Chromium Code Reviews Chromium Code Reviews
Issue 6525035:
Invalidate credentials if the server rejects them. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_handler_basic.h" | 5 #include "net/http/http_auth_handler_basic.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/string_util.h" | 10 #include "base/string_util.h" |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 46 | 46 |
| 47 if (!parameters.valid()) | 47 if (!parameters.valid()) |
| 48 return false; | 48 return false; |
| 49 | 49 |
| 50 realm_ = realm; | 50 realm_ = realm; |
| 51 return true; | 51 return true; |
| 52 } | 52 } |
| 53 | 53 |
| 54 HttpAuth::AuthorizationResult HttpAuthHandlerBasic::HandleAnotherChallenge( | 54 HttpAuth::AuthorizationResult HttpAuthHandlerBasic::HandleAnotherChallenge( |
| 55 HttpAuth::ChallengeTokenizer* challenge) { | 55 HttpAuth::ChallengeTokenizer* challenge) { |
| 56 // Basic authentication is always a single round, so any responses should | 56 // Basic authentication is always a single round, so any responses |
| 57 // be treated as a rejection. | 57 // should be treated as a rejection. However, if the new challenge |
| 58 return HttpAuth::AUTHORIZATION_RESULT_REJECT; | 58 // is for a different realm, then indicate the realm change. |
| 59 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); | |
| 60 std::string realm; | |
| 61 while (parameters.GetNext()) { | |
| 62 if (LowerCaseEqualsASCII(parameters.name(), "realm")) { | |
| 63 realm = parameters.value(); | |
| 64 break; | |
|
wtc
2011/02/22 23:17:32
Nit: this while loop should match the while loop i
asanka
2011/02/23 18:06:40
Will fix in a new CL.
| |
| 65 } | |
| 66 } | |
| 67 return (realm_ != realm)? | |
| 68 HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM: | |
| 69 HttpAuth::AUTHORIZATION_RESULT_REJECT; | |
| 59 } | 70 } |
| 60 | 71 |
| 61 int HttpAuthHandlerBasic::GenerateAuthTokenImpl( | 72 int HttpAuthHandlerBasic::GenerateAuthTokenImpl( |
| 62 const string16* username, | 73 const string16* username, |
| 63 const string16* password, | 74 const string16* password, |
| 64 const HttpRequestInfo*, | 75 const HttpRequestInfo*, |
| 65 CompletionCallback*, | 76 CompletionCallback*, |
| 66 std::string* auth_token) { | 77 std::string* auth_token) { |
| 67 // TODO(eroman): is this the right encoding of username/password? | 78 // TODO(eroman): is this the right encoding of username/password? |
| 68 std::string base64_username_password; | 79 std::string base64_username_password; |
| (...skipping 23 matching lines...) Expand all Loading... | |
| 92 // TODO(cbentzel): Move towards model of parsing in the factory | 103 // TODO(cbentzel): Move towards model of parsing in the factory |
| 93 // method and only constructing when valid. | 104 // method and only constructing when valid. |
| 94 scoped_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerBasic()); | 105 scoped_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerBasic()); |
| 95 if (!tmp_handler->InitFromChallenge(challenge, target, origin, net_log)) | 106 if (!tmp_handler->InitFromChallenge(challenge, target, origin, net_log)) |
| 96 return ERR_INVALID_RESPONSE; | 107 return ERR_INVALID_RESPONSE; |
| 97 handler->swap(tmp_handler); | 108 handler->swap(tmp_handler); |
| 98 return OK; | 109 return OK; |
| 99 } | 110 } |
| 100 | 111 |
| 101 } // namespace net | 112 } // namespace net |
| OLD | NEW |
