Bug 623836: part 1: use lowercase headers where we're supposed to. r=philiKON
authorRichard Newman <rnewman@mozilla.com>
Wed, 06 Apr 2011 16:12:21 -0700
changeset 67767 7fa18567d4aa65fc66d40f6553b476d7d38eefde
parent 67766 fc6f2ff82c2b2db93da73d43241b62dc7028b61e
child 67768 f5be32f40901a67806c9dcc23627a7735e56631c
push id19427
push userpweitershausen@mozilla.com
push dateSun, 10 Apr 2011 18:54:44 +0000
treeherdermozilla-central@21ce62e6aebe [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersphiliKON
bugs623836
milestone2.2a1pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 623836: part 1: use lowercase headers where we're supposed to. r=philiKON
services/sync/modules/resource.js
services/sync/tests/unit/test_resource.js
services/sync/tests/unit/test_resource_async.js
--- a/services/sync/modules/resource.js
+++ b/services/sync/modules/resource.js
@@ -66,28 +66,28 @@ NoOpAuthenticator.prototype = {
 
 // Warning: This will drop the high unicode bytes from passwords.
 // Use BasicAuthenticator to send non-ASCII passwords UTF8-encoded.
 function BrokenBasicAuthenticator(identity) {
   this._id = identity;
 }
 BrokenBasicAuthenticator.prototype = {
   onRequest: function BasicAuth_onRequest(headers) {
-    headers['Authorization'] = 'Basic ' +
+    headers['authorization'] = 'Basic ' +
       btoa(this._id.username + ':' + this._id.password);
     return headers;
   }
 };
 
 function BasicAuthenticator(identity) {
   this._id = identity;
 }
 BasicAuthenticator.prototype = {
   onRequest: function onRequest(headers) {
-    headers['Authorization'] = 'Basic ' +
+    headers['authorization'] = 'Basic ' +
       btoa(this._id.username + ':' + this._id.passwordUTF8);
     return headers;
   }
 };
 
 function AuthMgr() {
   this._authenticators = {};
   this.defaultAuthenticator = new NoOpAuthenticator();
@@ -222,17 +222,17 @@ AsyncResource.prototype = {
     channel.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING;
 
     // Setup a callback to handle bad HTTPS certificates.
     channel.notificationCallbacks = new BadCertListener();
 
     // Avoid calling the authorizer more than once.
     let headers = this.headers;
     for (let key in headers) {
-      if (key == 'Authorization')
+      if (key == 'authorization')
         this._log.trace("HTTP Header " + key + ": ***** (suppressed)");
       else
         this._log.trace("HTTP Header " + key + ": " + headers[key]);
       channel.setRequestHeader(key, headers[key], false);
     }
     return channel;
   },
 
--- a/services/sync/tests/unit/test_resource.js
+++ b/services/sync/tests/unit/test_resource.js
@@ -216,16 +216,33 @@ function run_test() {
   } catch (ex) {
     didThrow = true;
   }
   do_check_true(didThrow);
 
   let did401 = false;
   Observers.add("weave:resource:status:401", function() did401 = true);
 
+  _("Test that the BasicAuthenticator doesn't screw up header case.");
+  let res1 = new Resource("http://localhost:8080/foo");
+  res1.setHeader("Authorization", "Basic foobar");
+  res1.authenticator = new NoOpAuthenticator();
+  do_check_eq(res1._headers["authorization"], "Basic foobar");
+  do_check_eq(res1.headers["authorization"], "Basic foobar");
+  let id = new Identity("secret", "guest", "guest");
+  res1.authenticator = new BasicAuthenticator(id);
+
+  // In other words... it correctly overwrites our downcased version
+  // when accessed through .headers.
+  do_check_eq(res1._headers["authorization"], "Basic foobar");
+  do_check_eq(res1.headers["authorization"], "Basic Z3Vlc3Q6Z3Vlc3Q=");
+  do_check_eq(res1._headers["authorization"], "Basic Z3Vlc3Q6Z3Vlc3Q=");
+  do_check_true(!res1._headers["Authorization"]);
+  do_check_true(!res1.headers["Authorization"]);
+
   _("GET a password protected resource (test that it'll fail w/o pass, no throw)");
   let res2 = new Resource("http://localhost:8080/protected");
   content = res2.get();
   do_check_true(did401);
   do_check_eq(content, "This path exists and is protected - failed");
   do_check_eq(content.status, 401);
   do_check_false(content.success);
 
--- a/services/sync/tests/unit/test_resource_async.js
+++ b/services/sync/tests/unit/test_resource_async.js
@@ -203,16 +203,36 @@ function run_test() {
       do_check_true(didThrow);
 
       do_test_finished();
       next();
     }));
 
   }, function (next) {
 
+    _("Test that the BasicAuthenticator doesn't screw up header case.");
+    let res1 = new AsyncResource("http://localhost:8080/foo");
+    res1.setHeader("Authorization", "Basic foobar");
+    res1.authenticator = new NoOpAuthenticator();
+    do_check_eq(res1._headers["authorization"], "Basic foobar");
+    do_check_eq(res1.headers["authorization"], "Basic foobar");
+    let id = new Identity("secret", "guest", "guest");
+    res1.authenticator = new BasicAuthenticator(id);
+
+    // In other words... it correctly overwrites our downcased version
+    // when accessed through .headers.
+    do_check_eq(res1._headers["authorization"], "Basic foobar");
+    do_check_eq(res1.headers["authorization"], "Basic Z3Vlc3Q6Z3Vlc3Q=");
+    do_check_eq(res1._headers["authorization"], "Basic Z3Vlc3Q6Z3Vlc3Q=");
+    do_check_true(!res1._headers["Authorization"]);
+    do_check_true(!res1.headers["Authorization"]);
+    next();
+
+  }, function (next) {
+
     _("GET a password protected resource (test that it'll fail w/o pass, no throw)");
     let res2 = new AsyncResource("http://localhost:8080/protected");
     do_test_pending();
     res2.get(ensureThrows(function (error, content) {
       do_check_eq(error, null);
       do_check_true(did401);
       do_check_eq(content, "This path exists and is protected - failed");
       do_check_eq(content.status, 401);