Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(63)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/http_auth_controller.cc

Issue 2507253002: [net/auth] Treat ERR_INVALID_HANDLE as a identity invalidating error. (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/http_auth_controller.cc
diff --git a/net/http/http_auth_controller.cc b/net/http/http_auth_controller.cc
index 39361b44ed5633d100a4b5fb0998cd7c9f934d66..fa74f838d0c2ebcf1497dda5a50b7af9b2771fcb 100644
--- a/net/http/http_auth_controller.cc
+++ b/net/http/http_auth_controller.cc
@@ -474,16 +474,22 @@ void HttpAuthController::PopulateAuthChallenge() {
int HttpAuthController::HandleGenerateTokenResult(int result) {
DCHECK(CalledOnValidThread());
switch (result) {
+ // Occurs if the credential handle is found to be invalid at the point it is
+ // exercised (i.e. GenerateAuthToken stage). We are going to consider this
+ // to be an error that invalidates the identity but not necessarily the
+ // scheme. Doing so allows a different identity to be used with the same
+ // scheme. See https://crbug.com/648366.
+ case ERR_INVALID_HANDLE:
mmenke 2016/11/16 22:44:23 How do we get an invalid handle in the first place
asanka 2016/11/16 23:01:31 It's possible for us to get a credentials handle,
+
+ // If the GenerateAuthToken call fails with this error, this means that the
+ // handler can no longer be used. However, the authentication scheme is
+ // considered still usable. This allows a scheme that attempted and failed
+ // to use default credentials to recover and use explicit credentials.
+ //
+ // The current handler may be tied to external state that is no longer
+ // valid, hence should be discarded. Since the scheme is still valid, a new
+ // handler can be created for the current scheme.
case ERR_INVALID_AUTH_CREDENTIALS:
- // If the GenerateAuthToken call fails with this error, this means that
- // the handler can no longer be used. However, the authentication scheme
- // is considered still usable. This allows a scheme that attempted and
- // failed to use default credentials to recover and use explicit
- // credentials.
- //
- // The current handler may be tied to external state that is no longer
- // valid, hence should be discarded. Since the scheme is still valid, a
- // new handler can be created for the current scheme.
InvalidateCurrentHandler(INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS);
auth_token_.clear();
return OK;
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698