1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
Cu.import("resource://services-sync/resource.js");
Cu.import("resource://services-sync/util.js");
Cu.import("resource://services-sync/service.js");
Cu.import("resource://testing-common/services/sync/utils.js");
const JAPANESE = "\u34ff\u35ff\u36ff\u37ff";
const APPLES = "\uf8ff\uf8ff\uf8ff\uf8ff";
const LOWBYTES = "\xff\xff\xff\xff";
// Poor man's /etc/passwd. Static since there's no btoa()/atob() in xpcshell.
let basicauth = {};
basicauth[LOWBYTES] = "Basic am9obmRvZTr/////";
basicauth[Utils.encodeUTF8(JAPANESE)] = "Basic am9obmRvZTrjk7/jl7/jm7/jn78=";
// Global var for the server password, read by info_collections(),
// modified by change_password().
let server_password;
function login_handling(handler) {
return function (request, response) {
let basic = basicauth[server_password];
if (basic && (request.getHeader("Authorization") == basic)) {
handler(request, response);
} else {
let body = "Unauthorized";
response.setStatusLine(request.httpVersion, 401, "Unauthorized");
response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
response.bodyOutputStream.write(body, body.length);
}
};
}
function change_password(request, response) {
let body, statusCode, status;
let basic = basicauth[server_password];
if (basic && (request.getHeader("Authorization") == basic)) {
server_password = readBytesFromInputStream(request.bodyInputStream);
body = "";
statusCode = 200;
status = "OK";
} else {
statusCode = 401;
body = status = "Unauthorized";
}
response.setStatusLine(request.httpVersion, statusCode, status);
response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
response.bodyOutputStream.write(body, body.length);
}
function run_test() {
initTestLogging("Trace");
let collectionsHelper = track_collections_helper();
let upd = collectionsHelper.with_updated_collection;
let collections = collectionsHelper.collections;
ensureLegacyIdentityManager();
do_test_pending();
let server = httpd_setup({
"/1.1/johndoe/info/collections": login_handling(collectionsHelper.handler),
"/1.1/johndoe/storage/meta/global": upd("meta", new ServerWBO("global").handler()),
"/1.1/johndoe/storage/crypto/keys": upd("crypto", new ServerWBO("keys").handler()),
"/user/1.0/johndoe/password": change_password
});
setBasicCredentials("johndoe", JAPANESE, "irrelevant");
Service.serverURL = server.baseURI;
try {
_("Try to log in with the password.");
server_password = "foobar";
do_check_false(Service.verifyLogin());
do_check_eq(server_password, "foobar");
_("Make the server password the low byte version of our password.");
server_password = LOWBYTES;
do_check_false(Service.verifyLogin());
do_check_eq(server_password, LOWBYTES);
_("Can't use a password that has the same low bytes as ours.");
server_password = Utils.encodeUTF8(JAPANESE);
Service.identity.basicPassword = APPLES;
do_check_false(Service.verifyLogin());
do_check_eq(server_password, Utils.encodeUTF8(JAPANESE));
} finally {
server.stop(do_test_finished);
Svc.Prefs.resetBranch("");
}
}
|