Respect cookies set in a 401 responses when restarting the http transaction....

net/http/http_network_transaction.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_network_transaction.h"
 
 #include "base/scoped_ptr.h"
 #include "base/compiler_specific.h"
 #include "base/field_trial.h"
 #include "base/string_util.h"
@@ skipping 17 matching lines @@
 #include "net/http/http_util.h"
 
 using base::Time;
 
 namespace net {
 
 //-----------------------------------------------------------------------------
 
 HttpNetworkTransaction::HttpNetworkTransaction(HttpNetworkSession* session,
                                                ClientSocketFactory* csf)
-    : ALLOW_THIS_IN_INITIALIZER_LIST(
+    : pending_auth_target_(HttpAuth::AUTH_NONE),
+      ALLOW_THIS_IN_INITIALIZER_LIST(
           io_callback_(this, &HttpNetworkTransaction::OnIOComplete)),
       user_callback_(NULL),
       session_(session),
       request_(NULL),
       pac_request_(NULL),
       socket_factory_(csf),
       connection_(session->connection_pool()),
       reused_socket_(false),
       using_ssl_(false),
       using_proxy_(false),
@@ skipping 36 matching lines @@
   int rv = DoLoop(OK);
   if (rv == ERR_IO_PENDING)
     user_callback_ = callback;
   return rv;
 }
 
 int HttpNetworkTransaction::RestartWithAuth(
     const std::wstring& username,
     const std::wstring& password,
     CompletionCallback* callback) {
+  HttpAuth::Target target = pending_auth_target_;
+  if (target == HttpAuth::AUTH_NONE) {
+    NOTREACHED();
+    return ERR_UNEXPECTED;
+  }
 
-  DCHECK(NeedAuth(HttpAuth::AUTH_PROXY) ||
-         NeedAuth(HttpAuth::AUTH_SERVER));
+  pending_auth_target_ = HttpAuth::AUTH_NONE;
 
-  // Figure out whether this username password is for proxy or server.
-  // Proxy gets set first, then server.
-  HttpAuth::Target target = NeedAuth(HttpAuth::AUTH_PROXY) ?
-      HttpAuth::AUTH_PROXY : HttpAuth::AUTH_SERVER;
+  DCHECK(auth_identity_[target].invalid ||
+         (username.empty() && password.empty()));
 
-  // Update the username/password.
-  auth_identity_[target].source = HttpAuth::IDENT_SRC_EXTERNAL;
-  auth_identity_[target].invalid = false;
-  auth_identity_[target].username = username;
-  auth_identity_[target].password = password;
+  if (auth_identity_[target].invalid) {
+    // Update the username/password.
+    auth_identity_[target].source = HttpAuth::IDENT_SRC_EXTERNAL;
+    auth_identity_[target].invalid = false;
+    auth_identity_[target].username = username;
+    auth_identity_[target].password = password;
+  }
 
   PrepareForAuthRestart(target);
 
   DCHECK(user_callback_ == NULL);
   int rv = DoLoop(OK);
   if (rv == ERR_IO_PENDING)
     user_callback_ = callback;
 
   return rv;
 }
@@ skipping 968 matching lines @@
         response_.headers->HasHeaderValue("Transfer-Encoding", "chunked")) {
       chunked_decoder_.reset(new HttpChunkedDecoder());
     } else {
       response_body_length_ = response_.headers->GetContentLength();
       // If response_body_length_ is still -1, then we have to wait for the
       // server to close the connection.
     }
   }
 
   int rv = HandleAuthChallenge();
-  if (rv == WILL_RESTART_TRANSACTION)
-    return OK;
   if (rv != OK)
     return rv;
 
   if (using_ssl_ && !establishing_tunnel_) {
     SSLClientSocket* ssl_socket =
         reinterpret_cast<SSLClientSocket*>(connection_.socket());
     ssl_socket->GetSSLInfo(&response_.ssl_info);
   }
 
   return OK;
@@ skipping 63 matching lines @@
     case ERR_CONNECTION_CLOSED:
     case ERR_CONNECTION_ABORTED:
       if (ShouldResendRequest())
         error = OK;
       break;
   }
   return error;
 }
 
 void HttpNetworkTransaction::ResetStateForRestart() {
+  pending_auth_target_ = HttpAuth::AUTH_NONE;
   header_buf_.reset();
   header_buf_capacity_ = 0;
   header_buf_len_ = 0;
   header_buf_body_offset_ = -1;
   header_buf_http_offset_ = -1;
   response_body_length_ = -1;
   response_body_read_ = 0;
   read_buf_ = NULL;
   read_buf_len_ = 0;
   request_headers_.clear();
@@ skipping 271 matching lines @@
       // active network attacker could control its contents.  Instead, we just
       // fail to establish the tunnel.
       DCHECK(target == HttpAuth::AUTH_PROXY);
       return ERR_PROXY_AUTH_REQUESTED;
     }
     // We found no supported challenge -- let the transaction continue
     // so we end up displaying the error page.
     return OK;
   }
 
-  bool has_identity_to_try;
   if (auth_handler_[target]->NeedsIdentity()) {
     // Pick a new auth identity to try, by looking to the URL and auth cache.
     // If an identity to try is found, it is saved to auth_identity_[target].
-    has_identity_to_try = SelectNextAuthIdentityToTry(target);
+    SelectNextAuthIdentityToTry(target);
   } else {
     // Proceed with a null identity.
     //
     // TODO(wtc): Add a safeguard against infinite transaction restarts, if
     // the server keeps returning "NTLM".
     auth_identity_[target].source = HttpAuth::IDENT_SRC_NONE;
     auth_identity_[target].invalid = false;
     auth_identity_[target].username.clear();
     auth_identity_[target].password.clear();
-    has_identity_to_try = true;
-  }
-  DCHECK(has_identity_to_try == !auth_identity_[target].invalid);
-
-  if (has_identity_to_try) {
-    DCHECK(user_callback_);
-    PrepareForAuthRestart(target);
-    return WILL_RESTART_TRANSACTION;
   }
 
-  // We have exhausted all identity possibilities, all we can do now is
-  // pass the challenge information back to the client.
-  PopulateAuthChallenge(target);
+  // Make a note that we are waiting for auth. This variable is inspected
+  // when the client calls RestartWithAuth() to pick up where we left off.
+  pending_auth_target_ = target;
+
+  if (auth_identity_[target].invalid) {
+    // We have exhausted all identity possibilities, all we can do now is
+    // pass the challenge information back to the client.
+    PopulateAuthChallenge(target);
+  }
   return OK;
 }
 
 void HttpNetworkTransaction::PopulateAuthChallenge(HttpAuth::Target target) {
   // Populates response_.auth_challenge with the authentication challenge info.
   // This info is consumed by URLRequestHttpJob::GetAuthChallengeInfo().
 
   AuthChallengeInfo* auth_info = new AuthChallengeInfo;
   auth_info->is_proxy = target == HttpAuth::AUTH_PROXY;
   auth_info->scheme = ASCIIToWide(auth_handler_[target]->scheme());
   // TODO(eroman): decode realm according to RFC 2047.
   auth_info->realm = ASCIIToWide(auth_handler_[target]->realm());
   if (target == HttpAuth::AUTH_PROXY) {
     auth_info->host = ASCIIToWide(proxy_info_.proxy_server().host_and_port());
   } else {
     DCHECK(target == HttpAuth::AUTH_SERVER);
     auth_info->host = ASCIIToWide(request_->url.host());
   }
   response_.auth_challenge = auth_info;
 }
 
 }  // namespace net