Bug 1683536 - Show auth spoofing warning prompt for cached response r=necko-reviewers,dragana

Differential Revision: https://phabricator.services.mozilla.com/D101029

netwerk/protocol/http/nsHttpChannel.cpp

@@ -7593,6 +7593,17 @@ nsresult nsHttpChannel::ContinueOnStartRequest4(nsresult result) {
 
   if (LoadFallingBack()) return NS_OK;
 
+  if (NS_SUCCEEDED(mStatus) && mResponseHead && mAuthProvider) {
+    uint32_t httpStatus = mResponseHead->Status();
+    if (httpStatus != 401 && httpStatus != 407) {
+      nsresult rv = mAuthProvider->CheckForSuperfluousAuth();
+      if (NS_FAILED(rv)) {
+        LOG(("  CheckForSuperfluousAuth failed (%08x)",
+             static_cast<uint32_t>(rv)));
+      }
+    }
+  }
+
   return CallOnStartRequest();
 }
 

netwerk/test/unit/test_SuperfluousAuth.js

@@ -0,0 +1,99 @@
+/*
+
+Create two http requests with the same URL in which has a user name. We allow
+first http request to be loaded and saved in the cache, so the second request
+will be served from the cache. However, we disallow loading by returning 1
+in the prompt service. In the end, the second request will be failed.
+
+*/
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.import("resource://testing-common/httpd.js");
+
+const { MockRegistrar } = ChromeUtils.import(
+  "resource://testing-common/MockRegistrar.jsm"
+);
+
+var httpProtocolHandler = Cc[
+  "@mozilla.org/network/protocol;1?name=http"
+].getService(Ci.nsIHttpProtocolHandler);
+
+XPCOMUtils.defineLazyGetter(this, "URL", function() {
+  return "http://foo@localhost:" + httpServer.identity.primaryPort;
+});
+
+var httpServer = null;
+
+const gMockPromptService = {
+  firstTimeCalled: false,
+  confirmExBC() {
+    if (!this.firstTimeCalled) {
+      this.firstTimeCalled = true;
+      return 0;
+    }
+
+    return 1;
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIPromptService"]),
+};
+
+var gMockPromptServiceCID = MockRegistrar.register(
+  "@mozilla.org/embedcomp/prompt-service;1",
+  gMockPromptService
+);
+
+registerCleanupFunction(() => {
+  MockRegistrar.unregister(gMockPromptServiceCID);
+});
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+const responseBody = "body";
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("ETag", "Just testing");
+  response.setHeader("Cache-Control", "max-age=99999");
+  response.setHeader("Content-Length", "" + responseBody.length);
+  response.bodyOutputStream.write(responseBody, responseBody.length);
+}
+
+function run_test() {
+  do_get_profile();
+
+  Services.prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+
+  httpProtocolHandler.EnsureHSTSDataReady().then(function() {
+    var chan1 = makeChan(URL + "/content");
+    chan1.asyncOpen(new ChannelListener(firstTimeThrough, null));
+    var chan2 = makeChan(URL + "/content");
+    chan2.asyncOpen(
+      new ChannelListener(secondTimeThrough, null, CL_EXPECT_FAILURE)
+    );
+  });
+
+  do_test_pending();
+}
+
+function firstTimeThrough(request, buffer) {
+  Assert.equal(buffer, responseBody);
+  Assert.ok(gMockPromptService.firstTimeCalled, "Prompt service invoked");
+}
+
+function secondTimeThrough(request, buffer) {
+  Assert.equal(request.status, Cr.NS_ERROR_ABORT);
+  httpServer.stop(do_test_finished);
+}

netwerk/test/unit/xpcshell.ini

@@ -514,3 +514,4 @@ run-sequentially = node server exceptions dont replay well
 [test_httpssvc_https_upgrade.js]
 [test_bug1683176.js]
 skip-if = os == "android" || !debug
+[test_SuperfluousAuth.js]