webRequest.onAuthRequired listeners can provide authentication credentials.

chrome/browser/extensions/extension_webrequest_api.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/extension_webrequest_api.h"
 
 #include <algorithm>
 
 #include "base/json/json_writer.h"
 #include "base/metrics/histogram.h"
@@ skipping 320 matching lines @@
   net::HttpRequestHeaders* request_headers;
 
   // The response headers that were received from the server. Only valid for
   // OnHeadersReceived.
   scoped_refptr<net::HttpResponseHeaders> original_response_headers;
 
   // Location where to override response headers. Only valid for
   // OnHeadersReceived.
   scoped_refptr<net::HttpResponseHeaders>* override_response_headers;
 
+  // If non-empty, this contains the auth credentials that may be filled in.
+  // Only valid for OnAuthRequired.
+  net::AuthCredentials* auth_credentials;
+
+  // The callback to invoke for auth. If |auth_callback.is_null()| is false,
+  // |callback| must be NULL.
+  // Only valid for OnAuthRequired.
+  net::NetworkDelegate::AuthCallback auth_callback;
+
   // Time the request was paused. Used for logging purposes.
   base::Time blocking_time;
 
   // Changes requested by extensions.
   EventResponseDeltas response_deltas;
 
   BlockedRequest()
       : request(NULL),
         event(kInvalidEvent),
         num_handlers_blocking(0),
         net_log(NULL),
         callback(NULL),
         new_url(NULL),
         request_headers(NULL),
-        override_response_headers(NULL) {}
+        override_response_headers(NULL),
+        auth_credentials(NULL) {}
 };
 
 bool ExtensionWebRequestEventRouter::RequestFilter::InitFromValue(
     const DictionaryValue& value, std::string* error) {
   for (DictionaryValue::key_iterator key = value.begin_keys();
        key != value.end_keys(); ++key) {
     if (*key == "urls") {
       ListValue* urls_value = NULL;
       if (!value.GetList("urls", &urls_value))
         return false;
@@ skipping 263 matching lines @@
     blocked_requests_[request->identifier()].net_log = &request->net_log();
     blocked_requests_[request->identifier()].override_response_headers =
         override_response_headers;
     blocked_requests_[request->identifier()].original_response_headers =
         original_response_headers;
     return net::ERR_IO_PENDING;
   }
   return net::OK;
 }
 
-void ExtensionWebRequestEventRouter::OnAuthRequired(
+net::NetworkDelegate::AuthRequiredResponse
+ExtensionWebRequestEventRouter::OnAuthRequired(
     void* profile,
     ExtensionInfoMap* extension_info_map,
     net::URLRequest* request,
-    const net::AuthChallengeInfo& auth_info) {
+    const net::AuthChallengeInfo& auth_info,
+    const net::NetworkDelegate::AuthCallback& callback,
+    net::AuthCredentials* credentials) {
+  // No profile means that this is for authentication challenges in the
+  // system context. Skip in that case.
   if (!profile)
-    return;
+    return net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION;
 
   if (!HasWebRequestScheme(request->url()))
-    return;
+    return net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION;
 
   int extra_info_spec = 0;
   std::vector<const EventListener*> listeners =
       GetMatchingListeners(profile, extension_info_map,
                            keys::kOnAuthRequired, request, &extra_info_spec);
   if (listeners.empty())
-    return;
+    return net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION;
 
   ListValue args;
   DictionaryValue* dict = new DictionaryValue();
   ExtractRequestInfo(request, dict);
   dict->SetBoolean(keys::kIsProxyKey, auth_info.is_proxy);
   if (!auth_info.scheme.empty())
     dict->SetString(keys::kSchemeKey, auth_info.scheme);
   if (!auth_info.realm.empty())
     dict->SetString(keys::kRealmKey, auth_info.realm);
   DictionaryValue* challenger = new DictionaryValue();
   challenger->SetString(keys::kHostKey, auth_info.challenger.host());
   challenger->SetInteger(keys::kPortKey, auth_info.challenger.port());
   dict->Set(keys::kChallengerKey, challenger);
   dict->Set(keys::kStatusLineKey, GetStatusLine(request->response_headers()));
   if (extra_info_spec & ExtraInfoSpec::RESPONSE_HEADERS) {
     dict->Set(keys::kResponseHeadersKey,
               GetResponseHeadersList(request->response_headers()));
   }
   args.Append(dict);
 
-  DispatchEvent(profile, request, listeners, args);
+  if (DispatchEvent(profile, request, listeners, args)) {
+    blocked_requests_[request->identifier()].event = kOnAuthRequired;
+    blocked_requests_[request->identifier()].auth_callback = callback;
+    blocked_requests_[request->identifier()].auth_credentials = credentials;
+    blocked_requests_[request->identifier()].net_log = &request->net_log();
+    return net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_IO_PENDING;
+  }
+  return net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION;
 }
 
 void ExtensionWebRequestEventRouter::OnBeforeRedirect(
     void* profile,
     ExtensionInfoMap* extension_info_map,
     net::URLRequest* request,
     const GURL& new_location) {
   if (!profile)
     return;
 
@@ skipping 453 matching lines @@
           old_headers->GetStatusLine() + "\n" +
           response->response_headers_string;
 
       result->new_response_headers =
           new net::HttpResponseHeaders(
               net::HttpUtil::AssembleRawHeaders(new_headers_string.c_str(),
                                                 new_headers_string.length()));
     }
   }
 
+  if (blocked_request->event == kOnAuthRequired)
+    result->auth_credentials.swap(response->auth_credentials);
+
   return result;
 }
 
 void ExtensionWebRequestEventRouter::MergeOnBeforeRequestResponses(
     BlockedRequest* request,
     std::list<std::string>* conflicting_extensions) const {
   EventResponseDeltas::iterator delta;
   EventResponseDeltas& deltas = request->response_deltas;
 
   bool redirected = false;
@@ skipping 24 matching lines @@
   EventResponseDeltas& deltas = request->response_deltas;
 
   // Here we collect which headers we have removed or set to new values
   // so far due to extensions of higher precedence.
   std::set<std::string> removed_headers;
   std::set<std::string> set_headers;
 
   // We assume here that the deltas are sorted in decreasing extension
   // precedence (i.e. decreasing extension installation time).
   for (delta = deltas.begin(); delta != deltas.end(); ++delta) {
-
     if ((*delta)->modified_request_headers.IsEmpty() &&
         (*delta)->deleted_request_headers.empty()) {
       continue;
     }
 
     scoped_refptr<NetLogModificationParameter> log(
         new NetLogModificationParameter((*delta)->extension_id));
 
     // Check whether any modification affects a request header that
     // has been modified differently before. As deltas is sorted by decreasing
@@ skipping 102 matching lines @@
     } else {
       conflicting_extensions->push_back((*delta)->extension_id);
       request->net_log->AddEvent(
           net::NetLog::TYPE_CHROME_EXTENSION_IGNORED_DUE_TO_CONFLICT,
           make_scoped_refptr(
               new NetLogExtensionIdParameter((*delta)->extension_id)));
     }
   }
 }
 
+bool ExtensionWebRequestEventRouter::MergeOnAuthRequiredResponses(
+    BlockedRequest* request,
+    std::list<std::string>* conflicting_extensions) const {
+  CHECK(request);
+  CHECK(request->auth_credentials);
+  bool credentials_set = false;
+
+  const EventResponseDeltas& deltas = request->response_deltas;
+  for (EventResponseDeltas::const_iterator delta = deltas.begin();
+       delta != deltas.end();
+       ++delta) {
+    if (!(*delta)->auth_credentials.get())
+      continue;
+    if (credentials_set) {
+      conflicting_extensions->push_back((*delta)->extension_id);
+      request->net_log->AddEvent(
+          net::NetLog::TYPE_CHROME_EXTENSION_IGNORED_DUE_TO_CONFLICT,
+          make_scoped_refptr(
+              new NetLogExtensionIdParameter((*delta)->extension_id)));
+    } else {
+      request->net_log->AddEvent(
+          net::NetLog::TYPE_CHROME_EXTENSION_PROVIDE_AUTH_CREDENTIALS,
+          make_scoped_refptr(
+              new NetLogExtensionIdParameter((*delta)->extension_id)));
+      *request->auth_credentials = *(*delta)->auth_credentials;
+      credentials_set = true;
+    }
+  }
+  return credentials_set;
+}
+
 void ExtensionWebRequestEventRouter::DecrementBlockCount(
     void* profile,
     const std::string& extension_id,
     const std::string& event_name,
     uint64 request_id,
     EventResponse* response) {
   scoped_ptr<EventResponse> response_scoped(response);
 
   // It's possible that this request was deleted, or cancelled by a previous
   // event handler. If so, ignore this response.
@@ skipping 10 matching lines @@
   }
 
   base::TimeDelta block_time =
       base::Time::Now() - blocked_request.blocking_time;
   request_time_tracker_->IncrementExtensionBlockTime(
       extension_id, request_id, block_time);
 
   if (num_handlers_blocking == 0) {
     request_time_tracker_->IncrementTotalBlockTime(request_id, block_time);
 
-    EventResponseDeltas::iterator i;
     EventResponseDeltas& deltas = blocked_request.response_deltas;
-
     bool canceled = false;
-    for (i = deltas.begin(); i != deltas.end(); ++i) {
+    bool credentials_set = false;
+    for (EventResponseDeltas::const_iterator i = deltas.begin();
+         i != deltas.end(); ++i) {
       if ((*i)->cancel) {
-        canceled = true;
-        blocked_request.net_log->AddEvent(
+       canceled = true;
+       blocked_request.net_log->AddEvent(
             net::NetLog::TYPE_CHROME_EXTENSION_ABORTED_REQUEST,
             make_scoped_refptr(
                 new NetLogExtensionIdParameter((*i)->extension_id)));
         break;
       }
     }
 
     deltas.sort(&InDecreasingExtensionInstallationTimeOrder);
     std::list<std::string> conflicting_extensions;
 
     if (blocked_request.event == kOnBeforeRequest) {
       CHECK(blocked_request.callback);
-      MergeOnBeforeRequestResponses(&blocked_request, &conflicting_extensions);
+      MergeOnBeforeRequestResponses(&blocked_request,
+                                    &conflicting_extensions);
     } else if (blocked_request.event == kOnBeforeSendHeaders) {
       CHECK(blocked_request.callback);
       MergeOnBeforeSendHeadersResponses(&blocked_request,
                                         &conflicting_extensions);
     } else if (blocked_request.event == kOnHeadersReceived) {
       CHECK(blocked_request.callback);
       MergeOnHeadersReceivedResponses(&blocked_request,
                                       &conflicting_extensions);
+    } else if (blocked_request.event == kOnAuthRequired) {
+      CHECK(!blocked_request.callback);
+      CHECK(!blocked_request.auth_callback.is_null());
+      credentials_set = MergeOnAuthRequiredResponses(
+         &blocked_request,
+         &conflicting_extensions);
     } else {
       NOTREACHED();
     }
     std::list<std::string>::iterator conflict_iter;
     for (conflict_iter = conflicting_extensions.begin();
          conflict_iter != conflicting_extensions.end();
          ++conflict_iter) {
       // TODO(mpcomplete): Do some fancy notification in the UI.
       LOG(ERROR) << "Extension " << *conflict_iter << " was ignored in "
                     "webRequest API because of conflicting request "
@@ skipping 10 matching lines @@
     // This signals a failed request to subscribers of onErrorOccurred in case
     // a request is cancelled because net::ERR_EMPTY_RESPONSE cannot be
     // distinguished from a regular failure.
     if (blocked_request.callback) {
       int rv = canceled ? net::ERR_EMPTY_RESPONSE : net::OK;
       net::OldCompletionCallback* callback = blocked_request.callback;
       // Ensure that request is removed before callback because the callback
       // might trigger the next event.
       blocked_requests_.erase(request_id);
       callback->Run(rv);
+    } else if (!blocked_request.auth_callback.is_null()) {
+      net::NetworkDelegate::AuthRequiredResponse response =
+          net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION;
+      if (canceled) {

[battre, 2011/10/10 13:47:03]

This is a change the semantics of "cancel". The meaning in other signal handlers
is "cancel the request, don't send any more messages to the server".

[cbentzel, 2011/10/10 13:59:54]

This is actually the case as well here - it just displays whatever page was sent
with the 401/407 response. In this case, we don't resend the request with auth
credentials, nor do we allow the URLRequest::Delegate handle it.

[battre, 2011/10/10 14:32:13]

SGTM

+        response = net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_CANCEL_AUTH;
+      } else if (credentials_set) {
+        response = net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_SET_AUTH;
+      }
+      net::NetworkDelegate::AuthCallback callback =
+          blocked_request.auth_callback;
+      blocked_requests_.erase(request_id);
+      callback.Run(response);
     } else {
       blocked_requests_.erase(request_id);
     }
   } else {
     // Update the URLRequest to indicate it is now blocked on a different
     // extension.
     std::set<EventListener>& listeners = listeners_[profile][event_name];
 
     for (std::set<EventListener>::iterator it = listeners.begin();
          it != listeners.end(); ++it) {
@@ skipping 152 matching lines @@
         EXTENSION_FUNCTION_VALIDATE(
             header_value->GetString(keys::kHeaderNameKey, &name));
         EXTENSION_FUNCTION_VALIDATE(
             header_value->GetString(keys::kHeaderValueKey, &value));
 
         response_headers_string += name + ": " + value + '\n';
       }
       response_headers_string += '\n';
       response->response_headers_string.swap(response_headers_string);
     }
+
+    if (value->HasKey(keys::kAuthCredentialsKey)) {
+      DictionaryValue* credentials_value = NULL;
+      EXTENSION_FUNCTION_VALIDATE(value->GetDictionary(
+          keys::kAuthCredentialsKey,
+          &credentials_value));
+      response->auth_credentials.reset(new net::AuthCredentials());
+      EXTENSION_FUNCTION_VALIDATE(
+          credentials_value->GetString(keys::kUsernameKey,
+                                       &response->auth_credentials->username));
+      EXTENSION_FUNCTION_VALIDATE(
+          credentials_value->GetString(keys::kPasswordKey,
+                                       &response->auth_credentials->password));
+    }
   }
 
   ExtensionWebRequestEventRouter::GetInstance()->OnEventHandled(
       profile_id(), extension_id(), event_name, sub_event_name, request_id,
       response.release());
 
   return true;
 }
 
 bool WebRequestHandlerBehaviorChanged::RunImpl() {
   WebCacheManager::GetInstance()->ClearCacheOnNavigation();
   return true;
 }