Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(466)

Side by Side Diff: net/http/http_auth_handler_basic.cc

Issue 3360017: Fix multi-round authentication.... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: SocketStream fix Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/http/http_auth_handler_basic.h ('k') | net/http/http_auth_handler_basic_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_auth_handler_basic.h" 5 #include "net/http/http_auth_handler_basic.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/base64.h" 9 #include "base/base64.h"
10 #include "base/string_util.h" 10 #include "base/string_util.h"
11 #include "base/utf_string_conversions.h" 11 #include "base/utf_string_conversions.h"
12 #include "net/base/net_errors.h" 12 #include "net/base/net_errors.h"
13 #include "net/http/http_auth.h" 13 #include "net/http/http_auth.h"
14 14
15 namespace net { 15 namespace net {
16 16
17 // Note that if a realm was not specified, we will default it to ""; 17 // Note that if a realm was not specified, we will default it to "";
18 // so specifying 'Basic realm=""' is equivalent to 'Basic'. 18 // so specifying 'Basic realm=""' is equivalent to 'Basic'.
19 // 19 //
20 // This is more generous than RFC 2617, which is pretty clear in the 20 // This is more generous than RFC 2617, which is pretty clear in the
21 // production of challenge that realm is required. 21 // production of challenge that realm is required.
22 // 22 //
23 // We allow it to be compatibility with certain embedded webservers that don't 23 // We allow it to be compatibility with certain embedded webservers that don't
24 // include a realm (see http://crbug.com/20984.) 24 // include a realm (see http://crbug.com/20984.)
25 bool HttpAuthHandlerBasic::Init(HttpAuth::ChallengeTokenizer* challenge) { 25 bool HttpAuthHandlerBasic::Init(HttpAuth::ChallengeTokenizer* challenge) {
26 scheme_ = "basic"; 26 scheme_ = "basic";
27 score_ = 1; 27 score_ = 1;
28 properties_ = 0; 28 properties_ = 0;
29 return ParseChallenge(challenge);
30 }
29 31
32 bool HttpAuthHandlerBasic::ParseChallenge(
33 HttpAuth::ChallengeTokenizer* challenge) {
30 // Verify the challenge's auth-scheme. 34 // Verify the challenge's auth-scheme.
31 if (!challenge->valid() || 35 if (!challenge->valid() ||
32 !LowerCaseEqualsASCII(challenge->scheme(), "basic")) 36 !LowerCaseEqualsASCII(challenge->scheme(), "basic"))
33 return false; 37 return false;
34 38
35 // Extract the realm (may be missing). 39 // Extract the realm (may be missing).
40 std::string realm;
36 while (challenge->GetNext()) { 41 while (challenge->GetNext()) {
37 if (LowerCaseEqualsASCII(challenge->name(), "realm")) 42 if (LowerCaseEqualsASCII(challenge->name(), "realm"))
38 realm_ = challenge->unquoted_value(); 43 realm = challenge->unquoted_value();
39 } 44 }
40 45
41 return challenge->valid(); 46 if (!challenge->valid())
47 return false;
48
49 realm_ = realm;
50 return true;
51 }
52
53 HttpAuth::AuthorizationResult HttpAuthHandlerBasic::HandleAnotherChallenge(
54 HttpAuth::ChallengeTokenizer* challenge) {
55 // Basic authentication is always a single round, so any responses should
56 // be treated as a rejection.
57 return HttpAuth::AUTHORIZATION_RESULT_REJECT;
42 } 58 }
43 59
44 int HttpAuthHandlerBasic::GenerateAuthTokenImpl( 60 int HttpAuthHandlerBasic::GenerateAuthTokenImpl(
45 const string16* username, 61 const string16* username,
46 const string16* password, 62 const string16* password,
47 const HttpRequestInfo*, 63 const HttpRequestInfo*,
48 CompletionCallback*, 64 CompletionCallback*,
49 std::string* auth_token) { 65 std::string* auth_token) {
50 // TODO(eroman): is this the right encoding of username/password? 66 // TODO(eroman): is this the right encoding of username/password?
51 std::string base64_username_password; 67 std::string base64_username_password;
(...skipping 23 matching lines...) Expand all
75 // TODO(cbentzel): Move towards model of parsing in the factory 91 // TODO(cbentzel): Move towards model of parsing in the factory
76 // method and only constructing when valid. 92 // method and only constructing when valid.
77 scoped_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerBasic()); 93 scoped_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerBasic());
78 if (!tmp_handler->InitFromChallenge(challenge, target, origin, net_log)) 94 if (!tmp_handler->InitFromChallenge(challenge, target, origin, net_log))
79 return ERR_INVALID_RESPONSE; 95 return ERR_INVALID_RESPONSE;
80 handler->swap(tmp_handler); 96 handler->swap(tmp_handler);
81 return OK; 97 return OK;
82 } 98 }
83 99
84 } // namespace net 100 } // namespace net
OLDNEW
« no previous file with comments | « net/http/http_auth_handler_basic.h ('k') | net/http/http_auth_handler_basic_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698