Invalidate credentials if the server rejects them.

chrome/browser/ui/login/login_prompt_browsertest.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <algorithm>
 #include <list>
 #include <map>
 
+#include "base/command_line.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/browser_thread.h"
 #include "chrome/browser/renderer_host/resource_dispatcher_host.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/login/login_prompt.h"
 #include "chrome/browser/ui/tab_contents/tab_contents_wrapper.h"
+#include "chrome/common/chrome_switches.h"
 #include "chrome/common/notification_service.h"
 #include "chrome/test/in_process_browser_test.h"
 #include "chrome/test/ui_test_utils.h"
 #include "net/base/auth.h"
 
 namespace {
 
 class LoginPromptBrowserTest : public InProcessBrowserTest {
  public:
   LoginPromptBrowserTest()
       : bad_password_(L"incorrect"), bad_username_(L"nouser") {
     set_show_window(true);
 
     auth_map_[L"foo"] = AuthInfo(L"testuser", L"foopassword");
     auth_map_[L"bar"] = AuthInfo(L"testuser", L"barpassword");
+    auth_map_[L"testrealm"] = AuthInfo(L"testuser", L"secret");
   }
 
  protected:
   void SetAuthFor(LoginHandler* handler);
 
+  // InProcessBrowserTest
+  virtual void SetUpCommandLine(CommandLine* command_line);
+
   struct AuthInfo {
     std::wstring username_;
     std::wstring password_;
 
     AuthInfo() {}
 
     AuthInfo(const std::wstring username,
              const std::wstring password)
         : username_(username), password_(password) {}
   };
@@ skipping 10 matching lines @@
   std::map<std::wstring, AuthInfo>::iterator i =
       auth_map_.find(challenge->realm);
   EXPECT_TRUE(auth_map_.end() != i);
   if (i != auth_map_.end()) {
     const AuthInfo& info = i->second;
     handler->SetAuth(WideToUTF16Hack(info.username_),
                      WideToUTF16Hack(info.password_));
   }
 }
 
+void LoginPromptBrowserTest::SetUpCommandLine(CommandLine* command_line) {

[cbentzel, 2011/02/16 20:51:39]

Should this be in another CL? 

[asanka, 2011/02/16 22:39:19]

Removed.

+#if defined(OS_POSIX) && !defined(OS_MACOSX)
+  // We are not exercising the password store here and using the Gnome
+  // Keyring can cause tests to timeout (http://crbug.com/68860).  So
+  // just use the basic password store for now.
+  // TODO(asanka): Remove this after http://crbug.com/68860 is fixed.
+  command_line->AppendSwitchASCII(switches::kPasswordStore, "basic");
+#endif
+}
+
 // Maintains a set of LoginHandlers that are currently active and
 // keeps a count of the notifications that were observed.
 class LoginPromptBrowserTestObserver : public NotificationObserver {
  public:
   LoginPromptBrowserTestObserver()
       : auth_needed_count_(0),
         auth_supplied_count_(0),
         auth_cancelled_count_(0) {}
 
   virtual void Observe(NotificationType type,
@@ skipping 329 matching lines @@
   // prompt.
   EXPECT_EQ(1, n_handlers);
   EXPECT_LT(0, observer.auth_needed_count_);
   EXPECT_EQ(0, observer.auth_cancelled_count_);
   EXPECT_EQ(observer.auth_needed_count_, observer.auth_supplied_count_);
   LOG(INFO) << "Waiting for LOAD_STOP";
   load_stop_waiter.Wait();
   EXPECT_TRUE(test_server()->Stop());
   LOG(INFO) << "Done with test";
 }
+
+// If a 401 response is received after we present cached credentials,

[cbentzel, 2011/02/16 20:51:39]

Do you want to add a test for different realms? 

[asanka, 2011/02/16 22:39:19]

Added.  Also added one for Digest.

+// we should remove cached credentials and display a prompt to the
+// user.
+IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest, RemoveCredsOn401Basic) {
+  const char* kTestUrlPre =

[cbentzel, 2011/02/16 20:51:39]

I've been increasingly seeing const char* const for these. 

[asanka, 2011/02/16 22:39:19]

Done.

+      "auth-basic/a?password=foopassword&realm=foo&";
+  const char* kTestUrlPost =
+      "auth-basic/a?password=foopassword&realm=foo&force=1";
+  ASSERT_TRUE(test_server()->Start());
+
+  TabContentsWrapper* contents =
+      browser()->GetSelectedTabContentsWrapper();
+  ASSERT_TRUE(contents);
+
+  NavigationController* controller = &contents->controller();
+  LoginPromptBrowserTestObserver observer;
+
+  observer.Register(Source<NavigationController>(controller));
+
+  {
+    GURL test_page = test_server()->GetURL(kTestUrlPre);
+    WindowedLoadStopObserver load_stop_waiter(controller);
+    WindowedAuthNeededObserver auth_needed_waiter(controller);
+
+    browser()->OpenURL(test_page, GURL(), CURRENT_TAB, PageTransition::TYPED);
+    auth_needed_waiter.Wait();
+    ASSERT_FALSE(observer.handlers_.empty());
+    LoginHandler* handler = *observer.handlers_.begin();
+    ASSERT_TRUE(handler);
+    SetAuthFor(handler);
+    load_stop_waiter.Wait();
+  }
+
+  {
+    GURL test_page = test_server()->GetURL(kTestUrlPost);
+    WindowedLoadStopObserver load_stop_waiter(controller);
+    WindowedAuthNeededObserver auth_needed_waiter(controller);
+
+    browser()->OpenURL(test_page, GURL(), CURRENT_TAB, PageTransition::TYPED);
+
+    // The OpenURL request should result in the server sending back a
+    // 401.  Chrome should at this point remove any cached credentials
+    // for this target and prompt for credentials.  The test server
+    // only sends one 401 request and if Chrome responds with cached
+    // credentials, the wait for AUTH_NEEDED will never complete.
+    auth_needed_waiter.Wait();
+    ASSERT_FALSE(observer.handlers_.empty());
+    LoginHandler* handler = *observer.handlers_.begin();
+    ASSERT_TRUE(handler);
+    SetAuthFor(handler);
+    load_stop_waiter.Wait();
+  }
+
+  EXPECT_TRUE(test_server()->Stop());
+}
+
+// Same as RemoveCredsOn401Basic test, except for Digest
+// authentication.  If we receive a response from the server with a
+// challenge that includes a stale=true token, then we shouldn't
+// remove cached credentials.
+IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest, RemoveCredsOn401Digest) {
+  const char* kTestUrlPre = "auth-digest/a";
+  const char* kTestUrlStale = "auth-digest/a/stale";
+  const char* kTestUrlPost = "auth-digest/a/force";
+  ASSERT_TRUE(test_server()->Start());
+
+  TabContentsWrapper* contents =
+      browser()->GetSelectedTabContentsWrapper();
+  ASSERT_TRUE(contents);
+
+  NavigationController* controller = &contents->controller();
+  LoginPromptBrowserTestObserver observer;
+
+  observer.Register(Source<NavigationController>(controller));
+
+  {
+    GURL test_page = test_server()->GetURL(kTestUrlPre);
+    WindowedLoadStopObserver load_stop_waiter(controller);
+    WindowedAuthNeededObserver auth_needed_waiter(controller);
+
+    browser()->OpenURL(test_page, GURL(), CURRENT_TAB, PageTransition::TYPED);
+    auth_needed_waiter.Wait();
+    ASSERT_FALSE(observer.handlers_.empty());
+    LoginHandler* handler = *observer.handlers_.begin();
+    ASSERT_TRUE(handler);
+    SetAuthFor(handler);
+    load_stop_waiter.Wait();
+  }
+
+  // The stale URL will result in a server response that includes a
+  // stale=true directive.  We should respond with a request generated
+  // using the cached credentials.  There should be no login prompt.
+  {
+    GURL test_page = test_server()->GetURL(kTestUrlStale);
+    WindowedLoadStopObserver load_stop_waiter(controller);
+    browser()->OpenURL(test_page, GURL(), CURRENT_TAB, PageTransition::TYPED);
+    load_stop_waiter.Wait();
+  }
+
+  {
+    GURL test_page = test_server()->GetURL(kTestUrlPost);
+    WindowedLoadStopObserver load_stop_waiter(controller);
+    WindowedAuthNeededObserver auth_needed_waiter(controller);
+
+    browser()->OpenURL(test_page, GURL(), CURRENT_TAB, PageTransition::TYPED);
+
+    // The OpenURL request should result in the server sending back a
+    // 401.  Chrome should at this point remove any cached credentials
+    // for this target and prompt for credentials.  The test server
+    // only sends one 401 request and if Chrome responds with cached
+    // credentials, the wait for AUTH_NEEDED will never complete.
+    auth_needed_waiter.Wait();
+    ASSERT_FALSE(observer.handlers_.empty());
+    LoginHandler* handler = *observer.handlers_.begin();
+    ASSERT_TRUE(handler);
+    SetAuthFor(handler);
+    load_stop_waiter.Wait();
+  }
+
+  EXPECT_TRUE(test_server()->Stop());
+}
 }  // namespace