1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
|
// Copyright 2011 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/http/http_auth_handler_basic.h"
#include <array>
#include <memory>
#include <string>
#include <string_view>
#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
#include "net/base/net_errors.h"
#include "net/base/network_anonymization_key.h"
#include "net/base/test_completion_callback.h"
#include "net/dns/mock_host_resolver.h"
#include "net/http/http_auth_challenge_tokenizer.h"
#include "net/http/http_auth_preferences.h"
#include "net/http/http_request_info.h"
#include "net/log/net_log_with_source.h"
#include "net/ssl/ssl_info.h"
#include "net/test/gtest_util.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/scheme_host_port.h"
using net::test::IsError;
using net::test::IsOk;
namespace net {
TEST(HttpAuthHandlerBasicTest, GenerateAuthToken) {
static const struct {
const char* username;
const char* password;
const char* expected_credentials;
} tests[] = {
{ "foo", "bar", "Basic Zm9vOmJhcg==" },
// Empty username
{ "", "foobar", "Basic OmZvb2Jhcg==" },
// Empty password
{ "anon", "", "Basic YW5vbjo=" },
// Empty username and empty password.
{ "", "", "Basic Og==" },
};
url::SchemeHostPort scheme_host_port(GURL("http://www.example.com"));
HttpAuthHandlerBasic::Factory factory;
for (const auto& test : tests) {
std::string challenge = "Basic realm=\"Atlantis\"";
SSLInfo null_ssl_info;
auto host_resolver = std::make_unique<MockHostResolver>();
std::unique_ptr<HttpAuthHandler> basic;
EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
challenge, HttpAuth::AUTH_SERVER, null_ssl_info,
NetworkAnonymizationKey(), scheme_host_port,
NetLogWithSource(), host_resolver.get(), &basic));
AuthCredentials credentials(base::ASCIIToUTF16(test.username),
base::ASCIIToUTF16(test.password));
HttpRequestInfo request_info;
std::string auth_token;
TestCompletionCallback callback;
int rv = basic->GenerateAuthToken(&credentials, &request_info,
callback.callback(), &auth_token);
EXPECT_THAT(rv, IsOk());
EXPECT_STREQ(test.expected_credentials, auth_token.c_str());
}
}
TEST(HttpAuthHandlerBasicTest, HandleAnotherChallenge) {
struct Tests {
const char* challenge;
HttpAuth::AuthorizationResult expected_rv;
};
static const auto tests = std::to_array<Tests>({
// The handler is initialized using this challenge. The first
// time HandleAnotherChallenge is called with it should cause it
// to treat the second challenge as a rejection since it is for
// the same realm.
{"Basic realm=\"First\"", HttpAuth::AUTHORIZATION_RESULT_REJECT},
// A challenge for a different realm.
{"Basic realm=\"Second\"",
HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM},
// Although RFC 2617 isn't explicit about this case, if there is
// more than one realm directive, we pick the last one. So this
// challenge should be treated as being for "First" realm.
{"Basic realm=\"Second\",realm=\"First\"",
HttpAuth::AUTHORIZATION_RESULT_REJECT},
// And this one should be treated as if it was for "Second."
{"basic realm=\"First\",realm=\"Second\"",
HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM},
});
url::SchemeHostPort scheme_host_port(GURL("http://www.example.com"));
HttpAuthHandlerBasic::Factory factory;
SSLInfo null_ssl_info;
auto host_resolver = std::make_unique<MockHostResolver>();
std::unique_ptr<HttpAuthHandler> basic;
EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
tests[0].challenge, HttpAuth::AUTH_SERVER, null_ssl_info,
NetworkAnonymizationKey(), scheme_host_port,
NetLogWithSource(), host_resolver.get(), &basic));
for (const auto& test : tests) {
HttpAuthChallengeTokenizer tok(test.challenge);
EXPECT_EQ(test.expected_rv, basic->HandleAnotherChallenge(&tok));
}
}
TEST(HttpAuthHandlerBasicTest, InitFromChallenge) {
static const struct {
const char* challenge;
int expected_rv;
const char* expected_realm;
} tests[] = {
// No realm (we allow this even though realm is supposed to be required
// according to RFC 2617.)
{
"Basic",
OK,
"",
},
// Realm is empty string.
{
"Basic realm=\"\"",
OK,
"",
},
// Realm is valid.
{
"Basic realm=\"test_realm\"",
OK,
"test_realm",
},
// The parser ignores tokens which aren't known.
{
"Basic realm=\"test_realm\",unknown_token=foobar",
OK,
"test_realm",
},
// The parser skips over tokens which aren't known.
{
"Basic unknown_token=foobar,realm=\"test_realm\"",
OK,
"test_realm",
},
#if 0
// TODO(cbentzel): It's unclear what the parser should do in these cases.
// It seems like this should either be treated as invalid,
// or the spaces should be used as a separator.
{
"Basic realm=\"test_realm\" unknown_token=foobar",
OK,
"test_realm",
},
// The parser skips over tokens which aren't known.
{
"Basic unknown_token=foobar realm=\"test_realm\"",
OK,
"test_realm",
},
#endif
// The parser fails when the first token is not "Basic".
{
"Negotiate",
ERR_INVALID_RESPONSE,
""
},
// Although RFC 2617 isn't explicit about this case, if there is
// more than one realm directive, we pick the last one.
{
"Basic realm=\"foo\",realm=\"bar\"",
OK,
"bar",
},
// Handle ISO-8859-1 character as part of the realm. The realm is converted
// to UTF-8.
{
"Basic realm=\"foo-\xE5\"",
OK,
"foo-\xC3\xA5",
},
};
HttpAuthHandlerBasic::Factory factory;
url::SchemeHostPort scheme_host_port(GURL("http://www.example.com"));
for (const auto& test : tests) {
std::string challenge = test.challenge;
SSLInfo null_ssl_info;
auto host_resolver = std::make_unique<MockHostResolver>();
std::unique_ptr<HttpAuthHandler> basic;
int rv = factory.CreateAuthHandlerFromString(
challenge, HttpAuth::AUTH_SERVER, null_ssl_info,
NetworkAnonymizationKey(), scheme_host_port, NetLogWithSource(),
host_resolver.get(), &basic);
EXPECT_EQ(test.expected_rv, rv);
if (rv == OK)
EXPECT_EQ(test.expected_realm, basic->realm());
}
}
// Test that when Basic is configured to forbid HTTP, attempting to create a
// Basic auth handler for a HTTP context is rejected.
TEST(HttpAuthHandlerBasicTest, BasicAuthRequiresHTTPS) {
url::SchemeHostPort nonsecure_scheme_host_port(
GURL("http://www.example.com"));
HttpAuthHandlerBasic::Factory factory;
HttpAuthPreferences http_auth_preferences;
http_auth_preferences.set_basic_over_http_enabled(false);
factory.set_http_auth_preferences(&http_auth_preferences);
std::string challenge = "Basic realm=\"Atlantis\"";
SSLInfo null_ssl_info;
auto host_resolver = std::make_unique<MockHostResolver>();
std::unique_ptr<HttpAuthHandler> basic;
// Ensure that HTTP is disallowed.
EXPECT_THAT(factory.CreateAuthHandlerFromString(
challenge, HttpAuth::AUTH_SERVER, null_ssl_info,
NetworkAnonymizationKey(), nonsecure_scheme_host_port,
NetLogWithSource(), host_resolver.get(), &basic),
IsError(ERR_UNSUPPORTED_AUTH_SCHEME));
// Ensure that HTTPS is allowed.
url::SchemeHostPort secure_scheme_host_port(GURL("https://www.example.com"));
EXPECT_THAT(factory.CreateAuthHandlerFromString(
challenge, HttpAuth::AUTH_SERVER, null_ssl_info,
NetworkAnonymizationKey(), secure_scheme_host_port,
NetLogWithSource(), host_resolver.get(), &basic),
IsOk());
}
} // namespace net
|
