Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(367)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_auth_controller.cc

Issue 2507253002: [net/auth] Treat ERR_INVALID_HANDLE as a identity invalidating error. (Closed)
Patch Set: Reparent this CL so that it detaches from its dependencies Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_auth_controller.h" 5 #include "net/http/http_auth_controller.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/bind_helpers.h" 8 #include "base/bind_helpers.h"
9 #include "base/metrics/histogram_macros.h" 9 #include "base/metrics/histogram_macros.h"
10 #include "base/strings/string_util.h" 10 #include "base/strings/string_util.h"
(...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after
468 auth_info_ = new AuthChallengeInfo; 468 auth_info_ = new AuthChallengeInfo;
469 auth_info_->is_proxy = (target_ == HttpAuth::AUTH_PROXY); 469 auth_info_->is_proxy = (target_ == HttpAuth::AUTH_PROXY);
470 auth_info_->challenger = url::Origin(auth_origin_); 470 auth_info_->challenger = url::Origin(auth_origin_);
471 auth_info_->scheme = HttpAuth::SchemeToString(handler_->auth_scheme()); 471 auth_info_->scheme = HttpAuth::SchemeToString(handler_->auth_scheme());
472 auth_info_->realm = handler_->realm(); 472 auth_info_->realm = handler_->realm();
473 } 473 }
474 474
475 int HttpAuthController::HandleGenerateTokenResult(int result) { 475 int HttpAuthController::HandleGenerateTokenResult(int result) {
476 DCHECK(CalledOnValidThread()); 476 DCHECK(CalledOnValidThread());
477 switch (result) { 477 switch (result) {
478 // Occurs if the credential handle is found to be invalid at the point it is
479 // exercised (i.e. GenerateAuthToken stage). We are going to consider this
480 // to be an error that invalidates the identity but not necessarily the
481 // scheme. Doing so allows a different identity to be used with the same
482 // scheme. See https://crbug.com/648366.
483 case ERR_INVALID_HANDLE:
484
485 // If the GenerateAuthToken call fails with this error, this means that the
486 // handler can no longer be used. However, the authentication scheme is
487 // considered still usable. This allows a scheme that attempted and failed
488 // to use default credentials to recover and use explicit credentials.
489 //
490 // The current handler may be tied to external state that is no longer
491 // valid, hence should be discarded. Since the scheme is still valid, a new
492 // handler can be created for the current scheme.
478 case ERR_INVALID_AUTH_CREDENTIALS: 493 case ERR_INVALID_AUTH_CREDENTIALS:
479 // If the GenerateAuthToken call fails with this error, this means that
480 // the handler can no longer be used. However, the authentication scheme
481 // is considered still usable. This allows a scheme that attempted and
482 // failed to use default credentials to recover and use explicit
483 // credentials.
484 //
485 // The current handler may be tied to external state that is no longer
486 // valid, hence should be discarded. Since the scheme is still valid, a
487 // new handler can be created for the current scheme.
488 InvalidateCurrentHandler(INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS); 494 InvalidateCurrentHandler(INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS);
489 auth_token_.clear(); 495 auth_token_.clear();
490 return OK; 496 return OK;
491 497
492 // Occurs with GSSAPI, if the user has not already logged in. 498 // Occurs with GSSAPI, if the user has not already logged in.
493 case ERR_MISSING_AUTH_CREDENTIALS: 499 case ERR_MISSING_AUTH_CREDENTIALS:
494 500
495 // Can occur with GSSAPI or SSPI if the underlying library reports 501 // Can occur with GSSAPI or SSPI if the underlying library reports
496 // a permanent error. 502 // a permanent error.
497 case ERR_UNSUPPORTED_AUTH_SCHEME: 503 case ERR_UNSUPPORTED_AUTH_SCHEME:
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
539 DCHECK(CalledOnValidThread()); 545 DCHECK(CalledOnValidThread());
540 disabled_schemes_.insert(scheme); 546 disabled_schemes_.insert(scheme);
541 } 547 }
542 548
543 void HttpAuthController::DisableEmbeddedIdentity() { 549 void HttpAuthController::DisableEmbeddedIdentity() {
544 DCHECK(CalledOnValidThread()); 550 DCHECK(CalledOnValidThread());
545 embedded_identity_used_ = true; 551 embedded_identity_used_ = true;
546 } 552 }
547 553
548 } // namespace net 554 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698