1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <string>
6
7 #include "base/basictypes.h"
8 #include "base/memory/scoped_ptr.h"
9 #include "base/string_util.h"
10 #include "base/utf_string_conversions.h"
11 #include "net/base/net_errors.h"
12 #include "net/http/http_auth_handler_basic.h"
13 #include "net/http/http_request_info.h"
14 #include "testing/gtest/include/gtest/gtest.h"
15
16 namespace net {
17
TEST(HttpAuthHandlerBasicTest,GenerateAuthToken)18 TEST(HttpAuthHandlerBasicTest, GenerateAuthToken) {
19 static const struct {
20 const char* username;
21 const char* password;
22 const char* expected_credentials;
23 } tests[] = {
24 { "foo", "bar", "Basic Zm9vOmJhcg==" },
25 // Empty username
26 { "", "foobar", "Basic OmZvb2Jhcg==" },
27 // Empty password
28 { "anon", "", "Basic YW5vbjo=" },
29 // Empty username and empty password.
30 { "", "", "Basic Og==" },
31 };
32 GURL origin("http://www.example.com");
33 HttpAuthHandlerBasic::Factory factory;
34 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
35 std::string challenge = "Basic realm=\"Atlantis\"";
36 scoped_ptr<HttpAuthHandler> basic;
37 EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
38 challenge, HttpAuth::AUTH_SERVER, origin, BoundNetLog(), &basic));
39 string16 username(ASCIIToUTF16(tests[i].username));
40 string16 password(ASCIIToUTF16(tests[i].password));
41 HttpRequestInfo request_info;
42 std::string auth_token;
43 int rv = basic->GenerateAuthToken(&username, &password, &request_info,
44 NULL, &auth_token);
45 EXPECT_EQ(OK, rv);
46 EXPECT_STREQ(tests[i].expected_credentials, auth_token.c_str());
47 }
48 }
49
TEST(HttpAuthHandlerBasicTest,HandleAnotherChallenge)50 TEST(HttpAuthHandlerBasicTest, HandleAnotherChallenge) {
51 static const struct {
52 const char* challenge;
53 HttpAuth::AuthorizationResult expected_rv;
54 } tests[] = {
55 // The handler is initialized using this challenge. The first
56 // time HandleAnotherChallenge is called with it should cause it
57 // to treat the second challenge as a rejection since it is for
58 // the same realm.
59 {
60 "Basic realm=\"First\"",
61 HttpAuth::AUTHORIZATION_RESULT_REJECT
62 },
63
64 // A challenge for a different realm.
65 {
66 "Basic realm=\"Second\"",
67 HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM
68 },
69
70 // Although RFC 2617 isn't explicit about this case, if there is
71 // more than one realm directive, we pick the last one. So this
72 // challenge should be treated as being for "First" realm.
73 {
74 "Basic realm=\"Second\",realm=\"First\"",
75 HttpAuth::AUTHORIZATION_RESULT_REJECT
76 },
77
78 // And this one should be treated as if it was for "Second."
79 {
80 "basic realm=\"First\",realm=\"Second\"",
81 HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM
82 }
83 };
84
85 GURL origin("http://www.example.com");
86 HttpAuthHandlerBasic::Factory factory;
87 scoped_ptr<HttpAuthHandler> basic;
88 EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
89 tests[0].challenge, HttpAuth::AUTH_SERVER, origin,
90 BoundNetLog(), &basic));
91
92 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
93 std::string challenge(tests[i].challenge);
94 HttpAuth::ChallengeTokenizer tok(challenge.begin(),
95 challenge.end());
96 EXPECT_EQ(tests[i].expected_rv, basic->HandleAnotherChallenge(&tok));
97 }
98 }
99
TEST(HttpAuthHandlerBasicTest,InitFromChallenge)100 TEST(HttpAuthHandlerBasicTest, InitFromChallenge) {
101 static const struct {
102 const char* challenge;
103 int expected_rv;
104 const char* expected_realm;
105 } tests[] = {
106 // No realm (we allow this even though realm is supposed to be required
107 // according to RFC 2617.)
108 {
109 "Basic",
110 OK,
111 "",
112 },
113
114 // Realm is empty string.
115 {
116 "Basic realm=\"\"",
117 OK,
118 "",
119 },
120
121 // Realm is valid.
122 {
123 "Basic realm=\"test_realm\"",
124 OK,
125 "test_realm",
126 },
127
128 // The parser ignores tokens which aren't known.
129 {
130 "Basic realm=\"test_realm\",unknown_token=foobar",
131 OK,
132 "test_realm",
133 },
134
135 // The parser skips over tokens which aren't known.
136 {
137 "Basic unknown_token=foobar,realm=\"test_realm\"",
138 OK,
139 "test_realm",
140 },
141
142 #if 0
143 // TODO(cbentzel): It's unclear what the parser should do in these cases.
144 // It seems like this should either be treated as invalid,
145 // or the spaces should be used as a separator.
146 {
147 "Basic realm=\"test_realm\" unknown_token=foobar",
148 OK,
149 "test_realm",
150 },
151
152 // The parser skips over tokens which aren't known.
153 {
154 "Basic unknown_token=foobar realm=\"test_realm\"",
155 OK,
156 "test_realm",
157 },
158 #endif
159
160 // The parser fails when the first token is not "Basic".
161 {
162 "Negotiate",
163 ERR_INVALID_RESPONSE,
164 ""
165 },
166
167 // Although RFC 2617 isn't explicit about this case, if there is
168 // more than one realm directive, we pick the last one.
169 {
170 "Basic realm=\"foo\",realm=\"bar\"",
171 OK,
172 "bar",
173 },
174 };
175 HttpAuthHandlerBasic::Factory factory;
176 GURL origin("http://www.example.com");
177 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
178 std::string challenge = tests[i].challenge;
179 scoped_ptr<HttpAuthHandler> basic;
180 int rv = factory.CreateAuthHandlerFromString(
181 challenge, HttpAuth::AUTH_SERVER, origin, BoundNetLog(), &basic);
182 EXPECT_EQ(tests[i].expected_rv, rv);
183 if (rv == OK)
184 EXPECT_EQ(tests[i].expected_realm, basic->realm());
185 }
186 }
187
188 } // namespace net
189