summaryrefslogtreecommitdiffstats
path: root/net/http/http_auth_unittest.cc
Commit message (Collapse)AuthorAgeFilesLines
* Cleanup: Use AUTH_SCHEME enum instead of a string.cbentzel@chromium.org2011-01-131-18/+19
| | | | | | | | | BUG=None TEST=trybots Review URL: http://codereview.chromium.org/6191001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@71318 0039d316-1c4b-4281-b951-d872f2087c98
* Clean up some HttpAuth nits.cbentzel@chromium.org2010-10-291-6/+6
| | | | | | | | | BUG=None TEST=net_unittests Review URL: http://codereview.chromium.org/4193007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64431 0039d316-1c4b-4281-b951-d872f2087c98
* Refactor net::HttpUtil::NameValuePairsIterator to relieve clients of the ↵erikwright@chromium.org2010-10-221-26/+6
| | | | | | | | | | | | | | need to think about quoted values while also avoiding a string copy if the value is unquoted. The iterator now holds a (normally empty) string member that it uses only if the currently accessed value is quoted. In this case, the value_begin and value_end iterators point into this string (holding the unquoted value) as opposed to the original buffer (holding the quoted value). The value is only unquoted if it is accessed. As a result, the interface is simplified to not expose whether the current value is quoted. This simplifies the work of all clients. Furthermore, this implementation is optimized to only construct a string if it is required, whereas most clients previously (for simplicity) constructed a new string whether or not it was required. They will therefore benefit from a slight increase in efficiency. BUG=52601 TEST=net_unittests / HttpUtilTest.NameValuePairs*, HttpAuthTest.* Review URL: http://codereview.chromium.org/3777012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63514 0039d316-1c4b-4281-b951-d872f2087c98
* Add more tests cases for HttpAuth::HandleChallengeResponse.cbentzel@chromium.org2010-10-201-47/+101
| | | | | | | | | | | This also improves the documentation for HandleChallengeResponse and clears the challenge_response arugment. BUG=None TEST=net_unittests --gtest_filter="*HandleChallengeResponse*" Review URL: http://codereview.chromium.org/3752003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63227 0039d316-1c4b-4281-b951-d872f2087c98
* Stop refcounting HostResolver.willchan@chromium.org2010-10-011-2/+2
| | | | | | | | | BUG=46049 TEST=none Review URL: http://codereview.chromium.org/3601002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61256 0039d316-1c4b-4281-b951-d872f2087c98
* Extract name-value pair parsing from http_auth.cc (ChallengeTokenizer) into ↵erikwright@chromium.org2010-09-301-89/+104
| | | | | | | | | | http_util.cc (NameValuePairsIterator). In preparation for re-use of name-value pair parsing in ChromeFrame (for X-UA-Compatible header). BUG=None TEST=net_unittests (HttpAuth* and HttpUtilTest.NameValuePairs*) Review URL: http://codereview.chromium.org/3525004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61061 0039d316-1c4b-4281-b951-d872f2087c98
* HttpAuthHandlerFactory::CreateDefault requires a HostResolver argument.cbentzel@chromium.org2010-09-291-1/+3
| | | | | | | | | | | | | Previously the default registry factory would crash if it saw a Negotiate header when trying to do a CNAME lookup because of a NULL resolver. Since then I've changed HttpAuthHandlerNegotiate to skip the CNAME lookup step when the resolver_ is NULL. So, one option is to make CreateDefault accept an optional HostResolver argument. My concern is that since passing in NULL is the easier choice, people will do it and encounter user problems when going through a Negotiate proxy. Hence, I force the correct behavior. BUG=56819 TEST=net_unittests, try fetch client through a Negotiate authenticating proxy. Review URL: http://codereview.chromium.org/3518001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@60942 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 60791 - HttpAuthHandlerFactory::CreateDefault requires a HostResolver ↵cbentzel@chromium.org2010-09-281-3/+1
| | | | | | | | | | | | | | | | | | argument. Previously the default registry factory would crash if it saw a Negotiate header when trying to do a CNAME lookup because of a NULL resolver. Since then I've changed HttpAuthHandlerNegotiate to skip the CNAME lookup step when the resolver_ is NULL. So, one option is to make CreateDefault accept an optional HostResolver argument. My concern is that since passing in NULL is the easier choice, people will do it and encounter user problems when going through a Negotiate proxy. Hence, I force the correct behavior. BUG=56819 TEST=net_unittests, try fetch client through a Negotiate authenticating proxy. Review URL: http://codereview.chromium.org/3447027 TBR=cbentzel@chromium.org Review URL: http://codereview.chromium.org/3413039 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@60795 0039d316-1c4b-4281-b951-d872f2087c98
* HttpAuthHandlerFactory::CreateDefault requires a HostResolver argument.cbentzel@chromium.org2010-09-281-1/+3
| | | | | | | | | | | | | Previously the default registry factory would crash if it saw a Negotiate header when trying to do a CNAME lookup because of a NULL resolver. Since then I've changed HttpAuthHandlerNegotiate to skip the CNAME lookup step when the resolver_ is NULL. So, one option is to make CreateDefault accept an optional HostResolver argument. My concern is that since passing in NULL is the easier choice, people will do it and encounter user problems when going through a Negotiate proxy. Hence, I force the correct behavior. BUG=56819 TEST=net_unittests, try fetch client through a Negotiate authenticating proxy. Review URL: http://codereview.chromium.org/3447027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@60791 0039d316-1c4b-4281-b951-d872f2087c98
* Don't evict username/password when handling "stale" digest authentication ↵cbentzel@chromium.org2010-09-161-3/+12
| | | | | | | | | | | | | challenges. Stale challenges indicate that the cached nonce (and associated nonce_count) are no longer valid. BUG=53353 TEST=Use a digest authentication Squid proxy with default settings (which complain about stale nonce's). Ensure that there are no username/password prompts after getting a stale challenge. Also, net_unittests. Review URL: http://codereview.chromium.org/3421005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59643 0039d316-1c4b-4281-b951-d872f2087c98
* Fix multi-round authentication.cbentzel@chromium.org2010-09-111-124/+64
| | | | | | | | | | | | | | | | | | | | | | | | In the case of Negotiate, authentication can look like C: GET S: 401, WWW-Authenticate: Negotiate C: GET, WWW-Authorization: Negotiate <client_token_1> S: 401, WWW-Authenticate: Negotiate <server_token_1> C: GET, WWW-Authorization: Negotiate <client_token_2> S: 401, WWW-Authenticate: Negotiate <server_token_2> on that third challenge, the handler was reported as being in "the final round" and this was treated as a rejection of the authentication attempt. After that, the new challenge token was used by a new auth handler that hadn't established a security context, and an ERR_INVALID_HANDLE would be returned. This CL also does some prep work to correctly handle the "stale=true" value for Digest authentication, but I decided to defer the HttpAuthCache changes needed for that to a separate CL since this was large enough. BUG=53282 TEST=net_unittests. Unfortunately, I haven't been able to set up a proxy/server to do more than two auth challenges, but this does happen in the wild. Review URL: http://codereview.chromium.org/3360017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59188 0039d316-1c4b-4281-b951-d872f2087c98
* Attempt to back off from Kerberos authentication if we don't have credentials.ahendrickson@google.com2010-07-201-0/+7
| | | | | | | | | | | | | | | | | | | If the user has a stale TGT, or is unable to generate a TGS for the server they are trying to communicate to, then generating an authentication token fails. Rather than fail the entire network transaction in that case, we resend the request with an empty Authenticate (or Proxy-Authenticate) header, and remember that the Negotiate scheme is not a valid option for this particular transaction. If the server responds back with headers like WWW-Authenticate: Negotiate WWW-Authenticate: Digest realm=foo then the digest scheme is chosen in the next round. BUG=33033 TEST=None Review URL: http://codereview.chromium.org/3010010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53002 0039d316-1c4b-4281-b951-d872f2087c98
* Don't do Negotiate with GSSAPI if default credentials are not allowed.cbentzel@chromium.org2010-07-191-2/+8
| | | | | | | | | | | | | GSSAPI does not provide a mechanism for the user to specify username/password to obtain a TGT. If default credentials are not allowed for an end site, skip negotiate and use a different scheme. Arguably in this case it may make sense to simply prompt the user whether they want to use their existing Kerberos credentials to authenticate to the server and use the existing TGT, but we'll need UI changes. BUG=33033 TEST=net_unittests, try to authenticate to a Kerberized server which is not in the whitelist. Review URL: http://codereview.chromium.org/3013003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52943 0039d316-1c4b-4281-b951-d872f2087c98
* Hooking GSSAPI code into HTTP authenticate Negotiate handler.ahendrickson@google.com2010-06-281-9/+66
| | | | | | | | | BUG=33033. TEST=None. Review URL: http://codereview.chromium.org/2684001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@51001 0039d316-1c4b-4281-b951-d872f2087c98
* HttpAuthHandler's are no longer refcounted.cbentzel@chromium.org2010-06-071-8/+8
| | | | | | | | | | | | Since HttpAuthHandler objects are no longer contained inside of the HttpAuthCache, the lifetime of the handlers is more clearly defined. TEST=net_unittests (including some changes) BUG=42222 Review URL: http://codereview.chromium.org/2635004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49052 0039d316-1c4b-4281-b951-d872f2087c98
* HttpAuthHandlers hold onto a bound net log.cbentzel@chromium.org2010-05-271-0/+2
| | | | | | | | | | | Although this doesn't have a behavioral impact in this CL, it is needed for additional logging which I'd like to add. BUG=34737 TEST=net_unittests Review URL: http://codereview.chromium.org/2288001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48391 0039d316-1c4b-4281-b951-d872f2087c98
* Auto-format style pass over files.cbentzel@chromium.org2010-05-041-4/+4
| | | | | | | | | | | This is a refactor (actually reformat) only - no behavior change in place. BUG=NONE TEST=net_unittests.exe Review URL: http://codereview.chromium.org/1800003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@46349 0039d316-1c4b-4281-b951-d872f2087c98
* Removed filter checks in windows implementations of Negotiate and NTLM HTTP ↵cbentzel@chromium.org2010-03-311-209/+0
| | | | | | | | | | | Authentication handler creation. BUG=29596 TEST=None Review URL: http://codereview.chromium.org/1564002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43212 0039d316-1c4b-4281-b951-d872f2087c98
* Gracefully recover from malformed auth challenge.jochen@chromium.org2010-03-311-0/+76
| | | | | | | | | BUG=39836 TEST=try to log in to an allnet webcam Review URL: http://codereview.chromium.org/1567008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43182 0039d316-1c4b-4281-b951-d872f2087c98
* HttpAuthFilterWhitelist is now getting entries from the Windowsahendrickson@google.com2010-03-251-4/+4
| | | | | | | | | | | | | | | | | | registry, and adding them to whatever is in the command line. Added a basic IsIntranetHost() member function to HttpNetworkTransaction. Removed it until we figure out what to do with it. Added unit tests. Refactored SetFilters() to be less confusing. Unit tests now use a dummy registry key. BUG=29596 TEST=net_unittests.exe --gtest_filter=HttpAuthFilterTest.* Review URL: http://codereview.chromium.org/669068 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42600 0039d316-1c4b-4281-b951-d872f2087c98
* Added HttpAuthFilter.cbentzel@chromium.org2010-02-261-1/+213
| | | | | | | | | | | Original patch by ahendrickson@chromium.org (http://codereview.chromium.org/646068) BUG=29596 TEST=net_unittests.exe --gtest_filter="*HttpAuthFilterTest*" Review URL: http://codereview.chromium.org/660193 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40157 0039d316-1c4b-4281-b951-d872f2087c98
* Added factories for HttpAuthHandler.cbentzel@chromium.org2010-02-151-55/+27
| | | | | | | | | | | | | | | | | | | The driving rationale for this change was to prevent choosing an AuthHandler when it is not supported on the system due to a missing runtime component (such as not being able to locate a gssapi shared library when seeing a Negotiate scheme). It also has the advantage (currently unused) of determining some per-auth-scheme properties only the first time that a challenge for that scheme is seen (such as maximum token length for the SSPI implementation of NTLM). Finally, it may make unit tests easier to generate since the factory can be easily mocked. BUG=34795 TEST=New unit test for HttpAuthHandlerDispatchFactory. Review URL: http://codereview.chromium.org/582007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39065 0039d316-1c4b-4281-b951-d872f2087c98
* Add Single Sign On support to HTTP Authentication handlers.cbentzel@chromium.org2010-02-051-0/+0
| | | | | | | | | | | | | | | Currently this is implemented on Windows for the NTLM and Negotiate schemes. This CL does not introduce the hooks to actually use Single Sign On in response to a 401/407 request - that will come in a later CL. This behavior is disabled for now as well. BUG=29862 TEST=Ran unittests, and Chrome against a server with authentication challenges. Review URL: http://codereview.chromium.org/555174 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@38227 0039d316-1c4b-4281-b951-d872f2087c98
* Add a unit test which checks that Negotiate is chosen over NTLM.cbentzel@chromium.org2010-01-231-4/+23
| | | | | | | | | | | | Negotiate is chosen over NTLM on Windows, but currently is not on Linux or OSX since support has nat been added yet. BUG=32824 TEST=Added new unit test and ran it. Review URL: http://codereview.chromium.org/554043 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36968 0039d316-1c4b-4281-b951-d872f2087c98
* Fix unittest for Negotiate and NTLM auth.cbentzel@chromium.org2010-01-211-3/+2
| | | | | | | | | BUG=NONE TEST=Unittest fix - ran on Vista. Review URL: http://codereview.chromium.org/554040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36798 0039d316-1c4b-4281-b951-d872f2087c98
* We should pass the service principal name (SPN) of thewtc@chromium.org2009-09-181-0/+10
| | | | | | | | | | | | | | | | format "HTTP/host:port" as the third argument (pszTargetName) to InitializeSecurityContext. This requires adding a host_and_port parameter to some methods. Remove obsolete (and incorrect) logging code in HttpNetworkTransaction::PrepareForAuthRestart(). R=eroman BUG=18009 TEST=none Review URL: http://codereview.chromium.org/206022 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26588 0039d316-1c4b-4281-b951-d872f2087c98
* Fix for bug 9608. adding check that tokenized header is valid.ace@google.com2009-04-021-0/+7
| | | | | | Review URL: http://codereview.chromium.org/60008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@13050 0039d316-1c4b-4281-b951-d872f2087c98
* Implement the NTLM authentication scheme by portingwtc@chromium.org2009-02-281-3/+83
| | | | | | | | | | Mozilla's implementation. R=darin,eroman BUG=6567,6824 Review URL: http://codereview.chromium.org/28144 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@10667 0039d316-1c4b-4281-b951-d872f2087c98
* - Add preemptive authorization (new http stack only)ericroman@google.com2008-11-081-13/+18
| | | | | | | | | | | | - Check for auth identity in URL (new http stack only) - Move auth cache logic out of url request job, and hide it in the url request ftp job and http transaction classes. Note: Somehow the original codereview thread got corrupted so it was recreated. The real review comments should be under (http://codereview.chromium.org/6481) Review URL: http://codereview.chromium.org/8231 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@5064 0039d316-1c4b-4281-b951-d872f2087c98
* Add the auth unit-tests to SConscript and .pbxprojericroman@google.com2008-09-271-1/+1
| | | | | | Review URL: http://codereview.chromium.org/4315 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2660 0039d316-1c4b-4281-b951-d872f2087c98
* Initial stab at http authentication (basic + digest) in new http stack.ericroman@google.com2008-09-271-0/+185
General design: - class HttpAuth -- utility class for http-auth logic. - class HttpAuth::ChallengeTokenizer -- parsing of www-Authenticate headers. - class HttpAuthHandler -- base class for authentication schemes (inspired by nsIHttpAuthenticator) - class HttpAuthHandlerBasic : HttpAuthHandler -- logic for basic auth. - class HttpAuthHandlerDigest : HttpAuthHandler -- logic for digest auth. - The auth integration in HttpNetworkTransaction mimics that of HttpTransactionWinHttp: + HttpNetworkTransaction::ApplyAuth() -- set the authorization headers. + HttpNetworkTransaction::PopulateAuthChallenge() -- process the challenges. BUG=2346 Review URL: http://codereview.chromium.org/4063 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2658 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-02-09 04:09:34 +0000