Use AuthCredentials throughout the network stack instead of username/password.

net/http/http_auth_controller.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_auth_controller.h"
 
 #include "base/metrics/histogram.h"
 #include "base/string_util.h"
 #include "base/threading/platform_thread.h"
 #include "base/utf_string_conversions.h"
@@ skipping 161 matching lines @@
   user_callback_ = NULL;
 }
 
 int HttpAuthController::MaybeGenerateAuthToken(const HttpRequestInfo* request,
                                                OldCompletionCallback* callback,
                                                const BoundNetLog& net_log) {
   DCHECK(CalledOnValidThread());
   bool needs_auth = HaveAuth() || SelectPreemptiveAuth(net_log);
   if (!needs_auth)
     return OK;
-  const string16* username = NULL;
-  const string16* password = NULL;
-  if (identity_.source != HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS) {
-    username = &identity_.username;
-    password = &identity_.password;
-  }
+  const AuthCredentials* credentials = NULL;
+  if (identity_.source != HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS)
+    credentials = &identity_.credentials;
   DCHECK(auth_token_.empty());
   DCHECK(NULL == user_callback_);
-  int rv = handler_->GenerateAuthToken(username,
-                                       password,
+  int rv = handler_->GenerateAuthToken(credentials,
                                        request,
                                        &io_callback_,
                                        &auth_token_);
   if (DisableOnAuthHandlerResult(rv))
     rv = OK;
   if (rv == ERR_IO_PENDING)
     user_callback_ = callback;
   else
     OnIOComplete(rv);
   return rv;
@@ skipping 24 matching lines @@
       CreatePreemptiveAuthHandlerFromString(entry->auth_challenge(), target_,
                                             auth_origin_,
                                             entry->IncrementNonceCount(),
                                             net_log, &handler_preemptive);
   if (rv_create != OK)
     return false;
 
   // Set the state
   identity_.source = HttpAuth::IDENT_SRC_PATH_LOOKUP;
   identity_.invalid = false;
-  identity_.username = entry->username();
-  identity_.password = entry->password();
+  identity_.credentials = entry->credentials();
   handler_.swap(handler_preemptive);
   return true;
 }
 
 void HttpAuthController::AddAuthorizationHeader(
     HttpRequestHeaders* authorization_headers) {
   DCHECK(CalledOnValidThread());
   DCHECK(HaveAuth());
   // auth_token_ can be empty if we encountered a permanent error with
   // the auth scheme and want to retry.
@@ skipping 126 matching lines @@
 
     // If we get here and we don't have a handler_, that's because we
     // invalidated it due to not having any viable identities to use with it. Go
     // back and try again.
     // TODO(asanka): Instead we should create a priority list of
     //     <handler,identity> and iterate through that.
   } while(!handler_.get());
   return OK;
 }
 
-void HttpAuthController::ResetAuth(const string16& username,
-                                   const string16& password) {
+void HttpAuthController::ResetAuth(const AuthCredentials& credentials) {
   DCHECK(CalledOnValidThread());
-  DCHECK(identity_.invalid || (username.empty() && password.empty()));
+  DCHECK(identity_.invalid || credentials.Empty());
 
   if (identity_.invalid) {
     // Update the username/password.
     identity_.source = HttpAuth::IDENT_SRC_EXTERNAL;
     identity_.invalid = false;
-    identity_.username = username;
-    identity_.password = password;
+    identity_.credentials = credentials;
   }
 
   DCHECK(identity_.source != HttpAuth::IDENT_SRC_PATH_LOOKUP);
 
   // Add the auth entry to the cache before restarting. We don't know whether
   // the identity is valid yet, but if it is valid we want other transactions
   // to know about it. If an entry for (origin, handler->realm()) already
   // exists, we update it.
   //
   // If identity_.source is HttpAuth::IDENT_SRC_NONE or
   // HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS, identity_ contains no
   // identity because identity is not required yet or we're using default
   // credentials.
   //
   // TODO(wtc): For NTLM_SSPI, we add the same auth entry to the cache in
   // round 1 and round 2, which is redundant but correct.  It would be nice
   // to add an auth entry to the cache only once, preferrably in round 1.
   // See http://crbug.com/21015.
   switch (identity_.source) {
     case HttpAuth::IDENT_SRC_NONE:
     case HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS:
       break;
     default:
       http_auth_cache_->Add(auth_origin_, handler_->realm(),
                             handler_->auth_scheme(), handler_->challenge(),
-                            identity_.username, identity_.password,
-                            auth_path_);
+                            identity_.credentials, auth_path_);
       break;
   }
 }
 
 bool HttpAuthController::HaveAuthHandler() const {
   return handler_.get() != NULL;
 }
 
 bool HttpAuthController::HaveAuth() const {
   return handler_.get() && !identity_.invalid;
@@ skipping 13 matching lines @@
 }
 
 void HttpAuthController::InvalidateRejectedAuthFromCache() {
   DCHECK(CalledOnValidThread());
   DCHECK(HaveAuth());
 
   // Clear the cache entry for the identity we just failed on.
   // Note: we require the username/password to match before invalidating
   // since the entry in the cache may be newer than what we used last time.
   http_auth_cache_->Remove(auth_origin_, handler_->realm(),
-                           handler_->auth_scheme(), identity_.username,
-                           identity_.password);
+                           handler_->auth_scheme(), identity_.credentials);
 }
 
 bool HttpAuthController::SelectNextAuthIdentityToTry() {
   DCHECK(CalledOnValidThread());
   DCHECK(handler_.get());
   DCHECK(identity_.invalid);
 
   // Try to use the username/password encoded into the URL first.
   if (target_ == HttpAuth::AUTH_SERVER && auth_url_.has_username() &&
       !embedded_identity_used_) {
     identity_.source = HttpAuth::IDENT_SRC_URL;
     identity_.invalid = false;
     // Extract the username:password from the URL.
-    GetIdentityFromURL(auth_url_,
-                       &identity_.username,
-                       &identity_.password);
+    string16 username;
+    string16 password;
+    GetIdentityFromURL(auth_url_, &username, &password);
+    identity_.credentials.Set(username, password);
     embedded_identity_used_ = true;
     // TODO(eroman): If the password is blank, should we also try combining
     // with a password from the cache?
     return true;
   }
 
   // Check the auth cache for a realm entry.
   HttpAuthCache::Entry* entry =
       http_auth_cache_->Lookup(auth_origin_, handler_->realm(),
                                handler_->auth_scheme());
 
   if (entry) {
     identity_.source = HttpAuth::IDENT_SRC_REALM_LOOKUP;
     identity_.invalid = false;
-    identity_.username = entry->username();
-    identity_.password = entry->password();
+    identity_.credentials = entry->credentials();
     return true;
   }
 
   // Use default credentials (single sign on) if this is the first attempt
   // at identity.  Do not allow multiple times as it will infinite loop.
   // We use default credentials after checking the auth cache so that if
   // single sign-on doesn't work, we won't try default credentials for future
   // transactions.
   if (!default_credentials_used_ && handler_->AllowsDefaultCredentials()) {
     identity_.source = HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS;
@@ skipping 68 matching lines @@
   DCHECK(CalledOnValidThread());
   return disabled_schemes_.find(scheme) != disabled_schemes_.end();
 }
 
 void HttpAuthController::DisableAuthScheme(HttpAuth::Scheme scheme) {
   DCHECK(CalledOnValidThread());
   disabled_schemes_.insert(scheme);
 }
 
 }  // namespace net