Don't try to use explicit credentials with schemes that don't support it.

net/http/http_auth_controller_unittest.cc

Index: net/http/http_auth_controller_unittest.cc
diff --git a/net/http/http_auth_controller_unittest.cc b/net/http/http_auth_controller_unittest.cc
index fafc1e761332af90033a4260276ad6566123da06..7d4d05f3aee7dcb9c90f081ebddb851bfcd28304 100644
--- a/net/http/http_auth_controller_unittest.cc
+++ b/net/http/http_auth_controller_unittest.cc
@@ -28,6 +28,15 @@ enum SchemeState {
   SCHEME_IS_ENABLED
 };
 
+scoped_refptr<HttpResponseHeaders> HeadersFromString(const char* string) {
+  std::string raw_string(string);
+  std::string headers_string = HttpUtil::AssembleRawHeaders(
+      raw_string.c_str(), raw_string.length());
+  scoped_refptr<HttpResponseHeaders> headers(
+      new HttpResponseHeaders(headers_string));
+  return headers;
+}
+
 // Runs an HttpAuthController with a single round mock auth handler
 // that returns |handler_rv| on token generation.  The handler runs in
 // async if |run_mode| is RUN_HANDLER_ASYNC.  Upon completion, the
@@ -45,14 +54,10 @@ void RunSingleRoundAuthTest(HandlerRunMode run_mode,
   request.method = "GET";
   request.url = GURL("http://example.com");
 
-  const std::string headers_raw_string =
+  scoped_refptr<HttpResponseHeaders> headers(HeadersFromString(
       "HTTP/1.1 407\r\n"
       "Proxy-Authenticate: MOCK foo\r\n"
-      "\r\n";
-  std::string headers_string = HttpUtil::AssembleRawHeaders(
-      headers_raw_string.c_str(), headers_raw_string.length());
-  scoped_refptr<HttpResponseHeaders> headers(
-      new HttpResponseHeaders(headers_string));
+      "\r\n"));
 
   HttpAuthHandlerMock::Factory auth_handler_factory;
   HttpAuthHandlerMock* auth_handler = new HttpAuthHandlerMock();
@@ -67,7 +72,7 @@ void RunSingleRoundAuthTest(HandlerRunMode run_mode,
                              &dummy_auth_cache, &auth_handler_factory));
   ASSERT_EQ(OK,
             controller->HandleAuthChallenge(headers, false, false, dummy_log));
-  EXPECT_TRUE(controller->HaveAuthHandler());
+  ASSERT_TRUE(controller->HaveAuthHandler());
   controller->ResetAuth(string16(), string16());
   EXPECT_TRUE(controller->HaveAuth());
 
@@ -109,4 +114,67 @@ TEST(HttpAuthControllerTest, PermanentErrors) {
                          ERR_INVALID_AUTH_CREDENTIALS, SCHEME_IS_ENABLED);
 }
 
+// If an HttpAuthHandler indicates that it doesn't allow explicit
+// credentials, don't prompt for credentials.
+TEST(HttpAuthControllerTest, NoExplicitCredentialsAllowed) {
+  BoundNetLog dummy_log;
+  HttpAuthCache dummy_auth_cache;
+
+  HttpRequestInfo request;
+  request.method = "GET";
+  request.url = GURL("http://example.com");
+
+  scoped_refptr<HttpResponseHeaders> headers(HeadersFromString(
+      "HTTP/1.1 401\r\n"
+      "WWW-Authenticate: MOCK\r\n"
+      "\r\n"));
+
+  HttpAuthHandlerMock::Factory auth_handler_factory;
+
+  // auth_handler_1 is the handler for the first attempt at authentication.  It
+  // accepts the default identity and successfully constructs a token.
+  HttpAuthHandlerMock* auth_handler_1 = new HttpAuthHandlerMock();
+  auth_handler_1->SetGenerateExpectation(true, OK);
+  auth_handler_1->set_allows_default_credentials(true);
+  auth_handler_1->set_allows_explicit_credentials(false);
+  auth_handler_1->set_connection_based(true);
+  auth_handler_factory.AddMockHandler(auth_handler_1, HttpAuth::AUTH_SERVER);
+
+  // auth_handler_2 is the handler for the second attempt.  It should not be
+  // used to generate a token.  Instead the controller should realize that there
+  // are no viable identities to use with this handler and fail.

[cbentzel, 2011/08/30 14:16:51]

Should you do test that we fallback to a less-secure auth scheme in this case?
Not quite sure how to do it with the mocking infrastructure, though.

[asanka, 2011/08/30 18:55:44]

I added a mock class that pretends to be Basic and gives itself a lower score so
we can test failover to a weaker scheme.

+  HttpAuthHandlerMock* auth_handler_2 = new HttpAuthHandlerMock();
+  auth_handler_2->SetGenerateExpectation(true, ERR_UNEXPECTED);
+  auth_handler_2->set_allows_default_credentials(true);
+  auth_handler_2->set_allows_explicit_credentials(false);
+  auth_handler_2->set_connection_based(true);
+  auth_handler_factory.AddMockHandler(auth_handler_2, HttpAuth::AUTH_SERVER);
+  auth_handler_factory.set_do_init_from_challenge(true);
+
+  scoped_refptr<HttpAuthController> controller(
+      new HttpAuthController(HttpAuth::AUTH_SERVER,
+                             GURL("http://example.com"),
+                             &dummy_auth_cache, &auth_handler_factory));
+  ASSERT_EQ(OK,
+            controller->HandleAuthChallenge(headers, false, false, dummy_log));
+  ASSERT_TRUE(controller->HaveAuthHandler());
+  controller->ResetAuth(string16(), string16());
+  EXPECT_TRUE(controller->HaveAuth());
+
+  {
+    TestCompletionCallback callback;
+    int result = controller->MaybeGenerateAuthToken(&request, &callback,
+                                                    dummy_log);
+    EXPECT_EQ(ERR_IO_PENDING, result);
+    EXPECT_EQ(OK, callback.WaitForResult());
+  }
+
+  // Once a token is generated, simulate the receipt of a server response
+  // indicating that the authentication attempt was rejected.
+  EXPECT_EQ(OK,
+            controller->HandleAuthChallenge(headers, false, false, dummy_log));
+  EXPECT_FALSE(controller->HaveAuthHandler());
+  EXPECT_TRUE(controller->IsAuthSchemeDisabled(HttpAuth::AUTH_SCHEME_MOCK));
+}
+
 }  // namespace net