summaryrefslogtreecommitdiffstats
path: root/netwerk/test/unit/test_httpauth.js
diff options
context:
space:
mode:
Diffstat (limited to 'netwerk/test/unit/test_httpauth.js')
-rw-r--r--netwerk/test/unit/test_httpauth.js204
1 files changed, 204 insertions, 0 deletions
diff --git a/netwerk/test/unit/test_httpauth.js b/netwerk/test/unit/test_httpauth.js
new file mode 100644
index 0000000000..9c9de82618
--- /dev/null
+++ b/netwerk/test/unit/test_httpauth.js
@@ -0,0 +1,204 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This test makes sure the HTTP authenticated sessions are correctly cleared
+// when entering and leaving the private browsing mode.
+
+"use strict";
+
+function run_test() {
+ var am = Cc["@mozilla.org/network/http-auth-manager;1"].getService(
+ Ci.nsIHttpAuthManager
+ );
+
+ const kHost1 = "pbtest3.example.com";
+ const kHost2 = "pbtest4.example.com";
+ const kPort = 80;
+ const kHTTP = "http";
+ const kBasic = "basic";
+ const kRealm = "realm";
+ const kDomain = "example.com";
+ const kUser = "user";
+ const kUser2 = "user2";
+ const kPassword = "pass";
+ const kPassword2 = "pass2";
+ const kEmpty = "";
+
+ const PRIVATE = true;
+ const NOT_PRIVATE = false;
+
+ try {
+ var domain = { value: kEmpty },
+ user = { value: kEmpty },
+ pass = { value: kEmpty };
+ // simulate a login via HTTP auth outside of the private mode
+ am.setAuthIdentity(
+ kHTTP,
+ kHost1,
+ kPort,
+ kBasic,
+ kRealm,
+ kEmpty,
+ kDomain,
+ kUser,
+ kPassword
+ );
+ // make sure the recently added auth entry is available outside the private browsing mode
+ am.getAuthIdentity(
+ kHTTP,
+ kHost1,
+ kPort,
+ kBasic,
+ kRealm,
+ kEmpty,
+ domain,
+ user,
+ pass,
+ NOT_PRIVATE
+ );
+ Assert.equal(domain.value, kDomain);
+ Assert.equal(user.value, kUser);
+ Assert.equal(pass.value, kPassword);
+
+ // make sure the added auth entry is no longer accessible in private
+ domain = { value: kEmpty };
+ user = { value: kEmpty };
+ pass = { value: kEmpty };
+ try {
+ // should throw
+ am.getAuthIdentity(
+ kHTTP,
+ kHost1,
+ kPort,
+ kBasic,
+ kRealm,
+ kEmpty,
+ domain,
+ user,
+ pass,
+ PRIVATE
+ );
+ do_throw(
+ "Auth entry should not be retrievable after entering the private browsing mode"
+ );
+ } catch (e) {
+ Assert.equal(domain.value, kEmpty);
+ Assert.equal(user.value, kEmpty);
+ Assert.equal(pass.value, kEmpty);
+ }
+
+ // simulate a login via HTTP auth inside of the private mode
+ am.setAuthIdentity(
+ kHTTP,
+ kHost2,
+ kPort,
+ kBasic,
+ kRealm,
+ kEmpty,
+ kDomain,
+ kUser2,
+ kPassword2,
+ PRIVATE
+ );
+ // make sure the recently added auth entry is available inside the private browsing mode
+ domain = { value: kEmpty };
+ user = { value: kEmpty };
+ pass = { value: kEmpty };
+ am.getAuthIdentity(
+ kHTTP,
+ kHost2,
+ kPort,
+ kBasic,
+ kRealm,
+ kEmpty,
+ domain,
+ user,
+ pass,
+ PRIVATE
+ );
+ Assert.equal(domain.value, kDomain);
+ Assert.equal(user.value, kUser2);
+ Assert.equal(pass.value, kPassword2);
+
+ try {
+ // make sure the recently added auth entry is not available outside the private browsing mode
+ domain = { value: kEmpty };
+ user = { value: kEmpty };
+ pass = { value: kEmpty };
+ am.getAuthIdentity(
+ kHTTP,
+ kHost2,
+ kPort,
+ kBasic,
+ kRealm,
+ kEmpty,
+ domain,
+ user,
+ pass,
+ NOT_PRIVATE
+ );
+ do_throw(
+ "Auth entry should not be retrievable outside of private browsing mode"
+ );
+ } catch (x) {
+ Assert.equal(domain.value, kEmpty);
+ Assert.equal(user.value, kEmpty);
+ Assert.equal(pass.value, kEmpty);
+ }
+
+ // simulate leaving private browsing mode
+ Services.obs.notifyObservers(null, "last-pb-context-exited");
+
+ // make sure the added auth entry is no longer accessible in any privacy state
+ domain = { value: kEmpty };
+ user = { value: kEmpty };
+ pass = { value: kEmpty };
+ try {
+ // should throw (not available in public mode)
+ am.getAuthIdentity(
+ kHTTP,
+ kHost2,
+ kPort,
+ kBasic,
+ kRealm,
+ kEmpty,
+ domain,
+ user,
+ pass,
+ NOT_PRIVATE
+ );
+ do_throw(
+ "Auth entry should not be retrievable after exiting the private browsing mode"
+ );
+ } catch (e) {
+ Assert.equal(domain.value, kEmpty);
+ Assert.equal(user.value, kEmpty);
+ Assert.equal(pass.value, kEmpty);
+ }
+ try {
+ // should throw (no longer available in private mode)
+ am.getAuthIdentity(
+ kHTTP,
+ kHost2,
+ kPort,
+ kBasic,
+ kRealm,
+ kEmpty,
+ domain,
+ user,
+ pass,
+ PRIVATE
+ );
+ do_throw(
+ "Auth entry should not be retrievable in private mode after exiting the private browsing mode"
+ );
+ } catch (x) {
+ Assert.equal(domain.value, kEmpty);
+ Assert.equal(user.value, kEmpty);
+ Assert.equal(pass.value, kEmpty);
+ }
+ } catch (e) {
+ do_throw("Unexpected exception while testing HTTP auth manager: " + e);
+ }
+}