Invalidate credentials if the server rejects them.

net/tools/testserver/testserver.py

Index: net/tools/testserver/testserver.py
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
index 871e540f8d272e5b69ed949ed0751dcf671a07dc..88ca09d114a726e9e15f2f3ac9c12f40bddf7b67 100755
--- a/net/tools/testserver/testserver.py
+++ b/net/tools/testserver/testserver.py
@@ -932,15 +932,24 @@ class TestPageHandler(BasePageHandler):
     expected_password = 'secret'
     realm = 'testrealm'
     set_cookie_if_challenged = False
+    force_auth = False
 
     _, _, url_path, _, query, _ = urlparse.urlparse(self.path)
     query_params = cgi.parse_qs(query, True)
+    _, cookies = cgi.parse_header('Dummy; ' +
+                                  self.headers.getheader('cookie', ''))
     if 'set-cookie-if-challenged' in query_params:
       set_cookie_if_challenged = True
     if 'password' in query_params:
       expected_password = query_params['password'][0]
     if 'realm' in query_params:
       realm = query_params['realm'][0]
+    # The 'force' argument forces a single 401 response to a request
+    # even if it includes an 'Authorization' header.  It sets the
+    # 'got_forced' cookie which prevents any subsequent requests from
+    # sending a 401.
+    if 'force' in query_params and 'got_forced' not in cookies:
+      force_auth = True
 
     auth = self.headers.getheader('authorization')
     try:
@@ -951,6 +960,8 @@ class TestPageHandler(BasePageHandler):
       username, password = re.findall(r'([^:]+):(\S+)', userpass)[0]
       if password != expected_password:
         raise Exception('wrong password')
+      if force_auth:
+        raise Exception('Correct password.  Re-requesting auth')
     except Exception, e:
       # Authentication failed.
       self.send_response(401)
@@ -958,6 +969,8 @@ class TestPageHandler(BasePageHandler):
       self.send_header('Content-type', 'text/html')
       if set_cookie_if_challenged:
         self.send_header('Set-Cookie', 'got_challenged=true')
+      if force_auth:
+        self.send_header('Set-Cookie', 'got_forced=true')
       self.end_headers()
       self.wfile.write('<html><head>')
       self.wfile.write('<title>Denied: %s</title>' % e)
@@ -1036,8 +1049,11 @@ class TestPageHandler(BasePageHandler):
     if not self._ShouldHandleRequest("/auth-digest"):
       return False
 
+    _, cookies = cgi.parse_header('Dummy; ' +
+                                  self.headers.getheader('cookie', ''))
     stale = 'stale' in self.path
-    nonce = self.GetNonce(force_reset=stale)
+    force = ('force' in self.path and 'got_forced' not in cookies)
+    nonce = self.GetNonce(force_reset=(stale or force))
     opaque = _new_md5('opaque').hexdigest()
     password = 'secret'
     realm = 'testrealm'
@@ -1071,6 +1087,8 @@ class TestPageHandler(BasePageHandler):
 
       if pairs['response'] != response:
         raise Exception('wrong password')
+      if force:
+        raise Exception('Forcing')
     except Exception, e:
       # Authentication failed.
       self.send_response(401)
@@ -1085,6 +1103,8 @@ class TestPageHandler(BasePageHandler):
         hdr += ', stale="TRUE"'
       self.send_header('WWW-Authenticate', hdr)
       self.send_header('Content-type', 'text/html')
+      if force:
+        self.send_header('Set-Cookie', 'got_forced=true')
       self.end_headers()
       self.wfile.write('<html><head>')
       self.wfile.write('<title>Denied: %s</title>' % e)