net/http/http_auth_handler_digest.cc - Issue 6525035: Invalidate credentials if the server rejects them.

Side by Side Diff: net/http/http_auth_handler_digest.cc

Issue 6525035: Invalidate credentials if the server rejects them. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Extra whitespace Created 9 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/http/http_auth_handler_digest.h"	5 #include "net/http/http_auth_handler_digest.h"

6	6

7 #include <string>	7 #include <string>

8	8

9 #include "base/logging.h"	9 #include "base/logging.h"

10 #include "base/md5.h"	10 #include "base/md5.h"

(...skipping 96 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
107 HttpAuth::AuthorizationResult HttpAuthHandlerDigest::HandleAnotherChallenge(	107 HttpAuth::AuthorizationResult HttpAuthHandlerDigest::HandleAnotherChallenge(

108 HttpAuth::ChallengeTokenizer* challenge) {	108 HttpAuth::ChallengeTokenizer* challenge) {

109 // Even though Digest is not connection based, a "second round" is parsed	109 // Even though Digest is not connection based, a "second round" is parsed

110 // to differentiate between stale and rejected responses.	110 // to differentiate between stale and rejected responses.

111 // Note that the state of the current handler is not mutated - this way if	111 // Note that the state of the current handler is not mutated - this way if

112 // there is a rejection the realm hasn't changed.	112 // there is a rejection the realm hasn't changed.

113 if (!LowerCaseEqualsASCII(challenge->scheme(), "digest"))	113 if (!LowerCaseEqualsASCII(challenge->scheme(), "digest"))

114 return HttpAuth::AUTHORIZATION_RESULT_INVALID;	114 return HttpAuth::AUTHORIZATION_RESULT_INVALID;

115	115

116 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs();	116 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs();

	117 std::string realm;

117	118

118 // Try to find the "stale" value.	119 // Try to find the "stale" value, and also keep track of the realm

	120 // for the new challenge.

119 while (parameters.GetNext()) {	121 while (parameters.GetNext()) {

120 if (!LowerCaseEqualsASCII(parameters.name(), "stale"))	122 if (LowerCaseEqualsASCII(parameters.name(), "stale")) {

121 continue;	123 if (LowerCaseEqualsASCII(parameters.value(), "true"))

122 if (LowerCaseEqualsASCII(parameters.value(), "true"))	124 return HttpAuth::AUTHORIZATION_RESULT_STALE;

123 return HttpAuth::AUTHORIZATION_RESULT_STALE;	125 } else if (LowerCaseEqualsASCII(parameters.name(), "realm"))
	cbentzel 2011/02/16 20:51:39 Nit: retain the braces in if/else Nit: retain the braces in if/else asanka 2011/02/16 22:39:19 Done. Show quoted text On 2011/02/16 20:51:39, cbentzel wrote: > Nit: retain the braces in if/else Done.
	126 realm = parameters.value();

124 }	127 }

125	128 return (realm_ != realm)?
	cbentzel 2011/02/16 20:51:39 Nit: There's usually a space between the two. I Nit: There's usually a space between the two. I cbentzel 2011/02/16 20:51:39 You should add a test case for this in HttpAuthHan You should add a test case for this in HttpAuthHandlerDigestTest.HandleAnotherChallenge (in http_auth_handler_digest_unittest.cc) Ditto for Basic. I'm glad you added some browser tests, but the net unittests run a lot faster, so worth keeping in there. asanka 2011/02/16 22:39:19 Done. I wonder if there's value in moving these c Show quoted text On 2011/02/16 20:51:39, cbentzel wrote: > You should add a test case for this in > HttpAuthHandlerDigestTest.HandleAnotherChallenge (in > http_auth_handler_digest_unittest.cc) > > Ditto for Basic. > > I'm glad you added some browser tests, but the net unittests run a lot faster, > so worth keeping in there. Done. I wonder if there's value in moving these couple of tests into net_unittests entirely.
126 return HttpAuth::AUTHORIZATION_RESULT_REJECT;	129 HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM:

	130 HttpAuth::AUTHORIZATION_RESULT_REJECT;

127 }	131 }

128	132

129 bool HttpAuthHandlerDigest::Init(HttpAuth::ChallengeTokenizer* challenge) {	133 bool HttpAuthHandlerDigest::Init(HttpAuth::ChallengeTokenizer* challenge) {

130 return ParseChallenge(challenge);	134 return ParseChallenge(challenge);

131 }	135 }

132	136

133 int HttpAuthHandlerDigest::GenerateAuthTokenImpl(	137 int HttpAuthHandlerDigest::GenerateAuthTokenImpl(

134 const string16* username,	138 const string16* username,

135 const string16* password,	139 const string16* password,

136 const HttpRequestInfo* request,	140 const HttpRequestInfo* request,

(...skipping 229 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
366 // TODO(eroman): Supposedly IIS server requires quotes surrounding qop.	370 // TODO(eroman): Supposedly IIS server requires quotes surrounding qop.

367 authorization += ", qop=" + QopToString(qop_);	371 authorization += ", qop=" + QopToString(qop_);

368 authorization += ", nc=" + nc;	372 authorization += ", nc=" + nc;

369 authorization += ", cnonce=" + HttpUtil::Quote(cnonce);	373 authorization += ", cnonce=" + HttpUtil::Quote(cnonce);

370 }	374 }

371	375

372 return authorization;	376 return authorization;

373 }	377 }

374	378

375 } // namespace net	379 } // namespace net

OLD	NEW

« net/http/http_auth_controller.h ('K') | « net/http/http_auth_handler_basic.cc ('k') | net/tools/testserver/testserver.py » ('j') | no next file with comments »