Bug 1453366 [wpt PR 10419] - XMLHttpRequest: align username/password test with the standard, a=testonly
authorAnne van Kesteren <annevk@annevk.nl>
Sun, 29 Apr 2018 20:48:51 +0000
changeset 416364 46d578df5d3238d6efb3a38a9a696f4d963db395
parent 416363 afe09da205505821bedea0ac7e38d8865b3140e9
child 416365 496361c2ecc0bc345b447e9d6b13ed05e701e052
push id33926
push userapavel@mozilla.com
push dateTue, 01 May 2018 10:13:46 +0000
treeherdermozilla-central@d2a4720d1c33 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1453366, 10419
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1453366 [wpt PR 10419] - XMLHttpRequest: align username/password test with the standard, a=testonly Automatic update from web-platform-testsXMLHttpRequest: align username/password test with the standard Fixes https://github.com/whatwg/xhr/issues/191. -- wpt-commits: 7a199e902ad9204594aac0ad9ac702fc46e55223 wpt-pr: 10419
testing/web-platform/meta/MANIFEST.json
testing/web-platform/tests/xhr/resources/authentication.py
testing/web-platform/tests/xhr/send-authentication-competing-names-passwords.htm
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@@ -615496,17 +615496,17 @@
    "523fbc134ecfee5b13e4ef93508712847fc4e396",
    "support"
   ],
   "xhr/resources/auth9/auth.py": [
    "cbe9305740f7e0a9e8c7be9dbfcb606f8abb2758",
    "support"
   ],
   "xhr/resources/authentication.py": [
-   "e7d0a9054c562964b23c4e4bbf1d1207a1811b55",
+   "0a592bcf4ebdefec865fc471f4fc34ffafea2244",
    "support"
   ],
   "xhr/resources/base.xml": [
    "4f52cca8f5bee9b2a4ded6b898d4eb9cdbae6c75",
    "support"
   ],
   "xhr/resources/chunked.py": [
    "be48633bdec117d50bce7a8e4323667881c8e367",
@@ -615872,17 +615872,17 @@
    "d3e88dda4eec2959470f84864160900d2b3bc6d3",
    "testharness"
   ],
   "xhr/send-authentication-basic.htm": [
    "10e209ccb90914cb95b7818ea4b28cdf1836501a",
    "testharness"
   ],
   "xhr/send-authentication-competing-names-passwords.htm": [
-   "f44c72cd39779c91f525dd87dca5eed3697910c2",
+   "fc897478ff6501f938bb7fd575e9d04193e8fdc4",
    "testharness"
   ],
   "xhr/send-authentication-cors-basic-setrequestheader.htm": [
    "28b02ba77a45f6d46e195b863c3c789e6e643550",
    "testharness"
   ],
   "xhr/send-authentication-cors-setrequestheader-no-cred.htm": [
    "4f707072eaac0788ac50b9d22a2ea055d0ff52f1",
--- a/testing/web-platform/tests/xhr/resources/authentication.py
+++ b/testing/web-platform/tests/xhr/resources/authentication.py
@@ -1,14 +1,9 @@
 def main(request, response):
-    if "logout" in request.GET:
-        return ((401, "Unauthorized"),
-                [("WWW-Authenticate", 'Basic realm="test"')],
-                "Logged out, hopefully")
-
     session_user = request.auth.username
     session_pass = request.auth.password
     expected_user_name = request.headers.get("X-User", None)
 
     token = expected_user_name
     if session_user is None and session_pass is None:
         if token is not None and request.server.stash.take(token) is not None:
             return 'FAIL (did not authorize)'
--- a/testing/web-platform/tests/xhr/send-authentication-competing-names-passwords.htm
+++ b/testing/web-platform/tests/xhr/send-authentication-competing-names-passwords.htm
@@ -1,54 +1,50 @@
 <!doctype html>
 <html>
   <head>
     <title>XMLHttpRequest: send() - "Basic" authenticated requests with competing user name/password options</title>
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/common/utils.js"></script>
-    <link rel="help" href="https://xhr.spec.whatwg.org/#the-open()-method" data-tested-assertations="following::ol[1]/li[9]/ol[1]/li[1] following::ol[1]/li[9]/ol[1]/li[2]" />
-    <link rel="help" href="https://xhr.spec.whatwg.org/#the-send()-method" data-tested-assertations="following::code[contains(@title,'http-authorization')]/.." />  </head>
+  </head>
   <body>
     <div id="log"></div>
     <script>
       function request(user1, pass1, user2, pass2, name) {
-        // user1, pass1 will if given become userinfo part of URL
-        // user2, pass2 will if given be passed to open() call
         test(function() {
-          var client = new XMLHttpRequest(),
-              urlstart = "", userwin, passwin
-          // if user2 is set, winning user name and password is 2
-          if(user2)
-            userwin = user2, passwin = pass2
-          // if user1 is set, and user2 is not set, user1 and pass1 win
-          if(user1 && ! user2)
-            userwin = user1, passwin = pass1
-          // if neither user name is set, pass 2 wins (there will be no userinfo in URL)
-          if (!(user1 || user2))
-            passwin = pass2
-          if(user1) { // should add userinfo to URL (there is no way to create userinfo part of URL with only password in)
-            urlstart = "http://" + user1
-            if(pass1)
-              urlstart += ":" + pass1
-            urlstart += "@" + location.host + location.pathname.replace(/\/[^\/]*$/, '/')
+          const client = new XMLHttpRequest(),
+                userwin = user2 || user1,
+                passwin = pass2 || pass1;
+          let urlstart = "";
+          if (user1 || pass1) {
+            urlstart = "http://";
+            if (user1) {
+              urlstart += user1;
+            }
+            if (pass1) {
+              urlstart += ":" + pass1;
+            }
+            urlstart += "@" + location.host + location.pathname.replace(/\/[^\/]*$/, '/');
           }
-          client.open("GET", urlstart + "resources/authentication.py", false, user2, pass2)
-          client.setRequestHeader("x-user", userwin)
-          client.send(null)
-          assert_true(client.responseText == ((userwin||'') + "\n" + (passwin||'')), 'responseText should contain the right user and password')
-
-          // We want to send multiple requests to the same realm here, so we try to make the UA forget its (cached) credentials between each test..
-          // forcing a 401 response to (hopefully) "log out"
-          // NOTE: This is commented out because it causes authentication prompts while running the test
-          //client.open('GET', "resources/authentication.py?logout=1", false)
-          //client.send()
-        }, document.title+' '+name)
+          client.open("GET", urlstart + "resources/authentication.py", false, user2, pass2);
+          client.setRequestHeader("x-user", userwin);
+          client.send(null);
+          assert_equals(client.responseText, ((userwin||'') + "\n" + (passwin||'')), 'responseText should contain the right user and password');
+        }, "XMLHttpRequest user/pass options: " + name);
       }
-      request(null, null, token(), token(), 'user/pass in open() call')
-      request(null, null, token(), token(), 'another user/pass in open() call - must override cached credentials from previous test')
-      request("userinfo-user", "userinfo-pass", token(), token(), 'user/pass both in URL userinfo AND open() call - expexted that open() wins')
-      request(token(), token(), null, null, 'user/pass *only* in URL userinfo')
-      request(token(), null, null, token(), 'user name in URL userinfo, password in open() call: user name wins and password is thrown away')
-      request("1", token(), token(), null, 'user name and password in URL userinfo, only user name in open() call: user name in open() wins')
+      // Cannot have just a password
+      request(null, null, token(), null, "user in open()");
+      request(null, null, token(), token(), "user/pass in open()");
+      request(null, null, token(), token(), "another user/pass in open(); must override cached credentials from previous test");
+      request(null, token(), token(), null, "pass in URL, user in open()");
+      request(null, token(), token(), token(), "pass in URL, user/pass in open()");
+      request(token(), null, null, null, "user in URL");
+      request(token(), null, null, token(), "user in URL, pass in open()");
+      request(token(), token(), null, null, "user/pass in URL");
+      request(token(), null, token(), null, "user in URL and open()");
+      request(token(), null, token(), token(), "user in URL; user/pass in open()");
+      request(token(), token(), token(), null, "user/pass in URL; user in open()");
+      request(token(), token(), null, token(), "user/pass in URL; pass in open()");
+      request(token(), token(), token(), token(), "user/pass in URL and open()");
     </script>
   </body>
 </html>