1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
"use strict";
function handleRequest(request, response) {
let match;
let requestAuth = true;
// Allow the caller to drive how authentication is processed via the query.
// Eg, http://localhost:8888/authenticate.sjs?user=foo&realm=bar
// The extra ? allows the user/pass/realm checks to succeed if the name is
// at the beginning of the query string.
let query = "?" + request.queryString;
let expected_user = "test",
expected_pass = "testpass",
realm = "mochitest";
// user=xxx
match = /[^_]user=([^&]*)/.exec(query);
if (match) {
expected_user = match[1];
}
// pass=xxx
match = /[^_]pass=([^&]*)/.exec(query);
if (match) {
expected_pass = match[1];
}
// realm=xxx
match = /[^_]realm=([^&]*)/.exec(query);
if (match) {
realm = match[1];
}
// Look for an authentication header, if any, in the request.
//
// EG: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
//
// This test only supports Basic auth. The value sent by the client is
// "username:password", obscured with base64 encoding.
let actual_user = "",
actual_pass = "",
authHeader;
if (request.hasHeader("Authorization")) {
authHeader = request.getHeader("Authorization");
match = /Basic (.+)/.exec(authHeader);
if (match.length != 2) {
throw new Error("Couldn't parse auth header: " + authHeader);
}
/* eslint-disable-next-line no-use-before-define */
let userpass = atob(match[1]);
match = /(.*):(.*)/.exec(userpass);
if (match.length != 3) {
throw new Error("Couldn't decode auth header: " + userpass);
}
actual_user = match[1];
actual_pass = match[2];
}
// Don't request authentication if the credentials we got were what we
// expected.
if (expected_user == actual_user && expected_pass == actual_pass) {
requestAuth = false;
}
if (requestAuth) {
response.setStatusLine("1.0", 401, "Authentication required");
response.setHeader("WWW-Authenticate", 'basic realm="' + realm + '"', true);
} else {
response.setStatusLine("1.0", 200, "OK");
}
response.setHeader("Content-Type", "application/xhtml+xml", false);
response.write("<html xmlns='http://www.w3.org/1999/xhtml'>");
response.write(
"<p>Login: <span id='ok'>" +
(requestAuth ? "FAIL" : "PASS") +
"</span></p>\n"
);
response.write("<p>Auth: <span id='auth'>" + authHeader + "</span></p>\n");
response.write("<p>User: <span id='user'>" + actual_user + "</span></p>\n");
response.write("<p>Pass: <span id='pass'>" + actual_pass + "</span></p>\n");
response.write("</html>");
}
|
