xref: /aosp_15_r20/external/cronet/net/http/http_auth_handler_basic_unittest.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2011 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/http/http_auth_handler_basic.h"
6 
7 #include <memory>
8 #include <string>
9 
10 #include "base/strings/string_util.h"
11 #include "base/strings/utf_string_conversions.h"
12 #include "net/base/net_errors.h"
13 #include "net/base/network_anonymization_key.h"
14 #include "net/base/test_completion_callback.h"
15 #include "net/dns/mock_host_resolver.h"
16 #include "net/http/http_auth_challenge_tokenizer.h"
17 #include "net/http/http_auth_preferences.h"
18 #include "net/http/http_request_info.h"
19 #include "net/log/net_log_with_source.h"
20 #include "net/ssl/ssl_info.h"
21 #include "net/test/gtest_util.h"
22 #include "testing/gmock/include/gmock/gmock.h"
23 #include "testing/gtest/include/gtest/gtest.h"
24 #include "url/scheme_host_port.h"
25 
26 using net::test::IsError;
27 using net::test::IsOk;
28 
29 namespace net {
30 
TEST(HttpAuthHandlerBasicTest,GenerateAuthToken)31 TEST(HttpAuthHandlerBasicTest, GenerateAuthToken) {
32   static const struct {
33     const char* username;
34     const char* password;
35     const char* expected_credentials;
36   } tests[] = {
37     { "foo", "bar", "Basic Zm9vOmJhcg==" },
38     // Empty username
39     { "", "foobar", "Basic OmZvb2Jhcg==" },
40     // Empty password
41     { "anon", "", "Basic YW5vbjo=" },
42     // Empty username and empty password.
43     { "", "", "Basic Og==" },
44   };
45   url::SchemeHostPort scheme_host_port(GURL("http://www.example.com"));
46   HttpAuthHandlerBasic::Factory factory;
47   for (const auto& test : tests) {
48     std::string challenge = "Basic realm=\"Atlantis\"";
49     SSLInfo null_ssl_info;
50     auto host_resolver = std::make_unique<MockHostResolver>();
51     std::unique_ptr<HttpAuthHandler> basic;
52     EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
53                       challenge, HttpAuth::AUTH_SERVER, null_ssl_info,
54                       NetworkAnonymizationKey(), scheme_host_port,
55                       NetLogWithSource(), host_resolver.get(), &basic));
56     AuthCredentials credentials(base::ASCIIToUTF16(test.username),
57                                 base::ASCIIToUTF16(test.password));
58     HttpRequestInfo request_info;
59     std::string auth_token;
60     TestCompletionCallback callback;
61     int rv = basic->GenerateAuthToken(&credentials, &request_info,
62                                       callback.callback(), &auth_token);
63     EXPECT_THAT(rv, IsOk());
64     EXPECT_STREQ(test.expected_credentials, auth_token.c_str());
65   }
66 }
67 
TEST(HttpAuthHandlerBasicTest,HandleAnotherChallenge)68 TEST(HttpAuthHandlerBasicTest, HandleAnotherChallenge) {
69   static const struct {
70     const char* challenge;
71     HttpAuth::AuthorizationResult expected_rv;
72   } tests[] = {
73     // The handler is initialized using this challenge.  The first
74     // time HandleAnotherChallenge is called with it should cause it
75     // to treat the second challenge as a rejection since it is for
76     // the same realm.
77     {
78       "Basic realm=\"First\"",
79       HttpAuth::AUTHORIZATION_RESULT_REJECT
80     },
81 
82     // A challenge for a different realm.
83     {
84       "Basic realm=\"Second\"",
85       HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM
86     },
87 
88     // Although RFC 2617 isn't explicit about this case, if there is
89     // more than one realm directive, we pick the last one.  So this
90     // challenge should be treated as being for "First" realm.
91     {
92       "Basic realm=\"Second\",realm=\"First\"",
93       HttpAuth::AUTHORIZATION_RESULT_REJECT
94     },
95 
96     // And this one should be treated as if it was for "Second."
97     {
98       "basic realm=\"First\",realm=\"Second\"",
99       HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM
100     }
101   };
102 
103   url::SchemeHostPort scheme_host_port(GURL("http://www.example.com"));
104   HttpAuthHandlerBasic::Factory factory;
105   SSLInfo null_ssl_info;
106   auto host_resolver = std::make_unique<MockHostResolver>();
107   std::unique_ptr<HttpAuthHandler> basic;
108   EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
109                     tests[0].challenge, HttpAuth::AUTH_SERVER, null_ssl_info,
110                     NetworkAnonymizationKey(), scheme_host_port,
111                     NetLogWithSource(), host_resolver.get(), &basic));
112 
113   for (const auto& test : tests) {
114     std::string challenge(test.challenge);
115     HttpAuthChallengeTokenizer tok(challenge.begin(),
116                                    challenge.end());
117     EXPECT_EQ(test.expected_rv, basic->HandleAnotherChallenge(&tok));
118   }
119 }
120 
TEST(HttpAuthHandlerBasicTest,InitFromChallenge)121 TEST(HttpAuthHandlerBasicTest, InitFromChallenge) {
122   static const struct {
123     const char* challenge;
124     int expected_rv;
125     const char* expected_realm;
126   } tests[] = {
127     // No realm (we allow this even though realm is supposed to be required
128     // according to RFC 2617.)
129     {
130       "Basic",
131       OK,
132       "",
133     },
134 
135     // Realm is empty string.
136     {
137       "Basic realm=\"\"",
138       OK,
139       "",
140     },
141 
142     // Realm is valid.
143     {
144       "Basic realm=\"test_realm\"",
145       OK,
146       "test_realm",
147     },
148 
149     // The parser ignores tokens which aren't known.
150     {
151       "Basic realm=\"test_realm\",unknown_token=foobar",
152       OK,
153       "test_realm",
154     },
155 
156     // The parser skips over tokens which aren't known.
157     {
158       "Basic unknown_token=foobar,realm=\"test_realm\"",
159       OK,
160       "test_realm",
161     },
162 
163 #if 0
164     // TODO(cbentzel): It's unclear what the parser should do in these cases.
165     //                 It seems like this should either be treated as invalid,
166     //                 or the spaces should be used as a separator.
167     {
168       "Basic realm=\"test_realm\" unknown_token=foobar",
169       OK,
170       "test_realm",
171     },
172 
173     // The parser skips over tokens which aren't known.
174     {
175       "Basic unknown_token=foobar realm=\"test_realm\"",
176       OK,
177       "test_realm",
178     },
179 #endif
180 
181     // The parser fails when the first token is not "Basic".
182     {
183       "Negotiate",
184       ERR_INVALID_RESPONSE,
185       ""
186     },
187 
188     // Although RFC 2617 isn't explicit about this case, if there is
189     // more than one realm directive, we pick the last one.
190     {
191       "Basic realm=\"foo\",realm=\"bar\"",
192       OK,
193       "bar",
194     },
195 
196     // Handle ISO-8859-1 character as part of the realm. The realm is converted
197     // to UTF-8.
198     {
199       "Basic realm=\"foo-\xE5\"",
200       OK,
201       "foo-\xC3\xA5",
202     },
203   };
204   HttpAuthHandlerBasic::Factory factory;
205   url::SchemeHostPort scheme_host_port(GURL("http://www.example.com"));
206   for (const auto& test : tests) {
207     std::string challenge = test.challenge;
208     SSLInfo null_ssl_info;
209     auto host_resolver = std::make_unique<MockHostResolver>();
210     std::unique_ptr<HttpAuthHandler> basic;
211     int rv = factory.CreateAuthHandlerFromString(
212         challenge, HttpAuth::AUTH_SERVER, null_ssl_info,
213         NetworkAnonymizationKey(), scheme_host_port, NetLogWithSource(),
214         host_resolver.get(), &basic);
215     EXPECT_EQ(test.expected_rv, rv);
216     if (rv == OK)
217       EXPECT_EQ(test.expected_realm, basic->realm());
218   }
219 }
220 
221 // Test that when Basic is configured to forbid HTTP, attempting to create a
222 // Basic auth handler for a HTTP context is rejected.
TEST(HttpAuthHandlerBasicTest,BasicAuthRequiresHTTPS)223 TEST(HttpAuthHandlerBasicTest, BasicAuthRequiresHTTPS) {
224   url::SchemeHostPort nonsecure_scheme_host_port(
225       GURL("http://www.example.com"));
226   HttpAuthHandlerBasic::Factory factory;
227   HttpAuthPreferences http_auth_preferences;
228   http_auth_preferences.set_basic_over_http_enabled(false);
229   factory.set_http_auth_preferences(&http_auth_preferences);
230 
231   std::string challenge = "Basic realm=\"Atlantis\"";
232   SSLInfo null_ssl_info;
233   auto host_resolver = std::make_unique<MockHostResolver>();
234   std::unique_ptr<HttpAuthHandler> basic;
235 
236   // Ensure that HTTP is disallowed.
237   EXPECT_THAT(factory.CreateAuthHandlerFromString(
238                   challenge, HttpAuth::AUTH_SERVER, null_ssl_info,
239                   NetworkAnonymizationKey(), nonsecure_scheme_host_port,
240                   NetLogWithSource(), host_resolver.get(), &basic),
241               IsError(ERR_UNSUPPORTED_AUTH_SCHEME));
242 
243   // Ensure that HTTPS is allowed.
244   url::SchemeHostPort secure_scheme_host_port(GURL("https://www.example.com"));
245   EXPECT_THAT(factory.CreateAuthHandlerFromString(
246                   challenge, HttpAuth::AUTH_SERVER, null_ssl_info,
247                   NetworkAnonymizationKey(), secure_scheme_host_port,
248                   NetLogWithSource(), host_resolver.get(), &basic),
249               IsOk());
250 }
251 
252 }  // namespace net
253