1 // Copyright 2014 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_auth_challenge_tokenizer.h"
6
7 #include <string_view>
8
9 #include "testing/gtest/include/gtest/gtest.h"
10
11 namespace net {
12
TEST(HttpAuthChallengeTokenizerTest,Basic)13 TEST(HttpAuthChallengeTokenizerTest, Basic) {
14 HttpAuthChallengeTokenizer challenge("Basic realm=\"foobar\"");
15 HttpUtil::NameValuePairsIterator parameters = challenge.param_pairs();
16
17 EXPECT_TRUE(parameters.valid());
18 EXPECT_EQ("basic", challenge.auth_scheme());
19 EXPECT_TRUE(parameters.GetNext());
20 EXPECT_TRUE(parameters.valid());
21 EXPECT_EQ("realm", parameters.name());
22 EXPECT_EQ("foobar", parameters.value());
23 EXPECT_FALSE(parameters.GetNext());
24 }
25
26 // Use a name=value property with no quote marks.
TEST(HttpAuthChallengeTokenizerTest,NoQuotes)27 TEST(HttpAuthChallengeTokenizerTest, NoQuotes) {
28 HttpAuthChallengeTokenizer challenge("Basic realm=foobar@baz.com");
29 HttpUtil::NameValuePairsIterator parameters = challenge.param_pairs();
30
31 EXPECT_TRUE(parameters.valid());
32 EXPECT_EQ("basic", challenge.auth_scheme());
33 EXPECT_TRUE(parameters.GetNext());
34 EXPECT_TRUE(parameters.valid());
35 EXPECT_EQ("realm", parameters.name());
36 EXPECT_EQ("foobar@baz.com", parameters.value());
37 EXPECT_FALSE(parameters.GetNext());
38 }
39
40 // Use a name=value property with mismatching quote marks.
TEST(HttpAuthChallengeTokenizerTest,MismatchedQuotes)41 TEST(HttpAuthChallengeTokenizerTest, MismatchedQuotes) {
42 HttpAuthChallengeTokenizer challenge("Basic realm=\"foobar@baz.com");
43 HttpUtil::NameValuePairsIterator parameters = challenge.param_pairs();
44
45 EXPECT_TRUE(parameters.valid());
46 EXPECT_EQ("basic", challenge.auth_scheme());
47 EXPECT_TRUE(parameters.GetNext());
48 EXPECT_TRUE(parameters.valid());
49 EXPECT_EQ("realm", parameters.name());
50 EXPECT_EQ("foobar@baz.com", parameters.value());
51 EXPECT_FALSE(parameters.GetNext());
52 }
53
54 // Use a name= property without a value and with mismatching quote marks.
TEST(HttpAuthChallengeTokenizerTest,MismatchedQuotesNoValue)55 TEST(HttpAuthChallengeTokenizerTest, MismatchedQuotesNoValue) {
56 HttpAuthChallengeTokenizer challenge("Basic realm=\"");
57 HttpUtil::NameValuePairsIterator parameters = challenge.param_pairs();
58
59 EXPECT_TRUE(parameters.valid());
60 EXPECT_EQ("basic", challenge.auth_scheme());
61 EXPECT_TRUE(parameters.GetNext());
62 EXPECT_TRUE(parameters.valid());
63 EXPECT_EQ("realm", parameters.name());
64 EXPECT_EQ("", parameters.value());
65 EXPECT_FALSE(parameters.GetNext());
66 }
67
68 // Use a name=value property with mismatching quote marks and spaces in the
69 // value.
TEST(HttpAuthChallengeTokenizerTest,MismatchedQuotesSpaces)70 TEST(HttpAuthChallengeTokenizerTest, MismatchedQuotesSpaces) {
71 HttpAuthChallengeTokenizer challenge("Basic realm=\"foo bar");
72 HttpUtil::NameValuePairsIterator parameters = challenge.param_pairs();
73
74 EXPECT_TRUE(parameters.valid());
75 EXPECT_EQ("basic", challenge.auth_scheme());
76 EXPECT_TRUE(parameters.GetNext());
77 EXPECT_TRUE(parameters.valid());
78 EXPECT_EQ("realm", parameters.name());
79 EXPECT_EQ("foo bar", parameters.value());
80 EXPECT_FALSE(parameters.GetNext());
81 }
82
83 // Use multiple name=value properties with mismatching quote marks in the last
84 // value.
TEST(HttpAuthChallengeTokenizerTest,MismatchedQuotesMultiple)85 TEST(HttpAuthChallengeTokenizerTest, MismatchedQuotesMultiple) {
86 HttpAuthChallengeTokenizer challenge(
87 "Digest qop=auth-int, algorithm=md5, realm=\"foo");
88 HttpUtil::NameValuePairsIterator parameters = challenge.param_pairs();
89
90 EXPECT_TRUE(parameters.valid());
91 EXPECT_EQ("digest", challenge.auth_scheme());
92 EXPECT_TRUE(parameters.GetNext());
93 EXPECT_TRUE(parameters.valid());
94 EXPECT_EQ("qop", parameters.name());
95 EXPECT_EQ("auth-int", parameters.value());
96 EXPECT_TRUE(parameters.GetNext());
97 EXPECT_TRUE(parameters.valid());
98 EXPECT_EQ("algorithm", parameters.name());
99 EXPECT_EQ("md5", parameters.value());
100 EXPECT_TRUE(parameters.GetNext());
101 EXPECT_TRUE(parameters.valid());
102 EXPECT_EQ("realm", parameters.name());
103 EXPECT_EQ("foo", parameters.value());
104 EXPECT_FALSE(parameters.GetNext());
105 }
106
107 // Use a name= property which has no value.
TEST(HttpAuthChallengeTokenizerTest,NoValue)108 TEST(HttpAuthChallengeTokenizerTest, NoValue) {
109 HttpAuthChallengeTokenizer challenge("Digest qop=");
110 HttpUtil::NameValuePairsIterator parameters = challenge.param_pairs();
111
112 EXPECT_TRUE(parameters.valid());
113 EXPECT_EQ(std::string("digest"), challenge.auth_scheme());
114 EXPECT_FALSE(parameters.GetNext());
115 EXPECT_FALSE(parameters.valid());
116 }
117
118 // Specify multiple properties, comma separated.
TEST(HttpAuthChallengeTokenizerTest,Multiple)119 TEST(HttpAuthChallengeTokenizerTest, Multiple) {
120 HttpAuthChallengeTokenizer challenge(
121 "Digest algorithm=md5, realm=\"Oblivion\", qop=auth-int");
122 HttpUtil::NameValuePairsIterator parameters = challenge.param_pairs();
123
124 EXPECT_TRUE(parameters.valid());
125 EXPECT_EQ("digest", challenge.auth_scheme());
126 EXPECT_TRUE(parameters.GetNext());
127 EXPECT_TRUE(parameters.valid());
128 EXPECT_EQ("algorithm", parameters.name());
129 EXPECT_EQ("md5", parameters.value());
130 EXPECT_TRUE(parameters.GetNext());
131 EXPECT_TRUE(parameters.valid());
132 EXPECT_EQ("realm", parameters.name());
133 EXPECT_EQ("Oblivion", parameters.value());
134 EXPECT_TRUE(parameters.GetNext());
135 EXPECT_TRUE(parameters.valid());
136 EXPECT_EQ("qop", parameters.name());
137 EXPECT_EQ("auth-int", parameters.value());
138 EXPECT_FALSE(parameters.GetNext());
139 EXPECT_TRUE(parameters.valid());
140 }
141
142 // Use a challenge which has no property.
TEST(HttpAuthChallengeTokenizerTest,NoProperty)143 TEST(HttpAuthChallengeTokenizerTest, NoProperty) {
144 HttpAuthChallengeTokenizer challenge("NTLM");
145 HttpUtil::NameValuePairsIterator parameters = challenge.param_pairs();
146
147 EXPECT_TRUE(parameters.valid());
148 EXPECT_EQ(std::string("ntlm"), challenge.auth_scheme());
149 EXPECT_FALSE(parameters.GetNext());
150 }
151
152 // Use a challenge with Base64 encoded token.
TEST(HttpAuthChallengeTokenizerTest,Base64)153 TEST(HttpAuthChallengeTokenizerTest, Base64) {
154 HttpAuthChallengeTokenizer challenge("NTLM SGVsbG8sIFdvcmxkCg===");
155
156 EXPECT_EQ(std::string("ntlm"), challenge.auth_scheme());
157 // Notice the two equal statements below due to padding removal.
158 EXPECT_EQ(std::string("SGVsbG8sIFdvcmxkCg=="), challenge.base64_param());
159 }
160
161 } // namespace net
162