From 120e2de09646b200a78e971d24b061a1d9e47b67 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Thu, 19 Feb 2009 12:02:22 +0000
Subject: [PATCH] 2009-02-19  Tatsuhiro Tsujikawa 
 <t-tujikawa@users.sourceforge.net>

	Added --http-auth-challenge option.  If it is set to true(by
	default), aria2 sends HTTP authorization header only when it is
	requested by the server. If false is set, then authorization
	header is always sent to the server. This is useful for servers
	that don't respond 401 code when authentication is required.
	There is an exception: if username and password are embedded in
	URI, authorization header is always sent to the server
	regardless of this option.
	* src/AuthConfigFactory.cc
	* src/HttpSkipResponseCommand.cc
	* src/OptionHandlerFactory.cc
	* src/prefs.cc
	* src/prefs.h
	* src/usage_text.h
	* test/AuthConfigFactoryTest.cc
	* test/HttpRequestTest.cc
---
 ChangeLog                      | 19 ++++++++++++
 src/AuthConfigFactory.cc       | 32 +++++++++++---------
 src/HttpSkipResponseCommand.cc |  3 +-
 src/OptionHandlerFactory.cc    |  9 ++++++
 src/prefs.cc                   |  2 ++
 src/prefs.h                    |  2 ++
 src/usage_text.h               |  8 +++++
 test/AuthConfigFactoryTest.cc  | 53 ++++++++++++++++++++++++++++++++--
 test/HttpRequestTest.cc        |  3 +-
 9 files changed, 114 insertions(+), 17 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 04971607..770a7ade 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,22 @@
+2009-02-19  Tatsuhiro Tsujikawa  <t-tujikawa@users.sourceforge.net>
+
+	Added --http-auth-challenge option.  If it is set to true(by
+	default), aria2 sends HTTP authorization header only when it is
+	requested by the server. If false is set, then authorization
+	header is always sent to the server. This is useful for servers
+	that don't respond 401 code when authentication is required.
+	There is an exception: if username and password are embedded in
+	URI, authorization header is always sent to the server regardless
+	of this option.
+	* src/AuthConfigFactory.cc
+	* src/HttpSkipResponseCommand.cc
+	* src/OptionHandlerFactory.cc
+	* src/prefs.cc
+	* src/prefs.h
+	* src/usage_text.h
+	* test/AuthConfigFactoryTest.cc
+	* test/HttpRequestTest.cc
+
 2009-02-15  Tatsuhiro Tsujikawa  <t-tujikawa@users.sourceforge.net>
 
 	* Release 1.2.0
diff --git a/src/AuthConfigFactory.cc b/src/AuthConfigFactory.cc
index c5bf4f9f..054091bf 100644
--- a/src/AuthConfigFactory.cc
+++ b/src/AuthConfigFactory.cc
@@ -62,21 +62,27 @@ AuthConfigFactory::createAuthConfig(const RequestHandle& request)
   if(request->getProtocol() == Request::PROTO_HTTP ||
      request->getProtocol() == Request::PROTO_HTTPS) {
 
-    if(!request->getUsername().empty()) {
-      // TODO setting "/" as path. Should we use request->getDir() instead?
-      updateBasicCred(BasicCred(request->getUsername(), request->getPassword(),
-				request->getHost(), "/", true));
-      return createAuthConfig(request->getUsername(), request->getPassword());
-    }
-    std::deque<BasicCred>::const_iterator i =
-      findBasicCred(request->getHost(), request->getDir());
-    if(i == _basicCreds.end()) {
-      return SharedHandle<AuthConfig>();
+    if(_option->getAsBool(PREF_HTTP_AUTH_CHALLENGE)) {
+      if(!request->getUsername().empty()) {
+	// TODO setting "/" as path. Should we use request->getDir() instead?
+	updateBasicCred(BasicCred(request->getUsername(), request->getPassword(),
+				  request->getHost(), "/", true));
+	return createAuthConfig(request->getUsername(), request->getPassword());
+      }
+      std::deque<BasicCred>::const_iterator i =
+	findBasicCred(request->getHost(), request->getDir());
+      if(i == _basicCreds.end()) {
+	return SharedHandle<AuthConfig>();
+      } else {
+	return createAuthConfig((*i)._user, (*i)._password);
+      }
     } else {
-      return createAuthConfig((*i)._user, (*i)._password);
+      if(!request->getUsername().empty()) {
+	return createAuthConfig(request->getUsername(), request->getPassword());
+      } else {
+	return createHttpAuthResolver()->resolveAuthConfig(request->getHost());
+      }
     }
-
-    return createHttpAuthResolver()->resolveAuthConfig(request->getHost());
   } else if(request->getProtocol() == Request::PROTO_FTP) {
     if(!request->getUsername().empty()) {
       return createAuthConfig(request->getUsername(), request->getPassword());
diff --git a/src/HttpSkipResponseCommand.cc b/src/HttpSkipResponseCommand.cc
index 83a5775d..f62be69c 100644
--- a/src/HttpSkipResponseCommand.cc
+++ b/src/HttpSkipResponseCommand.cc
@@ -159,7 +159,8 @@ bool HttpSkipResponseCommand::processResponse()
     return prepareForRetry(_httpResponse->getRetryAfter());
   } else if(_httpResponse->getResponseStatus() >= HttpHeader::S400) {
     if(_httpResponse->getResponseStatus() == HttpHeader::S401) {
-      if(!_httpResponse->getHttpRequest()->authenticationUsed() &&
+      if(e->option->getAsBool(PREF_HTTP_AUTH_CHALLENGE) &&
+	 !_httpResponse->getHttpRequest()->authenticationUsed() &&
 	 e->getAuthConfigFactory()->activateBasicCred
 	 (req->getHost(), req->getDir())) {
 	return prepareForRetry(0);
diff --git a/src/OptionHandlerFactory.cc b/src/OptionHandlerFactory.cc
index a7432944..2a38f6c9 100644
--- a/src/OptionHandlerFactory.cc
+++ b/src/OptionHandlerFactory.cc
@@ -561,6 +561,15 @@ OptionHandlers OptionHandlerFactory::createOptionHandlers()
     op->addTag(TAG_HTTP);
     handlers.push_back(op);
   }
+  {
+    SharedHandle<OptionHandler> op(new BooleanOptionHandler
+				   (PREF_HTTP_AUTH_CHALLENGE,
+				    TEXT_HTTP_AUTH_CHALLENGE,
+				    V_TRUE,
+				    OptionHandler::OPT_ARG));
+    op->addTag(TAG_HTTP);
+    handlers.push_back(op);
+  }
   {
     SharedHandle<OptionHandler> op(new ParameterOptionHandler
 				   (PREF_HTTP_AUTH_SCHEME,
diff --git a/src/prefs.cc b/src/prefs.cc
index faaf4091..8b1a4a2e 100644
--- a/src/prefs.cc
+++ b/src/prefs.cc
@@ -199,6 +199,8 @@ const std::string PREF_CA_CERTIFICATE("ca-certificate");
 const std::string PREF_CHECK_CERTIFICATE("check-certificate");
 // value: true | false
 const std::string PREF_USE_HEAD("use-head");
+// value: true | false
+const std::string PREF_HTTP_AUTH_CHALLENGE("http-auth-challenge");
 
 /** 
  * Proxy related preferences
diff --git a/src/prefs.h b/src/prefs.h
index a21f70e3..eb4b5938 100644
--- a/src/prefs.h
+++ b/src/prefs.h
@@ -203,6 +203,8 @@ extern const std::string PREF_CA_CERTIFICATE;
 extern const std::string PREF_CHECK_CERTIFICATE;
 // value: true | false
 extern const std::string PREF_USE_HEAD;
+// value: true | false
+extern const std::string PREF_HTTP_AUTH_CHALLENGE;
 
 /**;
  * Proxy related preferences
diff --git a/src/usage_text.h b/src/usage_text.h
index a0bacac0..1270d9f2 100644
--- a/src/usage_text.h
+++ b/src/usage_text.h
@@ -478,3 +478,11 @@ _(" --bt-external-ip=IPADDRESS   Specify the external IP address to report to a\
   "                              BitTorrent tracker. Although this function is\n"\
   "                              named 'external', it can accept any kind of IP\n"\
   "                              addresses.")
+#define TEXT_HTTP_AUTH_CHALLENGE \
+_(" --http-auth-challenge[=true|false] Send HTTP authorization header only when it\n"\
+  "                              is requested by the server. If false is set, then\n"\
+  "                              authorization header is always sent to the server.\n"\
+  "                              There is an exception: if username and password\n"\
+  "                              are embedded in URI, authorization header is\n"\
+  "                              always sent to the server regardless of this\n"\
+  "                              option.")
diff --git a/test/AuthConfigFactoryTest.cc b/test/AuthConfigFactoryTest.cc
index 50364fb3..575c7d59 100644
--- a/test/AuthConfigFactoryTest.cc
+++ b/test/AuthConfigFactoryTest.cc
@@ -14,12 +14,14 @@ class AuthConfigFactoryTest:public CppUnit::TestFixture {
 
   CPPUNIT_TEST_SUITE(AuthConfigFactoryTest);
   CPPUNIT_TEST(testCreateAuthConfig_http);
+  CPPUNIT_TEST(testCreateAuthConfig_httpNoChallenge);
   CPPUNIT_TEST(testCreateAuthConfig_ftp);
   CPPUNIT_TEST(testUpdateBasicCred);
   CPPUNIT_TEST_SUITE_END();
   
 public:
   void testCreateAuthConfig_http();
+  void testCreateAuthConfig_httpNoChallenge();
   void testCreateAuthConfig_ftp();
   void testUpdateBasicCred();
 };
@@ -34,6 +36,7 @@ void AuthConfigFactoryTest::testCreateAuthConfig_http()
 
   Option option;
   option.put(PREF_NO_NETRC, V_FALSE);
+  option.put(PREF_HTTP_AUTH_CHALLENGE, V_TRUE);
 
   AuthConfigFactory factory(&option);
 
@@ -60,12 +63,11 @@ void AuthConfigFactoryTest::testCreateAuthConfig_http()
 		       factory.createAuthConfig(req)->getAuthText());
 
   // See default token in netrc is ignored.
-  SharedHandle<Request> mirrorReq(new Request());
   req->setUrl("http://mirror/");
 
   CPPUNIT_ASSERT(!factory.activateBasicCred("mirror", "/"));
 
-  CPPUNIT_ASSERT(factory.createAuthConfig(mirrorReq).isNull());
+  CPPUNIT_ASSERT(factory.createAuthConfig(req).isNull());
 
   // with Netrc + user defined
   option.put(PREF_HTTP_USER, "userDefinedUser");
@@ -84,6 +86,52 @@ void AuthConfigFactoryTest::testCreateAuthConfig_http()
 		       factory.createAuthConfig(req)->getAuthText());  
 }
 
+void AuthConfigFactoryTest::testCreateAuthConfig_httpNoChallenge()
+{
+  SharedHandle<Request> req(new Request());
+  req->setUrl("http://localhost/download/aria2-1.0.0.tar.bz2");
+
+  Option option;
+  option.put(PREF_NO_NETRC, V_FALSE);
+
+  AuthConfigFactory factory(&option);
+
+  // without auth info
+  CPPUNIT_ASSERT(factory.createAuthConfig(req).isNull());
+
+  // with Netrc
+  SharedHandle<Netrc> netrc(new Netrc());
+  netrc->addAuthenticator
+    (SharedHandle<Authenticator>(new Authenticator("localhost",
+						   "localhostuser",
+						   "localhostpass",
+						   "localhostacct")));
+  netrc->addAuthenticator
+    (SharedHandle<Authenticator>(new DefaultAuthenticator("default", "defaultpassword", "defaultaccount")));
+  factory.setNetrc(netrc);
+
+  // not activated
+  CPPUNIT_ASSERT_EQUAL(std::string("localhostuser:localhostpass"),
+		       factory.createAuthConfig(req)->getAuthText());
+
+  // See default token in netrc is ignored.
+  req->setUrl("http://mirror/");
+
+  CPPUNIT_ASSERT(factory.createAuthConfig(req).isNull());
+
+  // with Netrc + user defined
+  option.put(PREF_HTTP_USER, "userDefinedUser");
+  option.put(PREF_HTTP_PASSWD, "userDefinedPassword");
+
+  CPPUNIT_ASSERT_EQUAL(std::string("userDefinedUser:userDefinedPassword"),
+		       factory.createAuthConfig(req)->getAuthText());
+
+  // username and password in URI
+  req->setUrl("http://aria2user:aria2password@localhost/download/aria2-1.0.0.tar.bz2");
+  CPPUNIT_ASSERT_EQUAL(std::string("aria2user:aria2password"),
+		       factory.createAuthConfig(req)->getAuthText());  
+}
+
 void AuthConfigFactoryTest::testCreateAuthConfig_ftp()
 {
   SharedHandle<Request> req(new Request());
@@ -128,6 +176,7 @@ void AuthConfigFactoryTest::testUpdateBasicCred()
 {
   Option option;
   option.put(PREF_NO_NETRC, V_FALSE);
+  option.put(PREF_HTTP_AUTH_CHALLENGE, V_TRUE);
 
   AuthConfigFactory factory(&option);
 
diff --git a/test/HttpRequestTest.cc b/test/HttpRequestTest.cc
index 57fe66f4..ba24a04c 100644
--- a/test/HttpRequestTest.cc
+++ b/test/HttpRequestTest.cc
@@ -41,7 +41,8 @@ private:
 public:
   void setUp()
   {
-    _option.reset(new Option());    
+    _option.reset(new Option());
+    _option->put(PREF_HTTP_AUTH_CHALLENGE, V_TRUE);
     _authConfigFactory.reset(new AuthConfigFactory(_option.get()));
   }