Allow Zotero.HTTP.request() to be mocked

sinon.useFakeXMLHttpRequest() doesn't work in our case, but if
Zotero.HTTP.mock is set, Zotero.HTTP.request() will create new instances of
that object instead of the built-in XMLHttpRequest, so it can be set to
FakeXMLHttpRequest:

Zotero.HTTP.mock = sinon.FakeXMLHttpRequest;
var server = sinon.fakeServer.create();
server.autoRespond = true;
server.respondWith("GET", "/users/1",
  [200, {"Content-Type": "application/json"}, '{"userID": 1}']);
var userInfo = yield getUser();
Zotero.HTTP.mock = null;
server.restore(); // probably not necessary

chrome/content/zotero/xpcom/http.js

@@ -19,11 +19,13 @@ Zotero.HTTP = new function() {
 		// Password also shows up in channel.name (nsIRequest.name), but that's
 		// read-only and has to be handled in Zotero.varDump()
 		try {
-			if (xmlhttp.channel.URI.password) {
-				xmlhttp.channel.URI.password = "********";
-			}
-			if (xmlhttp.channel.URI.spec) {
-				xmlhttp.channel.URI.spec = xmlhttp.channel.URI.spec.replace(/key=[^&]+&?/, "key=********");
+			if (xmlhttp.channel) {
+				if (xmlhttp.channel.URI.password) {
+					xmlhttp.channel.URI.password = "********";
+				}
+				if (xmlhttp.channel.URI.spec) {
+					xmlhttp.channel.URI.spec = xmlhttp.channel.URI.spec.replace(/key=[^&]+&?/, "key=********");
+				}
 			}
 		}
 		catch (e) {
@@ -113,8 +115,13 @@ Zotero.HTTP = new function() {
 		
 		var deferred = Zotero.Promise.defer();
 		
-		var xmlhttp = Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"]
-					.createInstance();
+		if (!this.mock) {
+			var xmlhttp = Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"]
+				.createInstance();
+		}
+		else {
+			var xmlhttp = new this.mock;
+		}
 		// Prevent certificate/authentication dialogs from popping up
 		if (!options.foreground) {
 			xmlhttp.mozBackgroundRequest = true;