| Index: chrome/browser/ui/login/login_prompt_browsertest.cc
|
| diff --git a/chrome/browser/ui/login/login_prompt_browsertest.cc b/chrome/browser/ui/login/login_prompt_browsertest.cc
|
| index 8f0d5327390e6ddd439fcf1cb9afe6d952d850c3..f5c6a8b5fd6972e27817e5abc5fc6cc1cff83d12 100644
|
| --- a/chrome/browser/ui/login/login_prompt_browsertest.cc
|
| +++ b/chrome/browser/ui/login/login_prompt_browsertest.cc
|
| @@ -1076,4 +1076,183 @@ IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest,
|
| EXPECT_TRUE(test_server()->Stop());
|
| }
|
|
|
| +// If an XMLHttpRequest is made with incorrect credentials, there should be no
|
| +// login prompt; instead the 401 status should be returned to the script.
|
| +IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest,
|
| + NoLoginPromptForXHRWithBadCredentials) {
|
| + const char* kXHRTestPage = "files/login/xhr_with_credentials.html#incorrect";
|
| +
|
| + ASSERT_TRUE(test_server()->Start());
|
| +
|
| + content::WebContents* contents =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + NavigationController* controller = &contents->GetController();
|
| + LoginPromptBrowserTestObserver observer;
|
| +
|
| + observer.Register(content::Source<NavigationController>(controller));
|
| +
|
| + // Load a page which makes a synchronous XMLHttpRequest for an authenticated
|
| + // resource with the wrong credentials. There should be no login prompt.
|
| + {
|
| + GURL test_page = test_server()->GetURL(kXHRTestPage);
|
| + WindowedLoadStopObserver load_stop_waiter(controller, 1);
|
| + browser()->OpenURL(OpenURLParams(
|
| + test_page, Referrer(), CURRENT_TAB, content::PAGE_TRANSITION_TYPED,
|
| + false));
|
| + load_stop_waiter.Wait();
|
| + }
|
| +
|
| + base::string16 expected_title(base::UTF8ToUTF16("status=401"));
|
| +
|
| + EXPECT_EQ(expected_title, contents->GetTitle());
|
| + EXPECT_EQ(0, observer.auth_supplied_count_);
|
| + EXPECT_EQ(0, observer.auth_needed_count_);
|
| + EXPECT_EQ(0, observer.auth_cancelled_count_);
|
| + EXPECT_TRUE(test_server()->Stop());
|
| +}
|
| +
|
| +// If an XMLHttpRequest is made with correct credentials, there should be no
|
| +// login prompt either.
|
| +IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest,
|
| + NoLoginPromptForXHRWithGoodCredentials) {
|
| + const char* kXHRTestPage = "files/login/xhr_with_credentials.html#secret";
|
| +
|
| + ASSERT_TRUE(test_server()->Start());
|
| +
|
| + content::WebContents* contents =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + NavigationController* controller = &contents->GetController();
|
| + LoginPromptBrowserTestObserver observer;
|
| +
|
| + observer.Register(content::Source<NavigationController>(controller));
|
| +
|
| + // Load a page which makes a synchronous XMLHttpRequest for an authenticated
|
| + // resource with the wrong credentials. There should be no login prompt.
|
| + {
|
| + GURL test_page = test_server()->GetURL(kXHRTestPage);
|
| + WindowedLoadStopObserver load_stop_waiter(controller, 1);
|
| + browser()->OpenURL(OpenURLParams(
|
| + test_page, Referrer(), CURRENT_TAB, content::PAGE_TRANSITION_TYPED,
|
| + false));
|
| + load_stop_waiter.Wait();
|
| + }
|
| +
|
| + base::string16 expected_title(base::UTF8ToUTF16("status=200"));
|
| +
|
| + EXPECT_EQ(expected_title, contents->GetTitle());
|
| + EXPECT_EQ(0, observer.auth_supplied_count_);
|
| + EXPECT_EQ(0, observer.auth_needed_count_);
|
| + EXPECT_EQ(0, observer.auth_cancelled_count_);
|
| + EXPECT_TRUE(test_server()->Stop());
|
| +}
|
| +
|
| +// If an XMLHttpRequest is made without credentials, there should be a login
|
| +// prompt.
|
| +IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest,
|
| + LoginPromptForXHRWithoutCredentials) {
|
| + const char* kXHRTestPage = "files/login/xhr_without_credentials.html";
|
| +
|
| + ASSERT_TRUE(test_server()->Start());
|
| +
|
| + content::WebContents* contents =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + NavigationController* controller = &contents->GetController();
|
| + LoginPromptBrowserTestObserver observer;
|
| +
|
| + observer.Register(content::Source<NavigationController>(controller));
|
| +
|
| + // Load a page which makes a synchronous XMLHttpRequest for an authenticated
|
| + // resource with the wrong credentials. There should be no login prompt.
|
| + {
|
| + GURL test_page = test_server()->GetURL(kXHRTestPage);
|
| + WindowedAuthNeededObserver auth_needed_waiter(controller);
|
| + browser()->OpenURL(OpenURLParams(
|
| + test_page, Referrer(), CURRENT_TAB, content::PAGE_TRANSITION_TYPED,
|
| + false));
|
| + auth_needed_waiter.Wait();
|
| + }
|
| +
|
| + ASSERT_FALSE(observer.handlers_.empty());
|
| + {
|
| + WindowedAuthNeededObserver auth_needed_waiter(controller);
|
| + WindowedAuthSuppliedObserver auth_supplied_waiter(controller);
|
| + LoginHandler* handler = *observer.handlers_.begin();
|
| +
|
| + ASSERT_TRUE(handler);
|
| + handler->SetAuth(base::UTF8ToUTF16(bad_username_),
|
| + base::UTF8ToUTF16(bad_password_));
|
| + auth_supplied_waiter.Wait();
|
| +
|
| + // The request should be retried after the incorrect password is
|
| + // supplied. This should result in a new AUTH_NEEDED notification
|
| + // for the same realm.
|
| + auth_needed_waiter.Wait();
|
| + }
|
| +
|
| + ASSERT_EQ(1u, observer.handlers_.size());
|
| + WindowedAuthSuppliedObserver auth_supplied_waiter(controller);
|
| + LoginHandler* handler = *observer.handlers_.begin();
|
| +
|
| + base::string16 username(base::UTF8ToUTF16(username_digest_));
|
| + base::string16 password(base::UTF8ToUTF16(password_));
|
| + handler->SetAuth(username, password);
|
| + auth_supplied_waiter.Wait();
|
| +
|
| + WindowedLoadStopObserver load_stop_waiter(controller, 1);
|
| + load_stop_waiter.Wait();
|
| +
|
| + base::string16 expected_title(base::UTF8ToUTF16("status=200"));
|
| +
|
| + EXPECT_EQ(expected_title, contents->GetTitle());
|
| + EXPECT_EQ(2, observer.auth_supplied_count_);
|
| + EXPECT_EQ(2, observer.auth_needed_count_);
|
| + EXPECT_EQ(0, observer.auth_cancelled_count_);
|
| + EXPECT_TRUE(test_server()->Stop());
|
| +}
|
| +
|
| +// If an XMLHttpRequest is made without credentials, there should be a login
|
| +// prompt. If it's cancelled, the script should get a 401 status.
|
| +IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest,
|
| + LoginPromptForXHRWithoutCredentialsCancelled) {
|
| + const char* kXHRTestPage = "files/login/xhr_without_credentials.html";
|
| +
|
| + ASSERT_TRUE(test_server()->Start());
|
| +
|
| + content::WebContents* contents =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + NavigationController* controller = &contents->GetController();
|
| + LoginPromptBrowserTestObserver observer;
|
| +
|
| + observer.Register(content::Source<NavigationController>(controller));
|
| +
|
| + // Load a page which makes a synchronous XMLHttpRequest for an authenticated
|
| + // resource with the wrong credentials. There should be no login prompt.
|
| + {
|
| + GURL test_page = test_server()->GetURL(kXHRTestPage);
|
| + WindowedAuthNeededObserver auth_needed_waiter(controller);
|
| + browser()->OpenURL(OpenURLParams(
|
| + test_page, Referrer(), CURRENT_TAB, content::PAGE_TRANSITION_TYPED,
|
| + false));
|
| + auth_needed_waiter.Wait();
|
| + }
|
| +
|
| + ASSERT_EQ(1u, observer.handlers_.size());
|
| + WindowedAuthCancelledObserver auth_cancelled_waiter(controller);
|
| + LoginHandler* handler = *observer.handlers_.begin();
|
| +
|
| + handler->CancelAuth();
|
| + auth_cancelled_waiter.Wait();
|
| +
|
| + WindowedLoadStopObserver load_stop_waiter(controller, 1);
|
| + load_stop_waiter.Wait();
|
| +
|
| + base::string16 expected_title(base::UTF8ToUTF16("status=401"));
|
| +
|
| + EXPECT_EQ(expected_title, contents->GetTitle());
|
| + EXPECT_EQ(0, observer.auth_supplied_count_);
|
| + EXPECT_EQ(1, observer.auth_needed_count_);
|
| + EXPECT_EQ(1, observer.auth_cancelled_count_);
|
| + EXPECT_TRUE(test_server()->Stop());
|
| +}
|
| +
|
| } // namespace
|
|
|
Chromium Code Reviews
Issue 143903003:
Disable HTTP authentication dialog for XHR with credentials (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master