Fixed issue with unicode login:password

Added EIS info
Added testing cases.

library/server/authentication/http_authorization/src/http_authorization.e

@@ -1,8 +1,12 @@
 note
-	description : "Objects that ..."
+	description : "[
-	author      : "$Author$"
+			Object representing Authorization http header
+		]"
 	date: "$Date$"
 	revision: "$Revision$"
+	EIS: "name=RFC2617 HTTP Authentication: Basic and Digest Access Authentication", "protocol=URI", "src=http://tools.ietf.org/html/rfc2617"
+	EIS: "name=Wikipedia Basic Access Authentication", "protocol=URI", "src=http://en.wikipedia.org/wiki/Basic_access_authentication"
+	EIS: "name=Wikipedia Digest Access Authentication", "protocol=URI", "src=http://en.wikipedia.org/wiki/Digest_access_authentication"
 
 class
 	HTTP_AUTHORIZATION
@@ -10,6 +14,8 @@ class
 inherit
 	REFACTORING_HELPER
 
+	DEBUG_OUTPUT
+
 create
 	make,
 	make_basic_auth,
@@ -17,94 +23,133 @@ create
 
 feature {NONE} -- Initialization
 
-	make (a_http_authorization: detachable READABLE_STRING_GENERAL)
+	make (a_http_authorization: READABLE_STRING_8)
 			-- Initialize `Current'.
 		local
 			i: INTEGER
 			t, s: STRING_8
-			u,p: READABLE_STRING_8
+			u,p: READABLE_STRING_32
+			utf: UTF_CONVERTER
 		do
-			if a_http_authorization /= Void then
+			create http_authorization.make_from_string (a_http_authorization)
-				s := a_http_authorization.as_string_8
+			create t.make_empty
-				create http_authorization.make_from_string (s)
+			type := t
-				if not s.is_empty then
+			if not a_http_authorization.is_empty then
 				i := 1
-					if s[i] = ' ' then
+				if a_http_authorization[i] = ' ' then
 					i := i + 1
 				end
-					i := s.index_of (' ', i)
+				i := a_http_authorization.index_of (' ', i)
 				if i > 0 then
-						t := s.substring (1, i - 1).as_lower
+					t.append (a_http_authorization.substring (1, i - 1))
 					t.right_adjust; t.left_adjust
-						type := t
+					if t.same_string (Basic_auth_type) then
-						if t.same_string ("basic") then
+						type := Basic_auth_type
-							s := (create {BASE64}).decoded_string (s.substring (i + 1, s.count))
+						s := (create {BASE64}).decoded_string (a_http_authorization.substring (i + 1, a_http_authorization.count))
 						i := s.index_of (':', 1) --| Let's assume ':' is forbidden in login ...
 						if i > 0 then
-								u := s.substring (1, i - 1).as_string_32
+							u := utf.utf_8_string_8_to_string_32 (s.substring (1, i - 1)) -- UTF_8 decoding to support unicode password
-								p := s.substring (i + 1, s.count).as_string_32
+							p := utf.utf_8_string_8_to_string_32 (s.substring (i + 1, s.count)) -- UTF_8 decoding to support unicode password
 							login := u
 							password := p
 							check
 								(create {HTTP_AUTHORIZATION}.make_custom_auth (u, p, t)).http_authorization ~ http_authorization
 							end
 						end
-						elseif t.same_string ("digest") then
+					elseif t.same_string (Digest_auth_type) then
+						type := Digest_auth_type
 						to_implement ("HTTP Authorization %"digest%", not yet implemented")
 					else
 						to_implement ("HTTP Authorization %""+ t +"%", not yet implemented")
 					end
 				end
 			end
-			else
-				http_authorization := Void
-			end
 		end
 
 	make_basic_auth (u: READABLE_STRING_32; p: READABLE_STRING_32)
+			-- Create a Basic authentication.
 		do
-			make_custom_auth (u, p, "basic")
+			make_custom_auth (u, p, Basic_auth_type)
 		end
 
 	make_custom_auth (u: READABLE_STRING_32; p: READABLE_STRING_32; a_type: READABLE_STRING_8)
+			-- Create a custom `a_type' authentication.
+		require
+			a_type_accepted: a_type.is_case_insensitive_equal (Basic_auth_type)
+							or a_type.is_case_insensitive_equal (Digest_auth_type)
 		local
 			t: STRING_8
+			utf: UTF_CONVERTER
 		do
 			login := u
 			password := p
-			create t.make_from_string (a_type.as_lower)
+			create t.make_from_string (a_type)
 			t.left_adjust; t.right_adjust
 			type := t
-			if t.same_string ("basic") then
+			if t.is_case_insensitive_equal (Basic_auth_type) then
-				create http_authorization.make_from_string ("Basic " + (create {BASE64}).encoded_string (u + ":" + p))
+				type := Basic_auth_type
+				create http_authorization.make_from_string ("Basic " + (create {BASE64}).encoded_string (utf.string_32_to_utf_8_string_8 (u + {STRING_32} ":" + p)))
+			elseif t.is_case_insensitive_equal (Digest_auth_type) then
+				type := Digest_auth_type
+				to_implement ("HTTP Authorization %""+ t +"%", not yet implemented")
+				create http_authorization.make_from_string (t + " ...NOT IMPLEMENTED")
 			else
 				to_implement ("HTTP Authorization %""+ t +"%", not yet implemented")
+				create http_authorization.make_from_string ("Digest ...NOT IMPLEMENTED")
 			end
 		end
 
 feature -- Access
 
-	type: detachable READABLE_STRING_8
+	http_authorization: IMMUTABLE_STRING_8
+
+	type: READABLE_STRING_8
 
 	login: detachable READABLE_STRING_32
 
 	password: detachable READABLE_STRING_32
 
-	http_authorization: detachable IMMUTABLE_STRING_8
-
 feature -- Status report
 
 	is_basic: BOOLEAN
 			-- Is Basic authorization?
 		do
-			if attached type as t then
+			Result := type.is_case_insensitive_equal (Basic_auth_type)
-				Result := t.same_string ("basic")
+		end
+
+	is_digest: BOOLEAN
+			-- Is Basic authorization?
+		do
+			Result := type.is_case_insensitive_equal (Digest_auth_type)
+		end
+
+	debug_output: STRING_32
+			-- String that should be displayed in debugger to represent `Current'.
+		do
+			create Result.make_empty
+			Result.append (type)
+			Result.append (" ")
+			if attached login as l_login then
+				Result.append ("login=[")
+				Result.append (l_login)
+				Result.append ("] ")
+			end
+			if attached password as l_password then
+				Result.append ("password=[")
+				Result.append (l_password)
+				Result.append ("] ")
 			end
 		end
 
+feature -- Constants
+
+	Basic_auth_type: STRING_8 = "Basic"
+	Digest_auth_type: STRING_8 = "Digest"
+
 invariant
 
-	type_is_lower: attached type as t implies t.same_string (t.as_lower)
+	type_valid: (type.is_case_insensitive_equal (basic_auth_type) implies type = basic_auth_type)
+				or (type.is_case_insensitive_equal (Digest_auth_type) implies type = Digest_auth_type)
 
 
 end

library/server/authentication/http_authorization/testing/http_authorization_tests.e

@@ -0,0 +1,57 @@
+note
+	description: "[
+		Eiffel tests that can be executed by testing tool.
+	]"
+	author: "EiffelStudio test wizard"
+	date: "$Date$"
+	revision: "$Revision$"
+	testing: "type/manual"
+
+class
+	HTTP_AUTHORIZATION_TESTS
+
+inherit
+	EQA_TEST_SET
+
+feature -- Test routines
+
+	test_basic
+			-- New test routine
+		local
+			l_auth: READABLE_STRING_8
+			u,p: detachable READABLE_STRING_32
+			h: HTTP_AUTHORIZATION
+		do
+			l_auth := "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
+			create h.make (l_auth)
+			assert ("login", attached h.login as l_login and then l_login.same_string ("Aladdin"))
+			assert ("password", attached h.password as l_password and then l_password.same_string ("open sesame"))
+
+			check_basic_auth_for_login_password ("Aladdin", "open sesame", "Aladdin")
+			check_basic_auth_for_login_password ("", "", "empty")
+			check_basic_auth_for_login_password ("@#$@%%@??<.,.,", "@@#$&)&*>M<?>:ASDFDSA''", "symbol")
+			check_basic_auth_for_login_password ({STRING_32} "%/20320/%/22909/%/21527/", {STRING_32}"%/20320/%/22909/%/21527/", "unicode")
+			check_basic_auth_for_login_password (create {STRING_32}.make_filled ('u', 100) + {STRING_32}"%/20320/%/22909/%/21527/", create {STRING_32}.make_filled ('p', 100) + {STRING_32}"%/20320/%/22909/%/21527/", "long unicode")
+		end
+
+feature -- Impl
+
+	check_basic_auth_for_login_password (u,p: READABLE_STRING_32; a_title: READABLE_STRING_8)
+		local
+			h: HTTP_AUTHORIZATION
+			l_auth: READABLE_STRING_8
+		do
+			create h.make_basic_auth (u, p)
+			assert (a_title + ":login", attached h.login as l_login and then l_login.same_string (u))
+			assert (a_title + ":password", attached h.password as l_password and then l_password.same_string (p))
+			l_auth := h.http_authorization
+
+			create h.make (l_auth)
+			assert (a_title + ":basic", h.type.is_case_insensitive_equal ("Basic"))
+			assert (a_title + ":login", attached h.login as l_login and then l_login.same_string (u))
+			assert (a_title + ":password", attached h.password as l_password and then l_password.same_string (p))
+		end
+
+end
+
+

library/server/authentication/http_authorization/testing/testing-safe.ecf

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-12-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-12-0 http://www.eiffel.com/developers/xml/configuration-1-12-0.xsd" name="testing" uuid="1AEF36BD-FB72-4B52-8845-4EF4AC7B709A">
+	<target name="testing">
+		<root class="ANY" feature="default_create"/>
+		<file_rule>
+			<exclude>/.git$</exclude>
+			<exclude>/EIFGENs$</exclude>
+			<exclude>/.svn$</exclude>
+		</file_rule>
+		<option warning="true" full_class_checking="true" is_attached_by_default="true" void_safety="transitional" syntax="standard">
+			<assertions precondition="true" postcondition="true" check="true" invariant="true" loop="true" supplier_precondition="true"/>
+		</option>
+		<setting name="concurrency" value="none"/>
+		<library name="base" location="$ISE_LIBRARY\library\base\base-safe.ecf"/>
+		<library name="http_authorization" location="..\http_authorization-safe.ecf" readonly="false" use_application_options="true"/>
+		<library name="testing" location="$ISE_LIBRARY\library\testing\testing-safe.ecf"/>
+		<tests name="tests" location=".\" recursive="true"/>
+	</target>
+</system>