Skip to content

test: Restrain sending http credentials on a specific origin (for roll 1.33 driver) #1253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Apr 26, 2023
Merged

test: Restrain sending http credentials on a specific origin (for roll 1.33 driver) #1253

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f28d054
test: Restrain sending http credentials on a specific origin (for dri…
SebastienRichert Mar 28, 2023
9f62807
test: Restrain sending http credentials on a specific origin
SebastienRichert Apr 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 63 additions & 0 deletions playwright/src/test/java/com/microsoft/playwright/TestBrowserContextCredentials.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package com.microsoft.playwright;

import com.microsoft.playwright.options.HttpCredentials;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.condition.DisabledIf;

Expand Down Expand Up @@ -74,4 +75,66 @@ void shouldReturnResourceBody() {
assertTrue(new String(response.body()).contains("Playground"));
}
}

@Test
void shouldWorkWithCorrectCredentialsAndMatchingOrigin() {
server.setAuth("/empty.html", "user", "pass");
final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(server.PREFIX);
try (BrowserContext context = browser.newContext(new Browser.NewContextOptions()
.setHttpCredentials(httpCredentials))) {
Page page = context.newPage();
Response response = page.navigate(server.EMPTY_PAGE);
assertEquals(200, response.status());
}
}

@Test
void shouldWorkWithCorrectCredentialsAndMatchingOriginCaseInsensitive() {
server.setAuth("/empty.html", "user", "pass");
final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(server.PREFIX.toUpperCase());
try (BrowserContext context = browser.newContext(new Browser.NewContextOptions()
.setHttpCredentials(httpCredentials))) {
Page page = context.newPage();
Response response = page.navigate(server.EMPTY_PAGE);
assertEquals(200, response.status());
}
}

@Test
void shouldFailWithCorrectCredentialsAndWrongOriginScheme() {
server.setAuth("/empty.html", "user", "pass");
final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(Utils.generateDifferentOriginScheme(server));
try (BrowserContext context = browser.newContext(new Browser.NewContextOptions().setHttpCredentials(httpCredentials))) {
Page page = context.newPage();
Response response = page.navigate(server.EMPTY_PAGE);
assertEquals(401, response.status());
}
}

@Test
void shouldFailWithCorrectCredentialsAndWrongOriginHostname() {
server.setAuth("/empty.html", "user", "pass");
final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(Utils.generateDifferentOriginHostname(server));
try (BrowserContext context = browser.newContext(new Browser.NewContextOptions().setHttpCredentials(httpCredentials))) {
Page page = context.newPage();
Response response = page.navigate(server.EMPTY_PAGE);
assertEquals(401, response.status());
}
}

@Test
void shouldFailWithCorrectCredentialsAndWrongOriginPort() {
server.setAuth("/empty.html", "user", "pass");
final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(Utils.generateDifferentOriginPort(server));
try (BrowserContext context = browser.newContext(new Browser.NewContextOptions().setHttpCredentials(httpCredentials))) {
Page page = context.newPage();
Response response = page.navigate(server.EMPTY_PAGE);
assertEquals(401, response.status());
}
}
}
63 changes: 63 additions & 0 deletions playwright/src/test/java/com/microsoft/playwright/TestBrowserContextFetch.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -671,4 +671,67 @@ void shouldAbortRequestsWhenBrowserContextCloses() {
e = assertThrows(PlaywrightException.class, () -> context.request().post(server.EMPTY_PAGE));
assertTrue(e.getMessage().contains("Target page, context or browser has been closed"), e.getMessage());
}

@Test
void shouldWorkWithSetHTTPCredentialsAndMatchingOrigin() throws ExecutionException, InterruptedException {
server.setAuth("/empty.html", "user", "pass");
APIResponse response1 = context.request().get(server.EMPTY_PAGE);
assertEquals(401, response1.status());

final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(server.PREFIX);
try (BrowserContext context2 = browser.newContext(
new Browser.NewContextOptions().setHttpCredentials(httpCredentials))) {
APIResponse response2 = context2.request().get(server.EMPTY_PAGE);
assertEquals(200, response2.status());
}
}

@Test
void shouldWorkWithSetHTTPCredentialsAndMatchingOriginCaseInsensitive() throws ExecutionException, InterruptedException {
server.setAuth("/empty.html", "user", "pass");
APIResponse response1 = context.request().get(server.EMPTY_PAGE);
assertEquals(401, response1.status());

final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(server.PREFIX.toUpperCase());
try (BrowserContext context2 = browser.newContext(
new Browser.NewContextOptions().setHttpCredentials(httpCredentials))) {
APIResponse response2 = context2.request().get(server.EMPTY_PAGE);
assertEquals(200, response2.status());
}
}

@Test
void shouldReturnErrorWithCorrectCredentialsAndWrongOriginScheme() {
server.setAuth("/empty.html", "user", "pass");
final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(Utils.generateDifferentOriginScheme(server));
try (BrowserContext context = browser.newContext(new Browser.NewContextOptions().setHttpCredentials(httpCredentials))) {
APIResponse response = context.request().get(server.EMPTY_PAGE);
assertEquals(401, response.status());
}
}

@Test
void shouldReturnErrorWithCorrectCredentialsAndWrongOriginHostname() {
server.setAuth("/empty.html", "user", "pass");
final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(Utils.generateDifferentOriginHostname(server));
try (BrowserContext context = browser.newContext(new Browser.NewContextOptions().setHttpCredentials(httpCredentials))) {
APIResponse response = context.request().get(server.EMPTY_PAGE);
assertEquals(401, response.status());
}
}

@Test
void shouldReturnErrorWithCorrectCredentialsAndWrongOriginPort() {
server.setAuth("/empty.html", "user", "pass");
final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(Utils.generateDifferentOriginPort(server));
try (BrowserContext context = browser.newContext(new Browser.NewContextOptions().setHttpCredentials(httpCredentials))) {
APIResponse response = context.request().get(server.EMPTY_PAGE);
assertEquals(401, response.status());
}
}
}
63 changes: 63 additions & 0 deletions playwright/src/test/java/com/microsoft/playwright/TestGlobalFetch.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package com.microsoft.playwright;

import com.google.gson.Gson;
import com.microsoft.playwright.options.HttpCredentials;
import com.microsoft.playwright.options.HttpHeader;
import com.microsoft.playwright.options.RequestOptions;
import org.junit.jupiter.api.Disabled;
Expand Down Expand Up @@ -411,4 +412,66 @@ void shouldNotModifyRequestMethodInOptions() {
request.dispose();
}

@Test
void shouldSupportGlobalHttpCredentialsOptionAndMatchingOrigin() {
server.setAuth("/empty.html", "user", "pass");
APIRequestContext request1 = playwright.request().newContext();
APIResponse response1 = request1.get(server.EMPTY_PAGE);
assertEquals(401, response1.status());
request1.dispose();

final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(server.PREFIX);
APIRequestContext request2 = playwright.request().newContext(new APIRequest.NewContextOptions().setHttpCredentials(httpCredentials));
APIResponse response2 = request2.get(server.EMPTY_PAGE);
assertEquals(200, response2.status());
request2.dispose();
}

@Test
void shouldSupportGlobalHttpCredentialsOptionAndMatchingOriginCaseInsensitive() {
server.setAuth("/empty.html", "user", "pass");
APIRequestContext request1 = playwright.request().newContext();
APIResponse response1 = request1.get(server.EMPTY_PAGE);
assertEquals(401, response1.status());
request1.dispose();

final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(server.PREFIX.toUpperCase());
APIRequestContext request2 = playwright.request().newContext(new APIRequest.NewContextOptions().setHttpCredentials(httpCredentials));
APIResponse response2 = request2.get(server.EMPTY_PAGE);
assertEquals(200, response2.status());
request2.dispose();
}

@Test
void shouldReturnErrorWithCorrectCredentialsAndWrongOriginScheme() {
server.setAuth("/empty.html", "user", "pass");
final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(Utils.generateDifferentOriginScheme(server));
APIRequestContext request = playwright.request().newContext(new APIRequest.NewContextOptions().setHttpCredentials(httpCredentials));
APIResponse response = request.get(server.EMPTY_PAGE);
assertEquals(401, response.status());
}

@Test
void shouldReturnErrorWithCorrectCredentialsAndWrongOriginHostname() {
server.setAuth("/empty.html", "user", "pass");
final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(Utils.generateDifferentOriginHostname(server));
APIRequestContext request = playwright.request().newContext(new APIRequest.NewContextOptions().setHttpCredentials(httpCredentials));
APIResponse response = request.get(server.EMPTY_PAGE);
assertEquals(401, response.status());
}

@Test
void shouldReturnErrorWithCorrectCredentialsAndWrongOriginPort() {
server.setAuth("/empty.html", "user", "pass");
final HttpCredentials httpCredentials = new HttpCredentials("user", "pass");
httpCredentials.setOrigin(Utils.generateDifferentOriginPort(server));
APIRequestContext request = playwright.request().newContext(new APIRequest.NewContextOptions().setHttpCredentials(httpCredentials));
APIResponse response = request.get(server.EMPTY_PAGE);
assertEquals(401, response.status());
}

}
14 changes: 14 additions & 0 deletions playwright/src/test/java/com/microsoft/playwright/Utils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,4 +196,18 @@ static void verifyViewport(Page page, int width, int height) {
assertEquals(width, page.evaluate("window.innerWidth"));
assertEquals(height, page.evaluate("window.innerHeight"));
}

static String generateDifferentOriginScheme(final Server server){
return server.PREFIX.startsWith("http://") ?
server.PREFIX.replace("http://", "https://") :
server.PREFIX.replace("https://", "http://");
}

static String generateDifferentOriginHostname(final Server server){
return server.PREFIX.replace("localhost", "mismatching-hostname");
}

static String generateDifferentOriginPort(final Server server){
return server.PREFIX.replace(String.valueOf(server.PORT), String.valueOf(server.PORT+1));
}
}