toolkit/components/passwordmgr/test/authenticate.sjs@129ffea94266
toolkit/components/passwordmgr/test/authenticate.sjs
Sat, 03 Jan 2015 20:18:00 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 03 Jan 2015 20:18:00 +0100
- branch
- TOR_BUG_3246
- changeset 7
- 129ffea94266
- permissions
- -rw-r--r--
Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.
1 function handleRequest(request, response)
2 {
3 try {
4 reallyHandleRequest(request, response);
5 } catch (e) {
6 response.setStatusLine("1.0", 200, "AlmostOK");
7 response.write("Error handling request: " + e);
8 }
9 }
12 function reallyHandleRequest(request, response) {
13 var match;
14 var requestAuth = true, requestProxyAuth = true;
16 // Allow the caller to drive how authentication is processed via the query.
17 // Eg, http://localhost:8888/authenticate.sjs?user=foo&realm=bar
18 // The extra ? allows the user/pass/realm checks to succeed if the name is
19 // at the beginning of the query string.
20 var query = "?" + request.queryString;
22 var expected_user = "", expected_pass = "", realm = "mochitest";
23 var proxy_expected_user = "", proxy_expected_pass = "", proxy_realm = "mochi-proxy";
24 var huge = false, plugin = false, anonymous = false, formauth = false;
25 var authHeaderCount = 1;
26 // user=xxx
27 match = /[^_]user=([^&]*)/.exec(query);
28 if (match)
29 expected_user = match[1];
31 // pass=xxx
32 match = /[^_]pass=([^&]*)/.exec(query);
33 if (match)
34 expected_pass = match[1];
36 // realm=xxx
37 match = /[^_]realm=([^&]*)/.exec(query);
38 if (match)
39 realm = match[1];
41 // proxy_user=xxx
42 match = /proxy_user=([^&]*)/.exec(query);
43 if (match)
44 proxy_expected_user = match[1];
46 // proxy_pass=xxx
47 match = /proxy_pass=([^&]*)/.exec(query);
48 if (match)
49 proxy_expected_pass = match[1];
51 // proxy_realm=xxx
52 match = /proxy_realm=([^&]*)/.exec(query);
53 if (match)
54 proxy_realm = match[1];
56 // huge=1
57 match = /huge=1/.exec(query);
58 if (match)
59 huge = true;
61 // plugin=1
62 match = /plugin=1/.exec(query);
63 if (match)
64 plugin = true;
66 // multiple=1
67 match = /multiple=([^&]*)/.exec(query);
68 if (match)
69 authHeaderCount = match[1]+0;
71 // anonymous=1
72 match = /anonymous=1/.exec(query);
73 if (match)
74 anonymous = true;
76 // formauth=1
77 match = /formauth=1/.exec(query);
78 if (match)
79 formauth = true;
81 // Look for an authentication header, if any, in the request.
82 //
83 // EG: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
84 //
85 // This test only supports Basic auth. The value sent by the client is
86 // "username:password", obscured with base64 encoding.
88 var actual_user = "", actual_pass = "", authHeader, authPresent = false;
89 if (request.hasHeader("Authorization")) {
90 authPresent = true;
91 authHeader = request.getHeader("Authorization");
92 match = /Basic (.+)/.exec(authHeader);
93 if (match.length != 2)
94 throw "Couldn't parse auth header: " + authHeader;
96 var userpass = base64ToString(match[1]); // no atob() :-(
97 match = /(.*):(.*)/.exec(userpass);
98 if (match.length != 3)
99 throw "Couldn't decode auth header: " + userpass;
100 actual_user = match[1];
101 actual_pass = match[2];
102 }
104 var proxy_actual_user = "", proxy_actual_pass = "";
105 if (request.hasHeader("Proxy-Authorization")) {
106 authHeader = request.getHeader("Proxy-Authorization");
107 match = /Basic (.+)/.exec(authHeader);
108 if (match.length != 2)
109 throw "Couldn't parse auth header: " + authHeader;
111 var userpass = base64ToString(match[1]); // no atob() :-(
112 match = /(.*):(.*)/.exec(userpass);
113 if (match.length != 3)
114 throw "Couldn't decode auth header: " + userpass;
115 proxy_actual_user = match[1];
116 proxy_actual_pass = match[2];
117 }
119 // Don't request authentication if the credentials we got were what we
120 // expected.
121 if (expected_user == actual_user &&
122 expected_pass == actual_pass) {
123 requestAuth = false;
124 }
125 if (proxy_expected_user == proxy_actual_user &&
126 proxy_expected_pass == proxy_actual_pass) {
127 requestProxyAuth = false;
128 }
130 if (anonymous) {
131 if (authPresent) {
132 response.setStatusLine("1.0", 400, "Unexpected authorization header found");
133 } else {
134 response.setStatusLine("1.0", 200, "Authorization header not found");
135 }
136 } else {
137 if (requestProxyAuth) {
138 response.setStatusLine("1.0", 407, "Proxy authentication required");
139 for (i = 0; i < authHeaderCount; ++i)
140 response.setHeader("Proxy-Authenticate", "basic realm=\"" + proxy_realm + "\"", true);
141 } else if (requestAuth) {
142 if (formauth && authPresent)
143 response.setStatusLine("1.0", 403, "Form authentication required");
144 else
145 response.setStatusLine("1.0", 401, "Authentication required");
146 for (i = 0; i < authHeaderCount; ++i)
147 response.setHeader("WWW-Authenticate", "basic realm=\"" + realm + "\"", true);
148 } else {
149 response.setStatusLine("1.0", 200, "OK");
150 }
151 }
153 response.setHeader("Content-Type", "application/xhtml+xml", false);
154 response.write("<html xmlns='http://www.w3.org/1999/xhtml'>");
155 response.write("<p>Login: <span id='ok'>" + (requestAuth ? "FAIL" : "PASS") + "</span></p>\n");
156 response.write("<p>Proxy: <span id='proxy'>" + (requestProxyAuth ? "FAIL" : "PASS") + "</span></p>\n");
157 response.write("<p>Auth: <span id='auth'>" + authHeader + "</span></p>\n");
158 response.write("<p>User: <span id='user'>" + actual_user + "</span></p>\n");
159 response.write("<p>Pass: <span id='pass'>" + actual_pass + "</span></p>\n");
161 if (huge) {
162 response.write("<div style='display: none'>");
163 for (i = 0; i < 100000; i++) {
164 response.write("123456789\n");
165 }
166 response.write("</div>");
167 response.write("<span id='footnote'>This is a footnote after the huge content fill</span>");
168 }
170 if (plugin) {
171 response.write("<embed id='embedtest' style='width: 400px; height: 100px;' " +
172 "type='application/x-test'></embed>\n");
173 }
175 response.write("</html>");
176 }
179 // base64 decoder
180 //
181 // Yoinked from extensions/xml-rpc/src/nsXmlRpcClient.js because btoa()
182 // doesn't seem to exist. :-(
183 /* Convert Base64 data to a string */
184 const toBinaryTable = [
185 -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
186 -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
187 -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,62, -1,-1,-1,63,
188 52,53,54,55, 56,57,58,59, 60,61,-1,-1, -1, 0,-1,-1,
189 -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10, 11,12,13,14,
190 15,16,17,18, 19,20,21,22, 23,24,25,-1, -1,-1,-1,-1,
191 -1,26,27,28, 29,30,31,32, 33,34,35,36, 37,38,39,40,
192 41,42,43,44, 45,46,47,48, 49,50,51,-1, -1,-1,-1,-1
193 ];
194 const base64Pad = '=';
196 function base64ToString(data) {
198 var result = '';
199 var leftbits = 0; // number of bits decoded, but yet to be appended
200 var leftdata = 0; // bits decoded, but yet to be appended
202 // Convert one by one.
203 for (var i = 0; i < data.length; i++) {
204 var c = toBinaryTable[data.charCodeAt(i) & 0x7f];
205 var padding = (data[i] == base64Pad);
206 // Skip illegal characters and whitespace
207 if (c == -1) continue;
209 // Collect data into leftdata, update bitcount
210 leftdata = (leftdata << 6) | c;
211 leftbits += 6;
213 // If we have 8 or more bits, append 8 bits to the result
214 if (leftbits >= 8) {
215 leftbits -= 8;
216 // Append if not padding.
217 if (!padding)
218 result += String.fromCharCode((leftdata >> leftbits) & 0xff);
219 leftdata &= (1 << leftbits) - 1;
220 }
221 }
223 // If there are any bits left, the base64 string was corrupted
224 if (leftbits)
225 throw Components.Exception('Corrupted base64 string');
227 return result;
228 }
