netwerk/test/unit/test_httpauth.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

// This test makes sure the HTTP authenticated sessions are correctly cleared
// when entering and leaving the private browsing mode.

"use strict";

function run_test() {
  var am = Cc["@mozilla.org/network/http-auth-manager;1"].getService(
    Ci.nsIHttpAuthManager
  );

  const kHost1 = "pbtest3.example.com";
  const kHost2 = "pbtest4.example.com";
  const kPort = 80;
  const kHTTP = "http";
  const kBasic = "basic";
  const kRealm = "realm";
  const kDomain = "example.com";
  const kUser = "user";
  const kUser2 = "user2";
  const kPassword = "pass";
  const kPassword2 = "pass2";
  const kEmpty = "";

  const PRIVATE = true;
  const NOT_PRIVATE = false;

  try {
    var domain = { value: kEmpty },
      user = { value: kEmpty },
      pass = { value: kEmpty };
    // simulate a login via HTTP auth outside of the private mode
    am.setAuthIdentity(
      kHTTP,
      kHost1,
      kPort,
      kBasic,
      kRealm,
      kEmpty,
      kDomain,
      kUser,
      kPassword
    );
    // make sure the recently added auth entry is available outside the private browsing mode
    am.getAuthIdentity(
      kHTTP,
      kHost1,
      kPort,
      kBasic,
      kRealm,
      kEmpty,
      domain,
      user,
      pass,
      NOT_PRIVATE
    );
    Assert.equal(domain.value, kDomain);
    Assert.equal(user.value, kUser);
    Assert.equal(pass.value, kPassword);

    // make sure the added auth entry is no longer accessible in private
    domain = { value: kEmpty };
    user = { value: kEmpty };
    pass = { value: kEmpty };
    try {
      // should throw
      am.getAuthIdentity(
        kHTTP,
        kHost1,
        kPort,
        kBasic,
        kRealm,
        kEmpty,
        domain,
        user,
        pass,
        PRIVATE
      );
      do_throw(
        "Auth entry should not be retrievable after entering the private browsing mode"
      );
    } catch (e) {
      Assert.equal(domain.value, kEmpty);
      Assert.equal(user.value, kEmpty);
      Assert.equal(pass.value, kEmpty);
    }

    // simulate a login via HTTP auth inside of the private mode
    am.setAuthIdentity(
      kHTTP,
      kHost2,
      kPort,
      kBasic,
      kRealm,
      kEmpty,
      kDomain,
      kUser2,
      kPassword2,
      PRIVATE
    );
    // make sure the recently added auth entry is available inside the private browsing mode
    domain = { value: kEmpty };
    user = { value: kEmpty };
    pass = { value: kEmpty };
    am.getAuthIdentity(
      kHTTP,
      kHost2,
      kPort,
      kBasic,
      kRealm,
      kEmpty,
      domain,
      user,
      pass,
      PRIVATE
    );
    Assert.equal(domain.value, kDomain);
    Assert.equal(user.value, kUser2);
    Assert.equal(pass.value, kPassword2);

    try {
      // make sure the recently added auth entry is not available outside the private browsing mode
      domain = { value: kEmpty };
      user = { value: kEmpty };
      pass = { value: kEmpty };
      am.getAuthIdentity(
        kHTTP,
        kHost2,
        kPort,
        kBasic,
        kRealm,
        kEmpty,
        domain,
        user,
        pass,
        NOT_PRIVATE
      );
      do_throw(
        "Auth entry should not be retrievable outside of private browsing mode"
      );
    } catch (x) {
      Assert.equal(domain.value, kEmpty);
      Assert.equal(user.value, kEmpty);
      Assert.equal(pass.value, kEmpty);
    }

    // simulate leaving private browsing mode
    Services.obs.notifyObservers(null, "last-pb-context-exited");

    // make sure the added auth entry is no longer accessible in any privacy state
    domain = { value: kEmpty };
    user = { value: kEmpty };
    pass = { value: kEmpty };
    try {
      // should throw (not available in public mode)
      am.getAuthIdentity(
        kHTTP,
        kHost2,
        kPort,
        kBasic,
        kRealm,
        kEmpty,
        domain,
        user,
        pass,
        NOT_PRIVATE
      );
      do_throw(
        "Auth entry should not be retrievable after exiting the private browsing mode"
      );
    } catch (e) {
      Assert.equal(domain.value, kEmpty);
      Assert.equal(user.value, kEmpty);
      Assert.equal(pass.value, kEmpty);
    }
    try {
      // should throw (no longer available in private mode)
      am.getAuthIdentity(
        kHTTP,
        kHost2,
        kPort,
        kBasic,
        kRealm,
        kEmpty,
        domain,
        user,
        pass,
        PRIVATE
      );
      do_throw(
        "Auth entry should not be retrievable in private mode after exiting the private browsing mode"
      );
    } catch (x) {
      Assert.equal(domain.value, kEmpty);
      Assert.equal(user.value, kEmpty);
      Assert.equal(pass.value, kEmpty);
    }
  } catch (e) {
    do_throw("Unexpected exception while testing HTTP auth manager: " + e);
  }
}