| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_controller.h" | 5 #include "net/http/http_auth_controller.h" |
| 6 | 6 |
| 7 #include "base/metrics/histogram.h" | 7 #include "base/metrics/histogram.h" |
| 8 #include "base/string_util.h" | 8 #include "base/string_util.h" |
| 9 #include "base/threading/platform_thread.h" | 9 #include "base/threading/platform_thread.h" |
| 10 #include "base/utf_string_conversions.h" | 10 #include "base/utf_string_conversions.h" |
| (...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 266 // challenge appeared to be rejected, or is using a stale nonce in the Digest | 266 // challenge appeared to be rejected, or is using a stale nonce in the Digest |
| 267 // case. | 267 // case. |
| 268 if (HaveAuth()) { | 268 if (HaveAuth()) { |
| 269 std::string challenge_used; | 269 std::string challenge_used; |
| 270 HttpAuth::AuthorizationResult result = HttpAuth::HandleChallengeResponse( | 270 HttpAuth::AuthorizationResult result = HttpAuth::HandleChallengeResponse( |
| 271 handler_.get(), headers, target_, disabled_schemes_, &challenge_used); | 271 handler_.get(), headers, target_, disabled_schemes_, &challenge_used); |
| 272 switch (result) { | 272 switch (result) { |
| 273 case HttpAuth::AUTHORIZATION_RESULT_ACCEPT: | 273 case HttpAuth::AUTHORIZATION_RESULT_ACCEPT: |
| 274 break; | 274 break; |
| 275 case HttpAuth::AUTHORIZATION_RESULT_INVALID: | 275 case HttpAuth::AUTHORIZATION_RESULT_INVALID: |
| 276 InvalidateCurrentHandler(); | 276 InvalidateCurrentHandler(true); |
| 277 break; | 277 break; |
| 278 case HttpAuth::AUTHORIZATION_RESULT_REJECT: | 278 case HttpAuth::AUTHORIZATION_RESULT_REJECT: |
| 279 HistogramAuthEvent(handler_.get(), AUTH_EVENT_REJECT); | 279 HistogramAuthEvent(handler_.get(), AUTH_EVENT_REJECT); |
| 280 InvalidateCurrentHandler(); | 280 InvalidateCurrentHandler(true); |
| 281 break; | 281 break; |
| 282 case HttpAuth::AUTHORIZATION_RESULT_STALE: | 282 case HttpAuth::AUTHORIZATION_RESULT_STALE: |
| 283 if (http_auth_cache_->UpdateStaleChallenge(auth_origin_, | 283 if (http_auth_cache_->UpdateStaleChallenge(auth_origin_, |
| 284 handler_->realm(), | 284 handler_->realm(), |
| 285 handler_->auth_scheme(), | 285 handler_->auth_scheme(), |
| 286 challenge_used)) { | 286 challenge_used)) { |
| 287 handler_.reset(); | 287 InvalidateCurrentHandler(false); |
| 288 identity_ = HttpAuth::Identity(); | |
| 289 } else { | 288 } else { |
| 290 // It's possible that a server could incorrectly issue a stale | 289 // It's possible that a server could incorrectly issue a stale |
| 291 // response when the entry is not in the cache. Just evict the | 290 // response when the entry is not in the cache. Just evict the |
| 292 // current value from the cache. | 291 // current value from the cache. |
| 293 InvalidateCurrentHandler(); | 292 InvalidateCurrentHandler(true); |
| 294 } | 293 } |
| 295 break; | 294 break; |
| 295 case HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM: |
| 296 InvalidateCurrentHandler(false); |
| 297 break; |
| 296 default: | 298 default: |
| 297 NOTREACHED(); | 299 NOTREACHED(); |
| 298 break; | 300 break; |
| 299 } | 301 } |
| 300 } | 302 } |
| 301 | 303 |
| 302 identity_.invalid = true; | 304 identity_.invalid = true; |
| 303 | 305 |
| 304 bool can_send_auth = (target_ != HttpAuth::AUTH_SERVER || | 306 bool can_send_auth = (target_ != HttpAuth::AUTH_SERVER || |
| 305 !do_not_send_server_auth); | 307 !do_not_send_server_auth); |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 396 } | 398 } |
| 397 | 399 |
| 398 bool HttpAuthController::HaveAuthHandler() const { | 400 bool HttpAuthController::HaveAuthHandler() const { |
| 399 return handler_.get() != NULL; | 401 return handler_.get() != NULL; |
| 400 } | 402 } |
| 401 | 403 |
| 402 bool HttpAuthController::HaveAuth() const { | 404 bool HttpAuthController::HaveAuth() const { |
| 403 return handler_.get() && !identity_.invalid; | 405 return handler_.get() && !identity_.invalid; |
| 404 } | 406 } |
| 405 | 407 |
| 406 void HttpAuthController::InvalidateCurrentHandler() { | 408 void HttpAuthController::InvalidateCurrentHandler( |
| 409 bool invalidate_credentials) { |
| 407 DCHECK(CalledOnValidThread()); | 410 DCHECK(CalledOnValidThread()); |
| 408 | 411 |
| 409 InvalidateRejectedAuthFromCache(); | 412 if (invalidate_credentials) |
| 413 InvalidateRejectedAuthFromCache(); |
| 410 handler_.reset(); | 414 handler_.reset(); |
| 411 identity_ = HttpAuth::Identity(); | 415 identity_ = HttpAuth::Identity(); |
| 412 } | 416 } |
| 413 | 417 |
| 414 void HttpAuthController::InvalidateRejectedAuthFromCache() { | 418 void HttpAuthController::InvalidateRejectedAuthFromCache() { |
| 415 DCHECK(CalledOnValidThread()); | 419 DCHECK(CalledOnValidThread()); |
| 416 DCHECK(HaveAuth()); | 420 DCHECK(HaveAuth()); |
| 417 | 421 |
| 418 // TODO(eroman): this short-circuit can be relaxed. If the realm of | |
| 419 // the preemptively used auth entry matches the realm of the subsequent | |
| 420 // challenge, then we can invalidate the preemptively used entry. | |
| 421 // Otherwise as-is we may send the failed credentials one extra time. | |
| 422 if (identity_.source == HttpAuth::IDENT_SRC_PATH_LOOKUP) | |
| 423 return; | |
| 424 | |
| 425 // Clear the cache entry for the identity we just failed on. | 422 // Clear the cache entry for the identity we just failed on. |
| 426 // Note: we require the username/password to match before invalidating | 423 // Note: we require the username/password to match before invalidating |
| 427 // since the entry in the cache may be newer than what we used last time. | 424 // since the entry in the cache may be newer than what we used last time. |
| 428 http_auth_cache_->Remove(auth_origin_, handler_->realm(), | 425 http_auth_cache_->Remove(auth_origin_, handler_->realm(), |
| 429 handler_->auth_scheme(), identity_.username, | 426 handler_->auth_scheme(), identity_.username, |
| 430 identity_.password); | 427 identity_.password); |
| 431 } | 428 } |
| 432 | 429 |
| 433 bool HttpAuthController::SelectNextAuthIdentityToTry() { | 430 bool HttpAuthController::SelectNextAuthIdentityToTry() { |
| 434 DCHECK(CalledOnValidThread()); | 431 DCHECK(CalledOnValidThread()); |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 518 DCHECK(CalledOnValidThread()); | 515 DCHECK(CalledOnValidThread()); |
| 519 return disabled_schemes_.find(scheme) != disabled_schemes_.end(); | 516 return disabled_schemes_.find(scheme) != disabled_schemes_.end(); |
| 520 } | 517 } |
| 521 | 518 |
| 522 void HttpAuthController::DisableAuthScheme(HttpAuth::Scheme scheme) { | 519 void HttpAuthController::DisableAuthScheme(HttpAuth::Scheme scheme) { |
| 523 DCHECK(CalledOnValidThread()); | 520 DCHECK(CalledOnValidThread()); |
| 524 disabled_schemes_.insert(scheme); | 521 disabled_schemes_.insert(scheme); |
| 525 } | 522 } |
| 526 | 523 |
| 527 } // namespace net | 524 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6525035:
Invalidate credentials if the server rejects them. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src