1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include <string>
6
7#include "base/basictypes.h"
8#include "base/memory/scoped_ptr.h"
9#include "base/string_util.h"
10#include "base/utf_string_conversions.h"
11#include "net/base/net_errors.h"
12#include "net/http/http_auth_handler_basic.h"
13#include "net/http/http_request_info.h"
14#include "testing/gtest/include/gtest/gtest.h"
15
16namespace net {
17
18TEST(HttpAuthHandlerBasicTest, GenerateAuthToken) {
19  static const struct {
20    const char* username;
21    const char* password;
22    const char* expected_credentials;
23  } tests[] = {
24    { "foo", "bar", "Basic Zm9vOmJhcg==" },
25    // Empty username
26    { "", "foobar", "Basic OmZvb2Jhcg==" },
27    // Empty password
28    { "anon", "", "Basic YW5vbjo=" },
29    // Empty username and empty password.
30    { "", "", "Basic Og==" },
31  };
32  GURL origin("http://www.example.com");
33  HttpAuthHandlerBasic::Factory factory;
34  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
35    std::string challenge = "Basic realm=\"Atlantis\"";
36    scoped_ptr<HttpAuthHandler> basic;
37    EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
38        challenge, HttpAuth::AUTH_SERVER, origin, BoundNetLog(), &basic));
39    string16 username(ASCIIToUTF16(tests[i].username));
40    string16 password(ASCIIToUTF16(tests[i].password));
41    HttpRequestInfo request_info;
42    std::string auth_token;
43    int rv = basic->GenerateAuthToken(&username, &password, &request_info,
44                                      NULL, &auth_token);
45    EXPECT_EQ(OK, rv);
46    EXPECT_STREQ(tests[i].expected_credentials, auth_token.c_str());
47  }
48}
49
50TEST(HttpAuthHandlerBasicTest, HandleAnotherChallenge) {
51  static const struct {
52    const char* challenge;
53    HttpAuth::AuthorizationResult expected_rv;
54  } tests[] = {
55    // The handler is initialized using this challenge.  The first
56    // time HandleAnotherChallenge is called with it should cause it
57    // to treat the second challenge as a rejection since it is for
58    // the same realm.
59    {
60      "Basic realm=\"First\"",
61      HttpAuth::AUTHORIZATION_RESULT_REJECT
62    },
63
64    // A challenge for a different realm.
65    {
66      "Basic realm=\"Second\"",
67      HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM
68    },
69
70    // Although RFC 2617 isn't explicit about this case, if there is
71    // more than one realm directive, we pick the last one.  So this
72    // challenge should be treated as being for "First" realm.
73    {
74      "Basic realm=\"Second\",realm=\"First\"",
75      HttpAuth::AUTHORIZATION_RESULT_REJECT
76    },
77
78    // And this one should be treated as if it was for "Second."
79    {
80      "basic realm=\"First\",realm=\"Second\"",
81      HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM
82    }
83  };
84
85  GURL origin("http://www.example.com");
86  HttpAuthHandlerBasic::Factory factory;
87  scoped_ptr<HttpAuthHandler> basic;
88  EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
89      tests[0].challenge, HttpAuth::AUTH_SERVER, origin,
90      BoundNetLog(), &basic));
91
92  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
93    std::string challenge(tests[i].challenge);
94    HttpAuth::ChallengeTokenizer tok(challenge.begin(),
95                                     challenge.end());
96    EXPECT_EQ(tests[i].expected_rv, basic->HandleAnotherChallenge(&tok));
97  }
98}
99
100TEST(HttpAuthHandlerBasicTest, InitFromChallenge) {
101  static const struct {
102    const char* challenge;
103    int expected_rv;
104    const char* expected_realm;
105  } tests[] = {
106    // No realm (we allow this even though realm is supposed to be required
107    // according to RFC 2617.)
108    {
109      "Basic",
110      OK,
111      "",
112    },
113
114    // Realm is empty string.
115    {
116      "Basic realm=\"\"",
117      OK,
118      "",
119    },
120
121    // Realm is valid.
122    {
123      "Basic realm=\"test_realm\"",
124      OK,
125      "test_realm",
126    },
127
128    // The parser ignores tokens which aren't known.
129    {
130      "Basic realm=\"test_realm\",unknown_token=foobar",
131      OK,
132      "test_realm",
133    },
134
135    // The parser skips over tokens which aren't known.
136    {
137      "Basic unknown_token=foobar,realm=\"test_realm\"",
138      OK,
139      "test_realm",
140    },
141
142#if 0
143    // TODO(cbentzel): It's unclear what the parser should do in these cases.
144    //                 It seems like this should either be treated as invalid,
145    //                 or the spaces should be used as a separator.
146    {
147      "Basic realm=\"test_realm\" unknown_token=foobar",
148      OK,
149      "test_realm",
150    },
151
152    // The parser skips over tokens which aren't known.
153    {
154      "Basic unknown_token=foobar realm=\"test_realm\"",
155      OK,
156      "test_realm",
157    },
158#endif
159
160    // The parser fails when the first token is not "Basic".
161    {
162      "Negotiate",
163      ERR_INVALID_RESPONSE,
164      ""
165    },
166
167    // Although RFC 2617 isn't explicit about this case, if there is
168    // more than one realm directive, we pick the last one.
169    {
170      "Basic realm=\"foo\",realm=\"bar\"",
171      OK,
172      "bar",
173    },
174  };
175  HttpAuthHandlerBasic::Factory factory;
176  GURL origin("http://www.example.com");
177  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
178    std::string challenge = tests[i].challenge;
179    scoped_ptr<HttpAuthHandler> basic;
180    int rv = factory.CreateAuthHandlerFromString(
181        challenge, HttpAuth::AUTH_SERVER, origin, BoundNetLog(), &basic);
182    EXPECT_EQ(tests[i].expected_rv, rv);
183    if (rv == OK)
184      EXPECT_EQ(tests[i].expected_realm, basic->realm());
185  }
186}
187
188}  // namespace net
189