netwerk/test/unit/test_httpauth.js

   1 /* This Source Code Form is subject to the terms of the Mozilla Public
   2  * License, v. 2.0. If a copy of the MPL was not distributed with this
   3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   4
   5 // This test makes sure the HTTP authenticated sessions are correctly cleared
   6 // when entering and leaving the private browsing mode.
   7
   8 "use strict";
   9
  10 function run_test() {
  11   var am = Cc["@mozilla.org/network/http-auth-manager;1"].getService(
  12     Ci.nsIHttpAuthManager
  13   );
  14
  15   const kHost1 = "pbtest3.example.com";
  16   const kHost2 = "pbtest4.example.com";
  17   const kPort = 80;
  18   const kHTTP = "http";
  19   const kBasic = "basic";
  20   const kRealm = "realm";
  21   const kDomain = "example.com";
  22   const kUser = "user";
  23   const kUser2 = "user2";
  24   const kPassword = "pass";
  25   const kPassword2 = "pass2";
  26   const kEmpty = "";
  27
  28   const PRIVATE = true;
  29   const NOT_PRIVATE = false;
  30
  31   try {
  32     var domain = { value: kEmpty },
  33       user = { value: kEmpty },
  34       pass = { value: kEmpty };
  35     // simulate a login via HTTP auth outside of the private mode
  36     am.setAuthIdentity(
  37       kHTTP,
  38       kHost1,
  39       kPort,
  40       kBasic,
  41       kRealm,
  42       kEmpty,
  43       kDomain,
  44       kUser,
  45       kPassword
  46     );
  47     // make sure the recently added auth entry is available outside the private browsing mode
  48     am.getAuthIdentity(
  49       kHTTP,
  50       kHost1,
  51       kPort,
  52       kBasic,
  53       kRealm,
  54       kEmpty,
  55       domain,
  56       user,
  57       pass,
  58       NOT_PRIVATE
  59     );
  60     Assert.equal(domain.value, kDomain);
  61     Assert.equal(user.value, kUser);
  62     Assert.equal(pass.value, kPassword);
  63
  64     // make sure the added auth entry is no longer accessible in private
  65     domain = { value: kEmpty };
  66     user = { value: kEmpty };
  67     pass = { value: kEmpty };
  68     try {
  69       // should throw
  70       am.getAuthIdentity(
  71         kHTTP,
  72         kHost1,
  73         kPort,
  74         kBasic,
  75         kRealm,
  76         kEmpty,
  77         domain,
  78         user,
  79         pass,
  80         PRIVATE
  81       );
  82       do_throw(
  83         "Auth entry should not be retrievable after entering the private browsing mode"
  84       );
  85     } catch (e) {
  86       Assert.equal(domain.value, kEmpty);
  87       Assert.equal(user.value, kEmpty);
  88       Assert.equal(pass.value, kEmpty);
  89     }
  90
  91     // simulate a login via HTTP auth inside of the private mode
  92     am.setAuthIdentity(
  93       kHTTP,
  94       kHost2,
  95       kPort,
  96       kBasic,
  97       kRealm,
  98       kEmpty,
  99       kDomain,
 100       kUser2,
 101       kPassword2,
 102       PRIVATE
 103     );
 104     // make sure the recently added auth entry is available inside the private browsing mode
 105     domain = { value: kEmpty };
 106     user = { value: kEmpty };
 107     pass = { value: kEmpty };
 108     am.getAuthIdentity(
 109       kHTTP,
 110       kHost2,
 111       kPort,
 112       kBasic,
 113       kRealm,
 114       kEmpty,
 115       domain,
 116       user,
 117       pass,
 118       PRIVATE
 119     );
 120     Assert.equal(domain.value, kDomain);
 121     Assert.equal(user.value, kUser2);
 122     Assert.equal(pass.value, kPassword2);
 123
 124     try {
 125       // make sure the recently added auth entry is not available outside the private browsing mode
 126       domain = { value: kEmpty };
 127       user = { value: kEmpty };
 128       pass = { value: kEmpty };
 129       am.getAuthIdentity(
 130         kHTTP,
 131         kHost2,
 132         kPort,
 133         kBasic,
 134         kRealm,
 135         kEmpty,
 136         domain,
 137         user,
 138         pass,
 139         NOT_PRIVATE
 140       );
 141       do_throw(
 142         "Auth entry should not be retrievable outside of private browsing mode"
 143       );
 144     } catch (x) {
 145       Assert.equal(domain.value, kEmpty);
 146       Assert.equal(user.value, kEmpty);
 147       Assert.equal(pass.value, kEmpty);
 148     }
 149
 150     // simulate leaving private browsing mode
 151     Services.obs.notifyObservers(null, "last-pb-context-exited");
 152
 153     // make sure the added auth entry is no longer accessible in any privacy state
 154     domain = { value: kEmpty };
 155     user = { value: kEmpty };
 156     pass = { value: kEmpty };
 157     try {
 158       // should throw (not available in public mode)
 159       am.getAuthIdentity(
 160         kHTTP,
 161         kHost2,
 162         kPort,
 163         kBasic,
 164         kRealm,
 165         kEmpty,
 166         domain,
 167         user,
 168         pass,
 169         NOT_PRIVATE
 170       );
 171       do_throw(
 172         "Auth entry should not be retrievable after exiting the private browsing mode"
 173       );
 174     } catch (e) {
 175       Assert.equal(domain.value, kEmpty);
 176       Assert.equal(user.value, kEmpty);
 177       Assert.equal(pass.value, kEmpty);
 178     }
 179     try {
 180       // should throw (no longer available in private mode)
 181       am.getAuthIdentity(
 182         kHTTP,
 183         kHost2,
 184         kPort,
 185         kBasic,
 186         kRealm,
 187         kEmpty,
 188         domain,
 189         user,
 190         pass,
 191         PRIVATE
 192       );
 193       do_throw(
 194         "Auth entry should not be retrievable in private mode after exiting the private browsing mode"
 195       );
 196     } catch (x) {
 197       Assert.equal(domain.value, kEmpty);
 198       Assert.equal(user.value, kEmpty);
 199       Assert.equal(pass.value, kEmpty);
 200     }
 201   } catch (e) {
 202     do_throw("Unexpected exception while testing HTTP auth manager: " + e);
 203   }
 204 }