[net/auth] Reset AuthChallengeInfo before picking a new HttpAuthHandler.

net/http/http_auth_controller.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_auth_controller.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string_util.h"
@@ skipping 259 matching lines @@
             INVALIDATE_HANDLER :
             INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS);
         break;
       default:
         NOTREACHED();
         break;
     }
   }
 
   identity_.invalid = true;
+  auth_info_ = nullptr;

[mmenke, 2016/11/17 16:07:19]

Can this be put at the start of this method?  I don't think anything needs to
know about the previous auth challenge.

[mmenke, 2016/11/17 16:07:19]

Please add a comment along the lines:  "Clear information about the previous
auth challenge."  As-is, it's non-obvious that this is the old challenge, and
not the new one.

[asanka, 2016/11/17 18:01:25]

I moved it all the way up to ResetAuth and commented there. Reasoning for this
is in the CL description.

 
   bool can_send_auth = (target_ != HttpAuth::AUTH_SERVER ||
                         !do_not_send_server_auth);
 
   do {
     if (!handler_.get() && can_send_auth) {
       // Find the best authentication challenge that we support.
       HttpAuth::ChooseBestChallenge(http_auth_handler_factory_, *headers,
                                     ssl_info, target_, auth_origin_,
                                     disabled_schemes_, net_log, &handler_);
@@ skipping 29 matching lines @@
       // We have exhausted all identity possibilities.
       if (!handler_->AllowsExplicitCredentials()) {
         // If the handler doesn't accept explicit credentials, then we need to
         // choose a different auth scheme.
         HistogramAuthEvent(handler_.get(), AUTH_EVENT_REJECT);
         InvalidateCurrentHandler(INVALIDATE_HANDLER_AND_DISABLE_SCHEME);
       } else {
         // Pass the challenge information back to the client.
         PopulateAuthChallenge();
       }
-    } else {
-      auth_info_ = NULL;
     }
 
     // If we get here and we don't have a handler_, that's because we
     // invalidated it due to not having any viable identities to use with it. Go
     // back and try again.
     // TODO(asanka): Instead we should create a priority list of
     //     <handler,identity> and iterate through that.
   } while(!handler_.get());
   return OK;
 }
@@ skipping 198 matching lines @@
   DCHECK(CalledOnValidThread());
   disabled_schemes_.insert(scheme);
 }
 
 void HttpAuthController::DisableEmbeddedIdentity() {
   DCHECK(CalledOnValidThread());
   embedded_identity_used_ = true;
 }
 
 }  // namespace net