| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_controller.h" | 5 #include "net/http/http_auth_controller.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
| 10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 139 | 139 |
| 140 HttpAuthController::~HttpAuthController() { | 140 HttpAuthController::~HttpAuthController() { |
| 141 DCHECK(CalledOnValidThread()); | 141 DCHECK(CalledOnValidThread()); |
| 142 } | 142 } |
| 143 | 143 |
| 144 int HttpAuthController::MaybeGenerateAuthToken( | 144 int HttpAuthController::MaybeGenerateAuthToken( |
| 145 const HttpRequestInfo* request, | 145 const HttpRequestInfo* request, |
| 146 const CompletionCallback& callback, | 146 const CompletionCallback& callback, |
| 147 const NetLogWithSource& net_log) { | 147 const NetLogWithSource& net_log) { |
| 148 DCHECK(CalledOnValidThread()); | 148 DCHECK(CalledOnValidThread()); |
| 149 DCHECK(!auth_info_); |
| 149 bool needs_auth = HaveAuth() || SelectPreemptiveAuth(net_log); | 150 bool needs_auth = HaveAuth() || SelectPreemptiveAuth(net_log); |
| 150 if (!needs_auth) | 151 if (!needs_auth) |
| 151 return OK; | 152 return OK; |
| 152 const AuthCredentials* credentials = NULL; | 153 const AuthCredentials* credentials = NULL; |
| 153 if (identity_.source != HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS) | 154 if (identity_.source != HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS) |
| 154 credentials = &identity_.credentials; | 155 credentials = &identity_.credentials; |
| 155 DCHECK(auth_token_.empty()); | 156 DCHECK(auth_token_.empty()); |
| 156 DCHECK(callback_.is_null()); | 157 DCHECK(callback_.is_null()); |
| 157 int rv = handler_->GenerateAuthToken( | 158 int rv = handler_->GenerateAuthToken( |
| 158 credentials, request, | 159 credentials, request, |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 220 | 221 |
| 221 int HttpAuthController::HandleAuthChallenge( | 222 int HttpAuthController::HandleAuthChallenge( |
| 222 scoped_refptr<HttpResponseHeaders> headers, | 223 scoped_refptr<HttpResponseHeaders> headers, |
| 223 const SSLInfo& ssl_info, | 224 const SSLInfo& ssl_info, |
| 224 bool do_not_send_server_auth, | 225 bool do_not_send_server_auth, |
| 225 bool establishing_tunnel, | 226 bool establishing_tunnel, |
| 226 const NetLogWithSource& net_log) { | 227 const NetLogWithSource& net_log) { |
| 227 DCHECK(CalledOnValidThread()); | 228 DCHECK(CalledOnValidThread()); |
| 228 DCHECK(headers.get()); | 229 DCHECK(headers.get()); |
| 229 DCHECK(auth_origin_.is_valid()); | 230 DCHECK(auth_origin_.is_valid()); |
| 231 DCHECK(!auth_info_); |
| 230 | 232 |
| 231 // Give the existing auth handler first try at the authentication headers. | 233 // Give the existing auth handler first try at the authentication headers. |
| 232 // This will also evict the entry in the HttpAuthCache if the previous | 234 // This will also evict the entry in the HttpAuthCache if the previous |
| 233 // challenge appeared to be rejected, or is using a stale nonce in the Digest | 235 // challenge appeared to be rejected, or is using a stale nonce in the Digest |
| 234 // case. | 236 // case. |
| 235 if (HaveAuth()) { | 237 if (HaveAuth()) { |
| 236 std::string challenge_used; | 238 std::string challenge_used; |
| 237 HttpAuth::AuthorizationResult result = HttpAuth::HandleChallengeResponse( | 239 HttpAuth::AuthorizationResult result = HttpAuth::HandleChallengeResponse( |
| 238 handler_.get(), *headers, target_, disabled_schemes_, &challenge_used); | 240 handler_.get(), *headers, target_, disabled_schemes_, &challenge_used); |
| 239 switch (result) { | 241 switch (result) { |
| (...skipping 30 matching lines...) Expand all Loading... |
| 270 INVALIDATE_HANDLER : | 272 INVALIDATE_HANDLER : |
| 271 INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS); | 273 INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS); |
| 272 break; | 274 break; |
| 273 default: | 275 default: |
| 274 NOTREACHED(); | 276 NOTREACHED(); |
| 275 break; | 277 break; |
| 276 } | 278 } |
| 277 } | 279 } |
| 278 | 280 |
| 279 identity_.invalid = true; | 281 identity_.invalid = true; |
| 280 | |
| 281 bool can_send_auth = (target_ != HttpAuth::AUTH_SERVER || | 282 bool can_send_auth = (target_ != HttpAuth::AUTH_SERVER || |
| 282 !do_not_send_server_auth); | 283 !do_not_send_server_auth); |
| 283 | 284 |
| 284 do { | 285 do { |
| 285 if (!handler_.get() && can_send_auth) { | 286 if (!handler_.get() && can_send_auth) { |
| 286 // Find the best authentication challenge that we support. | 287 // Find the best authentication challenge that we support. |
| 287 HttpAuth::ChooseBestChallenge(http_auth_handler_factory_, *headers, | 288 HttpAuth::ChooseBestChallenge(http_auth_handler_factory_, *headers, |
| 288 ssl_info, target_, auth_origin_, | 289 ssl_info, target_, auth_origin_, |
| 289 disabled_schemes_, net_log, &handler_); | 290 disabled_schemes_, net_log, &handler_); |
| 290 if (handler_.get()) | 291 if (handler_.get()) |
| (...skipping 28 matching lines...) Expand all Loading... |
| 319 // We have exhausted all identity possibilities. | 320 // We have exhausted all identity possibilities. |
| 320 if (!handler_->AllowsExplicitCredentials()) { | 321 if (!handler_->AllowsExplicitCredentials()) { |
| 321 // If the handler doesn't accept explicit credentials, then we need to | 322 // If the handler doesn't accept explicit credentials, then we need to |
| 322 // choose a different auth scheme. | 323 // choose a different auth scheme. |
| 323 HistogramAuthEvent(handler_.get(), AUTH_EVENT_REJECT); | 324 HistogramAuthEvent(handler_.get(), AUTH_EVENT_REJECT); |
| 324 InvalidateCurrentHandler(INVALIDATE_HANDLER_AND_DISABLE_SCHEME); | 325 InvalidateCurrentHandler(INVALIDATE_HANDLER_AND_DISABLE_SCHEME); |
| 325 } else { | 326 } else { |
| 326 // Pass the challenge information back to the client. | 327 // Pass the challenge information back to the client. |
| 327 PopulateAuthChallenge(); | 328 PopulateAuthChallenge(); |
| 328 } | 329 } |
| 329 } else { | |
| 330 auth_info_ = NULL; | |
| 331 } | 330 } |
| 332 | 331 |
| 333 // If we get here and we don't have a handler_, that's because we | 332 // If we get here and we don't have a handler_, that's because we |
| 334 // invalidated it due to not having any viable identities to use with it. Go | 333 // invalidated it due to not having any viable identities to use with it. Go |
| 335 // back and try again. | 334 // back and try again. |
| 336 // TODO(asanka): Instead we should create a priority list of | 335 // TODO(asanka): Instead we should create a priority list of |
| 337 // <handler,identity> and iterate through that. | 336 // <handler,identity> and iterate through that. |
| 338 } while(!handler_.get()); | 337 } while(!handler_.get()); |
| 339 return OK; | 338 return OK; |
| 340 } | 339 } |
| 341 | 340 |
| 342 void HttpAuthController::ResetAuth(const AuthCredentials& credentials) { | 341 void HttpAuthController::ResetAuth(const AuthCredentials& credentials) { |
| 343 DCHECK(CalledOnValidThread()); | 342 DCHECK(CalledOnValidThread()); |
| 344 DCHECK(identity_.invalid || credentials.Empty()); | 343 DCHECK(identity_.invalid || credentials.Empty()); |
| 345 | 344 |
| 346 if (identity_.invalid) { | 345 if (identity_.invalid) { |
| 347 // Update the credentials. | 346 // Update the credentials. |
| 348 identity_.source = HttpAuth::IDENT_SRC_EXTERNAL; | 347 identity_.source = HttpAuth::IDENT_SRC_EXTERNAL; |
| 349 identity_.invalid = false; | 348 identity_.invalid = false; |
| 350 identity_.credentials = credentials; | 349 identity_.credentials = credentials; |
| 350 |
| 351 // auth_info_ is no longer necessary. |
| 352 auth_info_ = nullptr; |
| 351 } | 353 } |
| 352 | 354 |
| 353 DCHECK(identity_.source != HttpAuth::IDENT_SRC_PATH_LOOKUP); | 355 DCHECK(identity_.source != HttpAuth::IDENT_SRC_PATH_LOOKUP); |
| 354 | 356 |
| 355 // Add the auth entry to the cache before restarting. We don't know whether | 357 // Add the auth entry to the cache before restarting. We don't know whether |
| 356 // the identity is valid yet, but if it is valid we want other transactions | 358 // the identity is valid yet, but if it is valid we want other transactions |
| 357 // to know about it. If an entry for (origin, handler->realm()) already | 359 // to know about it. If an entry for (origin, handler->realm()) already |
| 358 // exists, we update it. | 360 // exists, we update it. |
| 359 // | 361 // |
| 360 // If identity_.source is HttpAuth::IDENT_SRC_NONE or | 362 // If identity_.source is HttpAuth::IDENT_SRC_NONE or |
| (...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 539 DCHECK(CalledOnValidThread()); | 541 DCHECK(CalledOnValidThread()); |
| 540 disabled_schemes_.insert(scheme); | 542 disabled_schemes_.insert(scheme); |
| 541 } | 543 } |
| 542 | 544 |
| 543 void HttpAuthController::DisableEmbeddedIdentity() { | 545 void HttpAuthController::DisableEmbeddedIdentity() { |
| 544 DCHECK(CalledOnValidThread()); | 546 DCHECK(CalledOnValidThread()); |
| 545 embedded_identity_used_ = true; | 547 embedded_identity_used_ = true; |
| 546 } | 548 } |
| 547 | 549 |
| 548 } // namespace net | 550 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2505203002:
[net/auth] Reset AuthChallengeInfo before picking a new HttpAuthHandler. (Closed)
