[net/auth] Discard current handler token generation fails.

net/http/http_auth_controller.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_auth_controller.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string_util.h"
@@ skipping 138 matching lines @@
   bool needs_auth = HaveAuth() || SelectPreemptiveAuth(net_log);
   if (!needs_auth)
     return OK;
   const AuthCredentials* credentials = NULL;
   if (identity_.source != HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS)
     credentials = &identity_.credentials;
   DCHECK(auth_token_.empty());
   DCHECK(callback_.is_null());
   int rv = handler_->GenerateAuthToken(
       credentials, request,
-      base::Bind(&HttpAuthController::OnIOComplete, base::Unretained(this)),
+      base::Bind(&HttpAuthController::OnGenerateAuthTokenDone,
+                 base::Unretained(this)),
       &auth_token_);
 
   if (rv == ERR_IO_PENDING) {
     callback_ = callback;
     return rv;
   }
 
   return HandleGenerateTokenResult(rv);
 }
 
@@ skipping 304 matching lines @@
 int HttpAuthController::HandleGenerateTokenResult(int result) {
   DCHECK(CalledOnValidThread());
   switch (result) {
     case ERR_INVALID_AUTH_CREDENTIALS:
       // If the GenerateAuthToken call fails with this error, this means that
       // the handler can no longer be used. However, the authentication scheme
       // is considered still usable. This allows a scheme that attempted and
       // failed to use default credentials to recover and use explicit
       // credentials.
       //
-      // If the handler does not support any remaining identity sources, then
-      // the authentication controller will pick another authentication handler.
+      // The current handler may be tied to external state that is no longer
+      // valid, hence should be discarded. Since the scheme is still valid, a
+      // new handler can be created for the current scheme.
+      InvalidateCurrentHandler(INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS);
       auth_token_.clear();
       return OK;
 
     // Occurs with GSSAPI, if the user has not already logged in.
     case ERR_MISSING_AUTH_CREDENTIALS:
 
     // Can occur with GSSAPI or SSPI if the underlying library reports
     // a permanent error.
     case ERR_UNSUPPORTED_AUTH_SCHEME:
 
     // These two error codes represent failures we aren't handling.
     case ERR_UNEXPECTED_SECURITY_LIBRARY_STATUS:
     case ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS:
 
     // Can be returned by SSPI if the authenticating authority or
     // target is not known.
     case ERR_MISCONFIGURED_AUTH_ENVIRONMENT:
 
       // In these cases, disable the current scheme as it cannot
       // succeed.
-      DisableAuthScheme(handler_->auth_scheme());
+      InvalidateCurrentHandler(INVALIDATE_HANDLER_AND_DISABLE_SCHEME);
       auth_token_.clear();
       return OK;
 
     default:
       return result;
   }
 }
 
-void HttpAuthController::OnIOComplete(int result) {
+void HttpAuthController::OnGenerateAuthTokenDone(int result) {
   DCHECK(CalledOnValidThread());
   result = HandleGenerateTokenResult(result);
   if (!callback_.is_null()) {
     CompletionCallback c = callback_;
     callback_.Reset();
     c.Run(result);
   }
 }
 
 scoped_refptr<AuthChallengeInfo> HttpAuthController::auth_info() {
@@ skipping 10 matching lines @@
   DCHECK(CalledOnValidThread());
   disabled_schemes_.insert(scheme);
 }
 
 void HttpAuthController::DisableEmbeddedIdentity() {
   DCHECK(CalledOnValidThread());
   embedded_identity_used_ = true;
 }
 
 }  // namespace net