| Index: net/tools/testserver/testserver.py
|
| diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
|
| index 871e540f8d272e5b69ed949ed0751dcf671a07dc..88ca09d114a726e9e15f2f3ac9c12f40bddf7b67 100755
|
| --- a/net/tools/testserver/testserver.py
|
| +++ b/net/tools/testserver/testserver.py
|
| @@ -932,15 +932,24 @@ class TestPageHandler(BasePageHandler):
|
| expected_password = 'secret'
|
| realm = 'testrealm'
|
| set_cookie_if_challenged = False
|
| + force_auth = False
|
|
|
| _, _, url_path, _, query, _ = urlparse.urlparse(self.path)
|
| query_params = cgi.parse_qs(query, True)
|
| + _, cookies = cgi.parse_header('Dummy; ' +
|
| + self.headers.getheader('cookie', ''))
|
| if 'set-cookie-if-challenged' in query_params:
|
| set_cookie_if_challenged = True
|
| if 'password' in query_params:
|
| expected_password = query_params['password'][0]
|
| if 'realm' in query_params:
|
| realm = query_params['realm'][0]
|
| + # The 'force' argument forces a single 401 response to a request
|
| + # even if it includes an 'Authorization' header. It sets the
|
| + # 'got_forced' cookie which prevents any subsequent requests from
|
| + # sending a 401.
|
| + if 'force' in query_params and 'got_forced' not in cookies:
|
| + force_auth = True
|
|
|
| auth = self.headers.getheader('authorization')
|
| try:
|
| @@ -951,6 +960,8 @@ class TestPageHandler(BasePageHandler):
|
| username, password = re.findall(r'([^:]+):(\S+)', userpass)[0]
|
| if password != expected_password:
|
| raise Exception('wrong password')
|
| + if force_auth:
|
| + raise Exception('Correct password. Re-requesting auth')
|
| except Exception, e:
|
| # Authentication failed.
|
| self.send_response(401)
|
| @@ -958,6 +969,8 @@ class TestPageHandler(BasePageHandler):
|
| self.send_header('Content-type', 'text/html')
|
| if set_cookie_if_challenged:
|
| self.send_header('Set-Cookie', 'got_challenged=true')
|
| + if force_auth:
|
| + self.send_header('Set-Cookie', 'got_forced=true')
|
| self.end_headers()
|
| self.wfile.write('<html><head>')
|
| self.wfile.write('<title>Denied: %s</title>' % e)
|
| @@ -1036,8 +1049,11 @@ class TestPageHandler(BasePageHandler):
|
| if not self._ShouldHandleRequest("/auth-digest"):
|
| return False
|
|
|
| + _, cookies = cgi.parse_header('Dummy; ' +
|
| + self.headers.getheader('cookie', ''))
|
| stale = 'stale' in self.path
|
| - nonce = self.GetNonce(force_reset=stale)
|
| + force = ('force' in self.path and 'got_forced' not in cookies)
|
| + nonce = self.GetNonce(force_reset=(stale or force))
|
| opaque = _new_md5('opaque').hexdigest()
|
| password = 'secret'
|
| realm = 'testrealm'
|
| @@ -1071,6 +1087,8 @@ class TestPageHandler(BasePageHandler):
|
|
|
| if pairs['response'] != response:
|
| raise Exception('wrong password')
|
| + if force:
|
| + raise Exception('Forcing')
|
| except Exception, e:
|
| # Authentication failed.
|
| self.send_response(401)
|
| @@ -1085,6 +1103,8 @@ class TestPageHandler(BasePageHandler):
|
| hdr += ', stale="TRUE"'
|
| self.send_header('WWW-Authenticate', hdr)
|
| self.send_header('Content-type', 'text/html')
|
| + if force:
|
| + self.send_header('Set-Cookie', 'got_forced=true')
|
| self.end_headers()
|
| self.wfile.write('<html><head>')
|
| self.wfile.write('<title>Denied: %s</title>' % e)
|
|
|
Chromium Code Reviews
Issue 6525035:
Invalidate credentials if the server rejects them. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src