1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
|
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <string>
#include "base/memory/scoped_ptr.h"
#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
#include "net/base/net_errors.h"
#include "net/base/test_completion_callback.h"
#include "net/http/http_auth_challenge_tokenizer.h"
#include "net/http/http_auth_handler_basic.h"
#include "net/http/http_request_info.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace net {
TEST(HttpAuthHandlerBasicTest, GenerateAuthToken) {
static const struct {
const char* username;
const char* password;
const char* expected_credentials;
} tests[] = {
{ "foo", "bar", "Basic Zm9vOmJhcg==" },
// Empty username
{ "", "foobar", "Basic OmZvb2Jhcg==" },
// Empty password
{ "anon", "", "Basic YW5vbjo=" },
// Empty username and empty password.
{ "", "", "Basic Og==" },
};
GURL origin("http://www.example.com");
HttpAuthHandlerBasic::Factory factory;
for (size_t i = 0; i < arraysize(tests); ++i) {
std::string challenge = "Basic realm=\"Atlantis\"";
scoped_ptr<HttpAuthHandler> basic;
EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
challenge, HttpAuth::AUTH_SERVER, origin, BoundNetLog(), &basic));
AuthCredentials credentials(base::ASCIIToUTF16(tests[i].username),
base::ASCIIToUTF16(tests[i].password));
HttpRequestInfo request_info;
std::string auth_token;
TestCompletionCallback callback;
int rv = basic->GenerateAuthToken(&credentials, &request_info,
callback.callback(), &auth_token);
EXPECT_EQ(OK, rv);
EXPECT_STREQ(tests[i].expected_credentials, auth_token.c_str());
}
}
TEST(HttpAuthHandlerBasicTest, HandleAnotherChallenge) {
static const struct {
const char* challenge;
HttpAuth::AuthorizationResult expected_rv;
} tests[] = {
// The handler is initialized using this challenge. The first
// time HandleAnotherChallenge is called with it should cause it
// to treat the second challenge as a rejection since it is for
// the same realm.
{
"Basic realm=\"First\"",
HttpAuth::AUTHORIZATION_RESULT_REJECT
},
// A challenge for a different realm.
{
"Basic realm=\"Second\"",
HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM
},
// Although RFC 2617 isn't explicit about this case, if there is
// more than one realm directive, we pick the last one. So this
// challenge should be treated as being for "First" realm.
{
"Basic realm=\"Second\",realm=\"First\"",
HttpAuth::AUTHORIZATION_RESULT_REJECT
},
// And this one should be treated as if it was for "Second."
{
"basic realm=\"First\",realm=\"Second\"",
HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM
}
};
GURL origin("http://www.example.com");
HttpAuthHandlerBasic::Factory factory;
scoped_ptr<HttpAuthHandler> basic;
EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
tests[0].challenge, HttpAuth::AUTH_SERVER, origin,
BoundNetLog(), &basic));
for (size_t i = 0; i < arraysize(tests); ++i) {
std::string challenge(tests[i].challenge);
HttpAuthChallengeTokenizer tok(challenge.begin(),
challenge.end());
EXPECT_EQ(tests[i].expected_rv, basic->HandleAnotherChallenge(&tok));
}
}
TEST(HttpAuthHandlerBasicTest, InitFromChallenge) {
static const struct {
const char* challenge;
int expected_rv;
const char* expected_realm;
} tests[] = {
// No realm (we allow this even though realm is supposed to be required
// according to RFC 2617.)
{
"Basic",
OK,
"",
},
// Realm is empty string.
{
"Basic realm=\"\"",
OK,
"",
},
// Realm is valid.
{
"Basic realm=\"test_realm\"",
OK,
"test_realm",
},
// The parser ignores tokens which aren't known.
{
"Basic realm=\"test_realm\",unknown_token=foobar",
OK,
"test_realm",
},
// The parser skips over tokens which aren't known.
{
"Basic unknown_token=foobar,realm=\"test_realm\"",
OK,
"test_realm",
},
#if 0
// TODO(cbentzel): It's unclear what the parser should do in these cases.
// It seems like this should either be treated as invalid,
// or the spaces should be used as a separator.
{
"Basic realm=\"test_realm\" unknown_token=foobar",
OK,
"test_realm",
},
// The parser skips over tokens which aren't known.
{
"Basic unknown_token=foobar realm=\"test_realm\"",
OK,
"test_realm",
},
#endif
// The parser fails when the first token is not "Basic".
{
"Negotiate",
ERR_INVALID_RESPONSE,
""
},
// Although RFC 2617 isn't explicit about this case, if there is
// more than one realm directive, we pick the last one.
{
"Basic realm=\"foo\",realm=\"bar\"",
OK,
"bar",
},
// Handle ISO-8859-1 character as part of the realm. The realm is converted
// to UTF-8.
{
"Basic realm=\"foo-\xE5\"",
OK,
"foo-\xC3\xA5",
},
};
HttpAuthHandlerBasic::Factory factory;
GURL origin("http://www.example.com");
for (size_t i = 0; i < arraysize(tests); ++i) {
std::string challenge = tests[i].challenge;
scoped_ptr<HttpAuthHandler> basic;
int rv = factory.CreateAuthHandlerFromString(
challenge, HttpAuth::AUTH_SERVER, origin, BoundNetLog(), &basic);
EXPECT_EQ(tests[i].expected_rv, rv);
if (rv == OK)
EXPECT_EQ(tests[i].expected_realm, basic->realm());
}
}
} // namespace net
|
