Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / net / http / http_auth_unittest.cc
bloba81a409f06461acf07abd8cea5f0792bd84bf4b5
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <set>
6 #include <string>
8 #include "base/memory/ref_counted.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/strings/string_util.h"
11 #include "net/base/net_errors.h"
12 #include "net/dns/mock_host_resolver.h"
13 #include "net/http/http_auth.h"
14 #include "net/http/http_auth_challenge_tokenizer.h"
15 #include "net/http/http_auth_filter.h"
16 #include "net/http/http_auth_handler.h"
17 #include "net/http/http_auth_handler_factory.h"
18 #include "net/http/http_auth_handler_mock.h"
19 #include "net/http/http_response_headers.h"
20 #include "net/http/http_util.h"
21 #include "net/http/mock_allow_url_security_manager.h"
22 #include "testing/gtest/include/gtest/gtest.h"
24 namespace net {
26 namespace {
28 HttpAuthHandlerMock* CreateMockHandler(bool connection_based) {
29 HttpAuthHandlerMock* auth_handler = new HttpAuthHandlerMock();
30 auth_handler->set_connection_based(connection_based);
31 std::string challenge_text = "Basic";
32 HttpAuthChallengeTokenizer challenge(challenge_text.begin(),
33 challenge_text.end());
34 GURL origin("www.example.com");
35 EXPECT_TRUE(auth_handler->InitFromChallenge(&challenge,
36 HttpAuth::AUTH_SERVER,
37 origin,
38 BoundNetLog()));
39 return auth_handler;
42 HttpResponseHeaders* HeadersFromResponseText(const std::string& response) {
43 return new HttpResponseHeaders(
44 HttpUtil::AssembleRawHeaders(response.c_str(), response.length()));
47 HttpAuth::AuthorizationResult HandleChallengeResponse(
48 bool connection_based,
49 const std::string& headers_text,
50 std::string* challenge_used) {
51 scoped_ptr<HttpAuthHandlerMock> mock_handler(
52 CreateMockHandler(connection_based));
53 std::set<HttpAuth::Scheme> disabled_schemes;
54 scoped_refptr<HttpResponseHeaders> headers(
55 HeadersFromResponseText(headers_text));
56 return HttpAuth::HandleChallengeResponse(
57 mock_handler.get(),
58 headers.get(),
59 HttpAuth::AUTH_SERVER,
60 disabled_schemes,
61 challenge_used);
64 } // namespace
66 TEST(HttpAuthTest, ChooseBestChallenge) {
67 static const struct {
68 const char* headers;
69 HttpAuth::Scheme challenge_scheme;
70 const char* challenge_realm;
71 } tests[] = {
73 // Basic is the only challenge type, pick it.
74 "Y: Digest realm=\"X\", nonce=\"aaaaaaaaaa\"\n"
75 "www-authenticate: Basic realm=\"BasicRealm\"\n",
77 HttpAuth::AUTH_SCHEME_BASIC,
78 "BasicRealm",
81 // Fake is the only challenge type, but it is unsupported.
82 "Y: Digest realm=\"FooBar\", nonce=\"aaaaaaaaaa\"\n"
83 "www-authenticate: Fake realm=\"FooBar\"\n",
85 HttpAuth::AUTH_SCHEME_MAX,
86 "",
89 // Pick Digest over Basic.
90 "www-authenticate: Basic realm=\"FooBar\"\n"
91 "www-authenticate: Fake realm=\"FooBar\"\n"
92 "www-authenticate: nonce=\"aaaaaaaaaa\"\n"
93 "www-authenticate: Digest realm=\"DigestRealm\", nonce=\"aaaaaaaaaa\"\n",
95 HttpAuth::AUTH_SCHEME_DIGEST,
96 "DigestRealm",
99 // Handle an empty header correctly.
100 "Y: Digest realm=\"X\", nonce=\"aaaaaaaaaa\"\n"
101 "www-authenticate:\n",
103 HttpAuth::AUTH_SCHEME_MAX,
107 "WWW-Authenticate: Negotiate\n"
108 "WWW-Authenticate: NTLM\n",
110 #if defined(USE_KERBEROS) && !defined(OS_ANDROID)
111 // Choose Negotiate over NTLM on all platforms.
112 // TODO(ahendrickson): This may be flaky on Linux and OSX as it
113 // relies on being able to load one of the known .so files
114 // for gssapi.
115 HttpAuth::AUTH_SCHEME_NEGOTIATE,
116 #else
117 // On systems that don't use Kerberos fall back to NTLM.
118 HttpAuth::AUTH_SCHEME_NTLM,
119 #endif // defined(USE_KERBEROS)
122 GURL origin("http://www.example.com");
123 std::set<HttpAuth::Scheme> disabled_schemes;
124 MockAllowURLSecurityManager url_security_manager;
125 scoped_ptr<HostResolver> host_resolver(new MockHostResolver());
126 scoped_ptr<HttpAuthHandlerRegistryFactory> http_auth_handler_factory(
127 HttpAuthHandlerFactory::CreateDefault(host_resolver.get()));
128 http_auth_handler_factory->SetURLSecurityManager(
129 "negotiate", &url_security_manager);
131 for (size_t i = 0; i < arraysize(tests); ++i) {
132 // Make a HttpResponseHeaders object.
133 std::string headers_with_status_line("HTTP/1.1 401 Unauthorized\n");
134 headers_with_status_line += tests[i].headers;
135 scoped_refptr<HttpResponseHeaders> headers(
136 HeadersFromResponseText(headers_with_status_line));
138 scoped_ptr<HttpAuthHandler> handler;
139 HttpAuth::ChooseBestChallenge(http_auth_handler_factory.get(),
140 headers.get(),
141 HttpAuth::AUTH_SERVER,
142 origin,
143 disabled_schemes,
144 BoundNetLog(),
145 &handler);
147 if (handler.get()) {
148 EXPECT_EQ(tests[i].challenge_scheme, handler->auth_scheme());
149 EXPECT_STREQ(tests[i].challenge_realm, handler->realm().c_str());
150 } else {
151 EXPECT_EQ(HttpAuth::AUTH_SCHEME_MAX, tests[i].challenge_scheme);
152 EXPECT_STREQ("", tests[i].challenge_realm);
157 TEST(HttpAuthTest, HandleChallengeResponse) {
158 std::string challenge_used;
159 const char* const kMockChallenge =
160 "HTTP/1.1 401 Unauthorized\n"
161 "WWW-Authenticate: Mock token_here\n";
162 const char* const kBasicChallenge =
163 "HTTP/1.1 401 Unauthorized\n"
164 "WWW-Authenticate: Basic realm=\"happy\"\n";
165 const char* const kMissingChallenge =
166 "HTTP/1.1 401 Unauthorized\n";
167 const char* const kEmptyChallenge =
168 "HTTP/1.1 401 Unauthorized\n"
169 "WWW-Authenticate: \n";
170 const char* const kBasicAndMockChallenges =
171 "HTTP/1.1 401 Unauthorized\n"
172 "WWW-Authenticate: Basic realm=\"happy\"\n"
173 "WWW-Authenticate: Mock token_here\n";
174 const char* const kTwoMockChallenges =
175 "HTTP/1.1 401 Unauthorized\n"
176 "WWW-Authenticate: Mock token_a\n"
177 "WWW-Authenticate: Mock token_b\n";
179 // Request based schemes should treat any new challenges as rejections of the
180 // previous authentication attempt. (There is a slight exception for digest
181 // authentication and the stale parameter, but that is covered in the
182 // http_auth_handler_digest_unittests).
183 EXPECT_EQ(
184 HttpAuth::AUTHORIZATION_RESULT_REJECT,
185 HandleChallengeResponse(false, kMockChallenge, &challenge_used));
186 EXPECT_EQ("Mock token_here", challenge_used);
188 EXPECT_EQ(
189 HttpAuth::AUTHORIZATION_RESULT_REJECT,
190 HandleChallengeResponse(false, kBasicChallenge, &challenge_used));
191 EXPECT_EQ("", challenge_used);
193 EXPECT_EQ(
194 HttpAuth::AUTHORIZATION_RESULT_REJECT,
195 HandleChallengeResponse(false, kMissingChallenge, &challenge_used));
196 EXPECT_EQ("", challenge_used);
198 EXPECT_EQ(
199 HttpAuth::AUTHORIZATION_RESULT_REJECT,
200 HandleChallengeResponse(false, kEmptyChallenge, &challenge_used));
201 EXPECT_EQ("", challenge_used);
203 EXPECT_EQ(
204 HttpAuth::AUTHORIZATION_RESULT_REJECT,
205 HandleChallengeResponse(false, kBasicAndMockChallenges, &challenge_used));
206 EXPECT_EQ("Mock token_here", challenge_used);
208 EXPECT_EQ(
209 HttpAuth::AUTHORIZATION_RESULT_REJECT,
210 HandleChallengeResponse(false, kTwoMockChallenges, &challenge_used));
211 EXPECT_EQ("Mock token_a", challenge_used);
213 // Connection based schemes will treat new auth challenges for the same scheme
214 // as acceptance (and continuance) of the current approach. If there are
215 // no auth challenges for the same scheme, the response will be treated as
216 // a rejection.
217 EXPECT_EQ(
218 HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
219 HandleChallengeResponse(true, kMockChallenge, &challenge_used));
220 EXPECT_EQ("Mock token_here", challenge_used);
222 EXPECT_EQ(
223 HttpAuth::AUTHORIZATION_RESULT_REJECT,
224 HandleChallengeResponse(true, kBasicChallenge, &challenge_used));
225 EXPECT_EQ("", challenge_used);
227 EXPECT_EQ(
228 HttpAuth::AUTHORIZATION_RESULT_REJECT,
229 HandleChallengeResponse(true, kMissingChallenge, &challenge_used));
230 EXPECT_EQ("", challenge_used);
232 EXPECT_EQ(
233 HttpAuth::AUTHORIZATION_RESULT_REJECT,
234 HandleChallengeResponse(true, kEmptyChallenge, &challenge_used));
235 EXPECT_EQ("", challenge_used);
237 EXPECT_EQ(
238 HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
239 HandleChallengeResponse(true, kBasicAndMockChallenges, &challenge_used));
240 EXPECT_EQ("Mock token_here", challenge_used);
242 EXPECT_EQ(
243 HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
244 HandleChallengeResponse(true, kTwoMockChallenges, &challenge_used));
245 EXPECT_EQ("Mock token_a", challenge_used);
248 TEST(HttpAuthTest, GetChallengeHeaderName) {
249 std::string name;
251 name = HttpAuth::GetChallengeHeaderName(HttpAuth::AUTH_SERVER);
252 EXPECT_STREQ("WWW-Authenticate", name.c_str());
254 name = HttpAuth::GetChallengeHeaderName(HttpAuth::AUTH_PROXY);
255 EXPECT_STREQ("Proxy-Authenticate", name.c_str());
258 TEST(HttpAuthTest, GetAuthorizationHeaderName) {
259 std::string name;
261 name = HttpAuth::GetAuthorizationHeaderName(HttpAuth::AUTH_SERVER);
262 EXPECT_STREQ("Authorization", name.c_str());
264 name = HttpAuth::GetAuthorizationHeaderName(HttpAuth::AUTH_PROXY);
265 EXPECT_STREQ("Proxy-Authorization", name.c_str());
268 } // namespace net