[Mono.Android] Handle "No authentication challenges found" on HTTP 401

[jamie94bc]

Pre-KitKat (< API 19), when accessing Java.Net.HttpURLConnection.ResponseCode for a 401 response without a WWW-Authenticate header, Java.IO.IOException: No authentication challenges found is thrown.

This commit catches the exception, ensuring a 401 is returned by AndroidClientHandler.

Android libcore sources:

• Source of exception <= API 18
• Switch to okhttp API 19+

[monojenkins]

Hello! I'm the build bot for the Mono project.

I need approval from a Mono team member to build this pull request. A team member should reply with "approve" to approve a build of this pull request, "whitelist" to whitelist this and all future pull requests from this contributor, or "build" to explicitly request a build, even if one has already been done.

Contributors can ignore this message.

[jonpryor]

I'm wondering how IOException compiles when both System.IO and Java.IO are in scope, and both of those namespaces have an IOException type...

I also find it somewhat amusing that the fix to httpConnection.ResponseCode throwing an exception...is to call it again.

insanity is doing the same thing over and over and expecting a different result.

Oh Android, I ❤️ you so much...

[jonpryor]

Is it possible to write a test for this? Or, can you provide instructions on what a server would need to do to hit this code path when running on e.g. API-18? We might be able to get a server to behave in the (in?)appropriate way.

[jamie94bc]

I'll get an updated commit and see if I can add a test for this.

I believe calling ResponseCode on a second call because httpEngine.hasResponse() would evaluate to true, so processResponseHeaders and therefore getAuthorizationCredentials wouldn't be called the second time around:

https://android.googlesource.com/platform/libcore/+/459a682c55c93c554ad4e822260569a204572dda/luni/src/main/java/libcore/net/http/HttpURLConnectionImpl.java#276

private HttpEngine getResponse() throws IOException {
        initHttpEngine();
        if (httpEngine.hasResponse()) {
            return httpEngine;
        }

Updated main PR description.

[jonpryor]

build

[jonpryor]

@jamie94bc: your unit test failed execution:

Failed

AndroidClientHandlerIntegrationTests.HttpClientIntegrationTestBase.ShouldHandle401WithoutWWWAuthenticateHeader

Failing for the past 1 build (Since Unstable#598 )
Took 4.1 sec.
Stacktrace

                                                MESSAGE:
                                                  Expected: Unauthorized
  But was:  OK

                                                +++++++++++++++++++
                                                STACK TRACE:
                                                  at Xamarin.Android.NetTests.HttpClientIntegrationTestBase.ShouldHandle401WithoutWWWAuthenticateHeader () [0x00057] in <dbb697cdf4384c2399ee6aadf056cd00>:0 
  at (wrapper managed-to-native) System.Reflection.MonoMethod:InternalInvoke (System.Reflection.MonoMethod,object,object[],System.Exception&)
  at System.Reflection.MonoMethod.Invoke (System.Object obj, System.Reflection.BindingFlags invokeAttr, System.Reflection.Binder binder, System.Object[] parameters, System.Globalization.CultureInfo culture) [0x00038] in <4faaf451b1da438db18760f64e4eb536>:0 

I suspect the issue is that we use an API-21 emulator to run the unit tests on the PR builder, and API-21 doesn't need your fix. The assertion thus needs a runtime API level check.

[jamie94bc]

@jonpryor that's odd, Expected: Unauthorized But was: OK shouldn't need to have an API level workaround - regardless of the underlying implementation a 401 status code should be a 401 here.

I will try to find some time later this week to look into this 👍

[xamarin-jenkins]

Hello! I'm the build bot for Xamarin. I need approval from a Xamarin team member to build this pull request. A team member should reply with "approve" to approve a build of this pull request, "whitelist" to whitelist this and all future pull requests from this contributor, or "build" to explicitly request a build, even if one has already been done. Contributors can ignore this message.