diff options
author | Mårten Nordheim <marten.nordheim@qt.io> | 2024-01-25 12:39:08 +0100 |
---|---|---|
committer | Mårten Nordheim <marten.nordheim@qt.io> | 2024-01-25 18:37:48 +0100 |
commit | ffe0271a21e9574d1c9eab5fb9803573e17e0f22 (patch) | |
tree | 33f0af83f010e26b7723f93c0e70c6fc5b44719f /tests/auto/network/access | |
parent | 1e7f1e5b73b931931178bc884d3469439adf8c5c (diff) |
Http2: fix 401 authentication required w/o challenge
The code did not handle the path where we didn't have a challenge.
We cannot recover from that so we just have to fail the request.
Amends fe1b668861e8a3ef99e126821fcd3eeaa6044b54
Pick-to: 6.7 6.6 6.6.2 6.5 6.2
Fixes: QTBUG-121515
Change-Id: Ie39a92e7439785a09cad28e8f81599a51de5e27f
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'tests/auto/network/access')
-rw-r--r-- | tests/auto/network/access/http2/http2srv.cpp | 8 | ||||
-rw-r--r-- | tests/auto/network/access/http2/http2srv.h | 3 | ||||
-rw-r--r-- | tests/auto/network/access/http2/tst_http2.cpp | 21 |
3 files changed, 26 insertions, 6 deletions
diff --git a/tests/auto/network/access/http2/http2srv.cpp b/tests/auto/network/access/http2/http2srv.cpp index f98fed0322..dd2c3d613c 100644 --- a/tests/auto/network/access/http2/http2srv.cpp +++ b/tests/auto/network/access/http2/http2srv.cpp @@ -105,6 +105,12 @@ void Http2Server::setAuthenticationHeader(const QByteArray &authentication) authenticationHeader = authentication; } +void Http2Server::setAuthenticationRequired(bool enable) +{ + Q_ASSERT(!enable || authenticationHeader.isEmpty()); + authenticationRequired = enable; +} + void Http2Server::setRedirect(const QByteArray &url, int count) { redirectUrl = url; @@ -860,6 +866,8 @@ void Http2Server::sendResponse(quint32 streamID, bool emptyBody) } else if (!authenticationHeader.isEmpty() && !hasAuth) { header.push_back({ ":status", "401" }); header.push_back(HPack::HeaderField("www-authenticate", authenticationHeader)); + } else if (authenticationRequired) { + header.push_back({ ":status", "401" }); } else { header.push_back({":status", "200"}); } diff --git a/tests/auto/network/access/http2/http2srv.h b/tests/auto/network/access/http2/http2srv.h index cc5353c855..11a75c5ef9 100644 --- a/tests/auto/network/access/http2/http2srv.h +++ b/tests/auto/network/access/http2/http2srv.h @@ -65,6 +65,8 @@ public: void setContentEncoding(const QByteArray &contentEncoding); // No authentication data is generated for the method, the full header value must be set void setAuthenticationHeader(const QByteArray &authentication); + // Authentication always required, no challenge provided + void setAuthenticationRequired(bool enable); // Set the redirect URL and count. The server will return a redirect response with the url // 'count' amount of times void setRedirect(const QByteArray &redirectUrl, int count); @@ -202,6 +204,7 @@ private: QByteArray contentEncoding; QByteArray authenticationHeader; + bool authenticationRequired = false; QByteArray redirectUrl; int redirectCount = 0; diff --git a/tests/auto/network/access/http2/tst_http2.cpp b/tests/auto/network/access/http2/tst_http2.cpp index 85bcfcb8c4..1b52905f73 100644 --- a/tests/auto/network/access/http2/tst_http2.cpp +++ b/tests/auto/network/access/http2/tst_http2.cpp @@ -1064,13 +1064,18 @@ void tst_Http2::authenticationRequired_data() { QTest::addColumn<bool>("success"); QTest::addColumn<bool>("responseHEADOnly"); + QTest::addColumn<bool>("withChallenge"); - QTest::addRow("failed-auth") << false << true; - QTest::addRow("successful-auth") << true << true; + QTest::addRow("failed-auth") << false << true << true; + QTest::addRow("successful-auth") << true << true << true; // Include a DATA frame in the response from the remote server. An example would be receiving a // JSON response on a request along with the 401 error. - QTest::addRow("failed-auth-with-response") << false << false; - QTest::addRow("successful-auth-with-response") << true << false; + QTest::addRow("failed-auth-with-response") << false << false << true; + QTest::addRow("successful-auth-with-response") << true << false << true; + + // Don't provide a challenge header. This is valid if you are actually just + // denied access for whatever reason. + QTest::addRow("no-challenge") << false << false << false; } void tst_Http2::authenticationRequired() @@ -1081,11 +1086,15 @@ void tst_Http2::authenticationRequired() POSTResponseHEADOnly = responseHEADOnly; QFETCH(const bool, success); + QFETCH(const bool, withChallenge); ServerPtr targetServer(newServer(defaultServerSettings, defaultConnectionType())); QByteArray responseBody = "Hello"_ba; targetServer->setResponseBody(responseBody); - targetServer->setAuthenticationHeader("Basic realm=\"Shadow\""); + if (withChallenge) + targetServer->setAuthenticationHeader("Basic realm=\"Shadow\""); + else + targetServer->setAuthenticationRequired(true); QMetaObject::invokeMethod(targetServer.data(), "startServer", Qt::QueuedConnection); runEventLoop(); @@ -1142,7 +1151,7 @@ void tst_Http2::authenticationRequired() QCOMPARE(reply->error(), QNetworkReply::AuthenticationRequiredError); // else: no error (is checked in tst_Http2::replyFinished) - QVERIFY(authenticationRequested); + QVERIFY(authenticationRequested || !withChallenge); const auto isAuthenticated = [](const QByteArray &bv) { return bv == "Basic YWRtaW46YWRtaW4="; // admin:admin |