Invalidate credentials if the server rejects them.

chrome/browser/ui/login/login_prompt_browsertest.cc

Index: chrome/browser/ui/login/login_prompt_browsertest.cc
diff --git a/chrome/browser/ui/login/login_prompt_browsertest.cc b/chrome/browser/ui/login/login_prompt_browsertest.cc
index bc52d66d8bb5e2f95662576d065ccda10306650e..7695f634ac5262d73a9646bc900e914c412bf730 100644
--- a/chrome/browser/ui/login/login_prompt_browsertest.cc
+++ b/chrome/browser/ui/login/login_prompt_browsertest.cc
@@ -6,12 +6,14 @@
 #include <list>
 #include <map>
 
+#include "base/command_line.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/browser_thread.h"
 #include "chrome/browser/renderer_host/resource_dispatcher_host.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/login/login_prompt.h"
 #include "chrome/browser/ui/tab_contents/tab_contents_wrapper.h"
+#include "chrome/common/chrome_switches.h"
 #include "chrome/common/notification_service.h"
 #include "chrome/test/in_process_browser_test.h"
 #include "chrome/test/ui_test_utils.h"
@@ -27,11 +29,15 @@ class LoginPromptBrowserTest : public InProcessBrowserTest {
 
     auth_map_[L"foo"] = AuthInfo(L"testuser", L"foopassword");
     auth_map_[L"bar"] = AuthInfo(L"testuser", L"barpassword");
+    auth_map_[L"testrealm"] = AuthInfo(L"testuser", L"secret");
   }
 
  protected:
   void SetAuthFor(LoginHandler* handler);
 
+  // InProcessBrowserTest
+  virtual void SetUpCommandLine(CommandLine* command_line);
+
   struct AuthInfo {
     std::wstring username_;
     std::wstring password_;
@@ -62,6 +68,16 @@ void LoginPromptBrowserTest::SetAuthFor(LoginHandler* handler) {
   }
 }
 
+void LoginPromptBrowserTest::SetUpCommandLine(CommandLine* command_line) {

[cbentzel, 2011/02/16 20:51:39]

Should this be in another CL? 

[asanka, 2011/02/16 22:39:19]

Removed.

+#if defined(OS_POSIX) && !defined(OS_MACOSX)
+  // We are not exercising the password store here and using the Gnome
+  // Keyring can cause tests to timeout (http://crbug.com/68860).  So
+  // just use the basic password store for now.
+  // TODO(asanka): Remove this after http://crbug.com/68860 is fixed.
+  command_line->AppendSwitchASCII(switches::kPasswordStore, "basic");
+#endif
+}
+
 // Maintains a set of LoginHandlers that are currently active and
 // keeps a count of the notifications that were observed.
 class LoginPromptBrowserTestObserver : public NotificationObserver {
@@ -411,4 +427,126 @@ IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest, DISABLED_IncorrectConfirmation) {
   EXPECT_TRUE(test_server()->Stop());
   LOG(INFO) << "Done with test";
 }
+
+// If a 401 response is received after we present cached credentials,

[cbentzel, 2011/02/16 20:51:39]

Do you want to add a test for different realms? 

[asanka, 2011/02/16 22:39:19]

Added.  Also added one for Digest.

+// we should remove cached credentials and display a prompt to the
+// user.
+IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest, RemoveCredsOn401Basic) {
+  const char* kTestUrlPre =

[cbentzel, 2011/02/16 20:51:39]

I've been increasingly seeing const char* const for these. 

[asanka, 2011/02/16 22:39:19]

Done.

+      "auth-basic/a?password=foopassword&realm=foo&";
+  const char* kTestUrlPost =
+      "auth-basic/a?password=foopassword&realm=foo&force=1";
+  ASSERT_TRUE(test_server()->Start());
+
+  TabContentsWrapper* contents =
+      browser()->GetSelectedTabContentsWrapper();
+  ASSERT_TRUE(contents);
+
+  NavigationController* controller = &contents->controller();
+  LoginPromptBrowserTestObserver observer;
+
+  observer.Register(Source<NavigationController>(controller));
+
+  {
+    GURL test_page = test_server()->GetURL(kTestUrlPre);
+    WindowedLoadStopObserver load_stop_waiter(controller);
+    WindowedAuthNeededObserver auth_needed_waiter(controller);
+
+    browser()->OpenURL(test_page, GURL(), CURRENT_TAB, PageTransition::TYPED);
+    auth_needed_waiter.Wait();
+    ASSERT_FALSE(observer.handlers_.empty());
+    LoginHandler* handler = *observer.handlers_.begin();
+    ASSERT_TRUE(handler);
+    SetAuthFor(handler);
+    load_stop_waiter.Wait();
+  }
+
+  {
+    GURL test_page = test_server()->GetURL(kTestUrlPost);
+    WindowedLoadStopObserver load_stop_waiter(controller);
+    WindowedAuthNeededObserver auth_needed_waiter(controller);
+
+    browser()->OpenURL(test_page, GURL(), CURRENT_TAB, PageTransition::TYPED);
+
+    // The OpenURL request should result in the server sending back a
+    // 401.  Chrome should at this point remove any cached credentials
+    // for this target and prompt for credentials.  The test server
+    // only sends one 401 request and if Chrome responds with cached
+    // credentials, the wait for AUTH_NEEDED will never complete.
+    auth_needed_waiter.Wait();
+    ASSERT_FALSE(observer.handlers_.empty());
+    LoginHandler* handler = *observer.handlers_.begin();
+    ASSERT_TRUE(handler);
+    SetAuthFor(handler);
+    load_stop_waiter.Wait();
+  }
+
+  EXPECT_TRUE(test_server()->Stop());
+}
+
+// Same as RemoveCredsOn401Basic test, except for Digest
+// authentication.  If we receive a response from the server with a
+// challenge that includes a stale=true token, then we shouldn't
+// remove cached credentials.
+IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest, RemoveCredsOn401Digest) {
+  const char* kTestUrlPre = "auth-digest/a";
+  const char* kTestUrlStale = "auth-digest/a/stale";
+  const char* kTestUrlPost = "auth-digest/a/force";
+  ASSERT_TRUE(test_server()->Start());
+
+  TabContentsWrapper* contents =
+      browser()->GetSelectedTabContentsWrapper();
+  ASSERT_TRUE(contents);
+
+  NavigationController* controller = &contents->controller();
+  LoginPromptBrowserTestObserver observer;
+
+  observer.Register(Source<NavigationController>(controller));
+
+  {
+    GURL test_page = test_server()->GetURL(kTestUrlPre);
+    WindowedLoadStopObserver load_stop_waiter(controller);
+    WindowedAuthNeededObserver auth_needed_waiter(controller);
+
+    browser()->OpenURL(test_page, GURL(), CURRENT_TAB, PageTransition::TYPED);
+    auth_needed_waiter.Wait();
+    ASSERT_FALSE(observer.handlers_.empty());
+    LoginHandler* handler = *observer.handlers_.begin();
+    ASSERT_TRUE(handler);
+    SetAuthFor(handler);
+    load_stop_waiter.Wait();
+  }
+
+  // The stale URL will result in a server response that includes a
+  // stale=true directive.  We should respond with a request generated
+  // using the cached credentials.  There should be no login prompt.
+  {
+    GURL test_page = test_server()->GetURL(kTestUrlStale);
+    WindowedLoadStopObserver load_stop_waiter(controller);
+    browser()->OpenURL(test_page, GURL(), CURRENT_TAB, PageTransition::TYPED);
+    load_stop_waiter.Wait();
+  }
+
+  {
+    GURL test_page = test_server()->GetURL(kTestUrlPost);
+    WindowedLoadStopObserver load_stop_waiter(controller);
+    WindowedAuthNeededObserver auth_needed_waiter(controller);
+
+    browser()->OpenURL(test_page, GURL(), CURRENT_TAB, PageTransition::TYPED);
+
+    // The OpenURL request should result in the server sending back a
+    // 401.  Chrome should at this point remove any cached credentials
+    // for this target and prompt for credentials.  The test server
+    // only sends one 401 request and if Chrome responds with cached
+    // credentials, the wait for AUTH_NEEDED will never complete.
+    auth_needed_waiter.Wait();
+    ASSERT_FALSE(observer.handlers_.empty());
+    LoginHandler* handler = *observer.handlers_.begin();
+    ASSERT_TRUE(handler);
+    SetAuthFor(handler);
+    load_stop_waiter.Wait();
+  }
+
+  EXPECT_TRUE(test_server()->Stop());
+}
 }  // namespace