| // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include <string> |
| |
| #include "base/basictypes.h" |
| #include "base/memory/scoped_ptr.h" |
| #include "base/string_util.h" |
| #include "base/utf_string_conversions.h" |
| #include "net/base/net_errors.h" |
| #include "net/http/http_auth_handler_basic.h" |
| #include "net/http/http_request_info.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| namespace net { |
| |
| TEST(HttpAuthHandlerBasicTest, GenerateAuthToken) { |
| static const struct { |
| const char* username; |
| const char* password; |
| const char* expected_credentials; |
| } tests[] = { |
| { "foo", "bar", "Basic Zm9vOmJhcg==" }, |
| // Empty username |
| { "", "foobar", "Basic OmZvb2Jhcg==" }, |
| // Empty password |
| { "anon", "", "Basic YW5vbjo=" }, |
| // Empty username and empty password. |
| { "", "", "Basic Og==" }, |
| }; |
| GURL origin("http://www.example.com"); |
| HttpAuthHandlerBasic::Factory factory; |
| for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) { |
| std::string challenge = "Basic realm=\"Atlantis\""; |
| scoped_ptr<HttpAuthHandler> basic; |
| EXPECT_EQ(OK, factory.CreateAuthHandlerFromString( |
| challenge, HttpAuth::AUTH_SERVER, origin, BoundNetLog(), &basic)); |
| string16 username(ASCIIToUTF16(tests[i].username)); |
| string16 password(ASCIIToUTF16(tests[i].password)); |
| HttpRequestInfo request_info; |
| std::string auth_token; |
| int rv = basic->GenerateAuthToken(&username, &password, &request_info, |
| NULL, &auth_token); |
| EXPECT_EQ(OK, rv); |
| EXPECT_STREQ(tests[i].expected_credentials, auth_token.c_str()); |
| } |
| } |
| |
| TEST(HttpAuthHandlerBasicTest, HandleAnotherChallenge) { |
| static const struct { |
| const char* challenge; |
| HttpAuth::AuthorizationResult expected_rv; |
| } tests[] = { |
| // The handler is initialized using this challenge. The first |
| // time HandleAnotherChallenge is called with it should cause it |
| // to treat the second challenge as a rejection since it is for |
| // the same realm. |
| { |
| "Basic realm=\"First\"", |
| HttpAuth::AUTHORIZATION_RESULT_REJECT |
| }, |
| |
| // A challenge for a different realm. |
| { |
| "Basic realm=\"Second\"", |
| HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM |
| }, |
| |
| // Although RFC 2617 isn't explicit about this case, if there is |
| // more than one realm directive, we pick the last one. So this |
| // challenge should be treated as being for "First" realm. |
| { |
| "Basic realm=\"Second\",realm=\"First\"", |
| HttpAuth::AUTHORIZATION_RESULT_REJECT |
| }, |
| |
| // And this one should be treated as if it was for "Second." |
| { |
| "basic realm=\"First\",realm=\"Second\"", |
| HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM |
| } |
| }; |
| |
| GURL origin("http://www.example.com"); |
| HttpAuthHandlerBasic::Factory factory; |
| scoped_ptr<HttpAuthHandler> basic; |
| EXPECT_EQ(OK, factory.CreateAuthHandlerFromString( |
| tests[0].challenge, HttpAuth::AUTH_SERVER, origin, |
| BoundNetLog(), &basic)); |
| |
| for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) { |
| std::string challenge(tests[i].challenge); |
| HttpAuth::ChallengeTokenizer tok(challenge.begin(), |
| challenge.end()); |
| EXPECT_EQ(tests[i].expected_rv, basic->HandleAnotherChallenge(&tok)); |
| } |
| } |
| |
| TEST(HttpAuthHandlerBasicTest, InitFromChallenge) { |
| static const struct { |
| const char* challenge; |
| int expected_rv; |
| const char* expected_realm; |
| } tests[] = { |
| // No realm (we allow this even though realm is supposed to be required |
| // according to RFC 2617.) |
| { |
| "Basic", |
| OK, |
| "", |
| }, |
| |
| // Realm is empty string. |
| { |
| "Basic realm=\"\"", |
| OK, |
| "", |
| }, |
| |
| // Realm is valid. |
| { |
| "Basic realm=\"test_realm\"", |
| OK, |
| "test_realm", |
| }, |
| |
| // The parser ignores tokens which aren't known. |
| { |
| "Basic realm=\"test_realm\",unknown_token=foobar", |
| OK, |
| "test_realm", |
| }, |
| |
| // The parser skips over tokens which aren't known. |
| { |
| "Basic unknown_token=foobar,realm=\"test_realm\"", |
| OK, |
| "test_realm", |
| }, |
| |
| #if 0 |
| // TODO(cbentzel): It's unclear what the parser should do in these cases. |
| // It seems like this should either be treated as invalid, |
| // or the spaces should be used as a separator. |
| { |
| "Basic realm=\"test_realm\" unknown_token=foobar", |
| OK, |
| "test_realm", |
| }, |
| |
| // The parser skips over tokens which aren't known. |
| { |
| "Basic unknown_token=foobar realm=\"test_realm\"", |
| OK, |
| "test_realm", |
| }, |
| #endif |
| |
| // The parser fails when the first token is not "Basic". |
| { |
| "Negotiate", |
| ERR_INVALID_RESPONSE, |
| "" |
| }, |
| |
| // Although RFC 2617 isn't explicit about this case, if there is |
| // more than one realm directive, we pick the last one. |
| { |
| "Basic realm=\"foo\",realm=\"bar\"", |
| OK, |
| "bar", |
| }, |
| }; |
| HttpAuthHandlerBasic::Factory factory; |
| GURL origin("http://www.example.com"); |
| for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) { |
| std::string challenge = tests[i].challenge; |
| scoped_ptr<HttpAuthHandler> basic; |
| int rv = factory.CreateAuthHandlerFromString( |
| challenge, HttpAuth::AUTH_SERVER, origin, BoundNetLog(), &basic); |
| EXPECT_EQ(tests[i].expected_rv, rv); |
| if (rv == OK) |
| EXPECT_EQ(tests[i].expected_realm, basic->realm()); |
| } |
| } |
| |
| } // namespace net |