summaryrefslogtreecommitdiffstats
path: root/dom/security/test/mixedcontentblocker/file_auth_download_server.sjs
blob: 1600d4aa1266dd329422b17ecdbeec2cc55240d6 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

"use strict";

function handleRequest(request, response) {
  let match;

  // Allow the caller to drive how authentication is processed via the query.
  // Eg, http://localhost:8888/authenticate.sjs?user=foo&realm=bar
  // The extra ? allows the user/pass/realm checks to succeed if the name is
  // at the beginning of the query string.
  let query = new URLSearchParams(request.queryString);

  let expected_user = query.get("user");
  let expected_pass = query.get("pass");
  let realm = query.get("realm");

  // Look for an authentication header, if any, in the request.
  //
  // EG: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
  //
  // This test only supports Basic auth. The value sent by the client is
  // "username:password", obscured with base64 encoding.

  let actual_user = "",
    actual_pass = "",
    authHeader;
  if (request.hasHeader("Authorization")) {
    authHeader = request.getHeader("Authorization");
    match = /Basic (.+)/.exec(authHeader);
    if (match.length != 2) {
      throw new Error("Couldn't parse auth header: " + authHeader);
    }
    // Decode base64 to string
    let userpass = atob(match[1]);
    match = /(.*):(.*)/.exec(userpass);
    if (match.length != 3) {
      throw new Error("Couldn't decode auth header: " + userpass);
    }
    actual_user = match[1];
    actual_pass = match[2];
  }

  // Don't request authentication if the credentials we got were what we
  // expected.
  let requestAuth =
    expected_user != actual_user || expected_pass != actual_pass;

  if (requestAuth) {
    response.setStatusLine("1.0", 401, "Authentication required");
    response.setHeader("WWW-Authenticate", 'basic realm="' + realm + '"', true);
    response.write("Authentication required");
  } else {
    response.setStatusLine("1.0", 200, "OK");
    response.setHeader("Cache-Control", "no-cache", false);
    response.setHeader(
      "Content-Disposition",
      "attachment; filename=dummy-file.html"
    );
    response.setHeader("Content-Type", "text/html");
    response.write("<p id='success'>SUCCESS</p>");
  }
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-21 22:24:18 +0000