((leftdata >> leftbits) & 0xff);
211 leftdata &= (1 << leftbits) - 1;
212 }
213 }
215 // If there are any bits left, the base64 string was corrupted
216 if (leftbits)
217 throw Components.Exception('Corrupted base64 string');
219 return result;
220 }
