[ tor-browser ].git.dasho

test_httpauth.js (5030B)
      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 // This test makes sure the HTTP authenticated sessions are correctly cleared
      6 // when entering and leaving the private browsing mode.
      7 
      8 "use strict";
      9 
     10 function run_test() {
     11  var am = Cc["@mozilla.org/network/http-auth-manager;1"].getService(
     12    Ci.nsIHttpAuthManager
     13  );
     14 
     15  const kHost1 = "pbtest3.example.com";
     16  const kHost2 = "pbtest4.example.com";
     17  const kPort = 80;
     18  const kHTTP = "http";
     19  const kBasic = "basic";
     20  const kRealm = "realm";
     21  const kDomain = "example.com";
     22  const kUser = "user";
     23  const kUser2 = "user2";
     24  const kPassword = "pass";
     25  const kPassword2 = "pass2";
     26  const kEmpty = "";
     27 
     28  const PRIVATE = true;
     29  const NOT_PRIVATE = false;
     30 
     31  try {
     32    var domain = { value: kEmpty },
     33      user = { value: kEmpty },
     34      pass = { value: kEmpty };
     35    // simulate a login via HTTP auth outside of the private mode
     36    am.setAuthIdentity(
     37      kHTTP,
     38      kHost1,
     39      kPort,
     40      kBasic,
     41      kRealm,
     42      kEmpty,
     43      kDomain,
     44      kUser,
     45      kPassword
     46    );
     47    // make sure the recently added auth entry is available outside the private browsing mode
     48    am.getAuthIdentity(
     49      kHTTP,
     50      kHost1,
     51      kPort,
     52      kBasic,
     53      kRealm,
     54      kEmpty,
     55      domain,
     56      user,
     57      pass,
     58      NOT_PRIVATE
     59    );
     60    Assert.equal(domain.value, kDomain);
     61    Assert.equal(user.value, kUser);
     62    Assert.equal(pass.value, kPassword);
     63 
     64    // make sure the added auth entry is no longer accessible in private
     65    domain = { value: kEmpty };
     66    user = { value: kEmpty };
     67    pass = { value: kEmpty };
     68    try {
     69      // should throw
     70      am.getAuthIdentity(
     71        kHTTP,
     72        kHost1,
     73        kPort,
     74        kBasic,
     75        kRealm,
     76        kEmpty,
     77        domain,
     78        user,
     79        pass,
     80        PRIVATE
     81      );
     82      do_throw(
     83        "Auth entry should not be retrievable after entering the private browsing mode"
     84      );
     85    } catch (e) {
     86      Assert.equal(domain.value, kEmpty);
     87      Assert.equal(user.value, kEmpty);
     88      Assert.equal(pass.value, kEmpty);
     89    }
     90 
     91    // simulate a login via HTTP auth inside of the private mode
     92    am.setAuthIdentity(
     93      kHTTP,
     94      kHost2,
     95      kPort,
     96      kBasic,
     97      kRealm,
     98      kEmpty,
     99      kDomain,
    100      kUser2,
    101      kPassword2,
    102      PRIVATE
    103    );
    104    // make sure the recently added auth entry is available inside the private browsing mode
    105    domain = { value: kEmpty };
    106    user = { value: kEmpty };
    107    pass = { value: kEmpty };
    108    am.getAuthIdentity(
    109      kHTTP,
    110      kHost2,
    111      kPort,
    112      kBasic,
    113      kRealm,
    114      kEmpty,
    115      domain,
    116      user,
    117      pass,
    118      PRIVATE
    119    );
    120    Assert.equal(domain.value, kDomain);
    121    Assert.equal(user.value, kUser2);
    122    Assert.equal(pass.value, kPassword2);
    123 
    124    try {
    125      // make sure the recently added auth entry is not available outside the private browsing mode
    126      domain = { value: kEmpty };
    127      user = { value: kEmpty };
    128      pass = { value: kEmpty };
    129      am.getAuthIdentity(
    130        kHTTP,
    131        kHost2,
    132        kPort,
    133        kBasic,
    134        kRealm,
    135        kEmpty,
    136        domain,
    137        user,
    138        pass,
    139        NOT_PRIVATE
    140      );
    141      do_throw(
    142        "Auth entry should not be retrievable outside of private browsing mode"
    143      );
    144    } catch (x) {
    145      Assert.equal(domain.value, kEmpty);
    146      Assert.equal(user.value, kEmpty);
    147      Assert.equal(pass.value, kEmpty);
    148    }
    149 
    150    // simulate leaving private browsing mode
    151    Services.obs.notifyObservers(null, "last-pb-context-exited");
    152 
    153    // make sure the added auth entry is no longer accessible in any privacy state
    154    domain = { value: kEmpty };
    155    user = { value: kEmpty };
    156    pass = { value: kEmpty };
    157    try {
    158      // should throw (not available in public mode)
    159      am.getAuthIdentity(
    160        kHTTP,
    161        kHost2,
    162        kPort,
    163        kBasic,
    164        kRealm,
    165        kEmpty,
    166        domain,
    167        user,
    168        pass,
    169        NOT_PRIVATE
    170      );
    171      do_throw(
    172        "Auth entry should not be retrievable after exiting the private browsing mode"
    173      );
    174    } catch (e) {
    175      Assert.equal(domain.value, kEmpty);
    176      Assert.equal(user.value, kEmpty);
    177      Assert.equal(pass.value, kEmpty);
    178    }
    179    try {
    180      // should throw (no longer available in private mode)
    181      am.getAuthIdentity(
    182        kHTTP,
    183        kHost2,
    184        kPort,
    185        kBasic,
    186        kRealm,
    187        kEmpty,
    188        domain,
    189        user,
    190        pass,
    191        PRIVATE
    192      );
    193      do_throw(
    194        "Auth entry should not be retrievable in private mode after exiting the private browsing mode"
    195      );
    196    } catch (x) {
    197      Assert.equal(domain.value, kEmpty);
    198      Assert.equal(user.value, kEmpty);
    199      Assert.equal(pass.value, kEmpty);
    200    }
    201  } catch (e) {
    202    do_throw("Unexpected exception while testing HTTP auth manager: " + e);
    203  }
    204 }
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE