[net/auth] Discard current handler token generation fails.

net/http/http_auth_controller.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_auth_controller.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string_util.h"
@@ skipping 463 matching lines @@
 int HttpAuthController::HandleGenerateTokenResult(int result) {
   DCHECK(CalledOnValidThread());
   switch (result) {
     case ERR_INVALID_AUTH_CREDENTIALS:
       // If the GenerateAuthToken call fails with this error, this means that
       // the handler can no longer be used. However, the authentication scheme
       // is considered still usable. This allows a scheme that attempted and
       // failed to use default credentials to recover and use explicit
       // credentials.
       //
       // If the handler does not support any remaining identity sources, then

[mmenke, 2016/11/14 18:03:49]

"The handler" seems incorrect here, since we're destroying it.

[asanka, 2016/11/14 18:49:52]

DOne.

       // the authentication controller will pick another authentication handler.
+      InvalidateCurrentHandler(INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS);
       auth_token_.clear();
       return OK;
 
     // Occurs with GSSAPI, if the user has not already logged in.
     case ERR_MISSING_AUTH_CREDENTIALS:
 
     // Can occur with GSSAPI or SSPI if the underlying library reports
     // a permanent error.
     case ERR_UNSUPPORTED_AUTH_SCHEME:
 
     // These two error codes represent failures we aren't handling.
     case ERR_UNEXPECTED_SECURITY_LIBRARY_STATUS:
     case ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS:
 
     // Can be returned by SSPI if the authenticating authority or
     // target is not known.
     case ERR_MISCONFIGURED_AUTH_ENVIRONMENT:
 
       // In these cases, disable the current scheme as it cannot
       // succeed.
-      DisableAuthScheme(handler_->auth_scheme());
+      InvalidateCurrentHandler(INVALIDATE_HANDLER_AND_DISABLE_SCHEME);

[mmenke, 2016/11/14 18:03:49]

None of the new tests exercise this, do they?

[asanka, 2016/11/14 18:49:53]

Not the new tests. But existing tests in the GenerateAuthToken suite do. You can
find them by searching the test cases for ERR_UNSUPPORTED_AUTH_SCHEME.

       auth_token_.clear();
       return OK;
 
     default:
       return result;
   }
 }
 
 void HttpAuthController::OnIOComplete(int result) {

[mmenke, 2016/11/14 18:03:49]

Mind renaming this while you're here?  This isn't a general DoLoop entry point,
but rather a specific callback for GenerateAuthToken.

[mmenke, 2016/11/14 19:01:21]

Missed this one?

[asanka, 2016/11/14 21:10:14]

Oops. Done.

   DCHECK(CalledOnValidThread());
   result = HandleGenerateTokenResult(result);
   if (!callback_.is_null()) {
     CompletionCallback c = callback_;
     callback_.Reset();
     c.Run(result);
   }
 }
 
 scoped_refptr<AuthChallengeInfo> HttpAuthController::auth_info() {
@@ skipping 10 matching lines @@
   DCHECK(CalledOnValidThread());
   disabled_schemes_.insert(scheme);
 }
 
 void HttpAuthController::DisableEmbeddedIdentity() {
   DCHECK(CalledOnValidThread());
   embedded_identity_used_ = true;
 }
 
 }  // namespace net