| Index: net/http/http_network_transaction_unittest.cc
|
| diff --git a/net/http/http_network_transaction_unittest.cc b/net/http/http_network_transaction_unittest.cc
|
| index 444269063c0e8539f677b6f9084f4a0c94e3afac..ee5b5e691b2e57c611fa4723f2f92864f75d5567 100644
|
| --- a/net/http/http_network_transaction_unittest.cc
|
| +++ b/net/http/http_network_transaction_unittest.cc
|
| @@ -4136,6 +4136,138 @@ TEST_F(HttpNetworkTransactionTest,
|
| session->CloseAllConnections();
|
| }
|
|
|
| +// A more nuanced test than GenerateAuthToken test which asserts that
|
| +// ERR_INVALID_AUTH_CREDENTIALS does not cause the auth scheme to be
|
| +// unnecessarily invalidated, and that if the server co-operates, the
|
| +// authentication handshake can continue with the same scheme but with a
|
| +// different identity.
|
| +TEST_F(HttpNetworkTransactionTest, NonPermanentGenerateAuthTokenError) {
|
| + HttpRequestInfo request;
|
| + request.method = "GET";
|
| + request.url = GURL("http://www.example.org/");
|
| +
|
| + std::unique_ptr<HttpAuthHandlerMock::Factory> auth_handler_factory(
|
| + new HttpAuthHandlerMock::Factory());
|
| + auth_handler_factory->set_do_init_from_challenge(true);
|
| +
|
| + // First handler. Uses default credentials, but barfs at generate auth token.
|
| + std::unique_ptr<HttpAuthHandlerMock> mock_handler(new HttpAuthHandlerMock());
|
| + mock_handler->set_allows_default_credentials(true);
|
| + mock_handler->set_allows_explicit_credentials(true);
|
| + mock_handler->set_connection_based(true);
|
| + mock_handler->SetGenerateExpectation(true, ERR_INVALID_AUTH_CREDENTIALS);
|
| + auth_handler_factory->AddMockHandler(mock_handler.release(),
|
| + HttpAuth::AUTH_SERVER);
|
| +
|
| + // Add another handler for the second challenge. It supports default
|
| + // credentials, but they shouldn't be used, since they were already tried.
|
| + mock_handler.reset(new HttpAuthHandlerMock());
|
| + mock_handler->set_allows_default_credentials(true);
|
| + mock_handler->set_allows_explicit_credentials(true);
|
| + mock_handler->set_connection_based(true);
|
| + auth_handler_factory->AddMockHandler(mock_handler.release(),
|
| + HttpAuth::AUTH_SERVER);
|
| + session_deps_.http_auth_handler_factory = std::move(auth_handler_factory);
|
| +
|
| + std::unique_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
|
| +
|
| + MockWrite data_writes1[] = {
|
| + MockWrite("GET / HTTP/1.1\r\n"
|
| + "Host: www.example.org\r\n"
|
| + "Connection: keep-alive\r\n\r\n"),
|
| + };
|
| +
|
| + MockRead data_reads1[] = {
|
| + MockRead("HTTP/1.1 401 Authentication Required\r\n"
|
| + "WWW-Authenticate: Mock\r\n"
|
| + "Connection: keep-alive\r\n\r\n"),
|
| + };
|
| +
|
| + // Identical to data_writes1[]. The AuthHandler encounters a
|
| + // ERR_INVALID_AUTH_CREDENTIALS during the GenerateAuthToken stage, so the
|
| + // transaction procceds without an authorization header.
|
| + MockWrite data_writes2[] = {
|
| + MockWrite("GET / HTTP/1.1\r\n"
|
| + "Host: www.example.org\r\n"
|
| + "Connection: keep-alive\r\n\r\n"),
|
| + };
|
| +
|
| + MockRead data_reads2[] = {
|
| + MockRead("HTTP/1.1 401 Authentication Required\r\n"
|
| + "WWW-Authenticate: Mock\r\n"
|
| + "Connection: keep-alive\r\n\r\n"),
|
| + };
|
| +
|
| + MockWrite data_writes3[] = {
|
| + MockWrite("GET / HTTP/1.1\r\n"
|
| + "Host: www.example.org\r\n"
|
| + "Connection: keep-alive\r\n"
|
| + "Authorization: auth_token\r\n\r\n"),
|
| + };
|
| +
|
| + MockRead data_reads3[] = {
|
| + MockRead("HTTP/1.1 200 OK\r\n"
|
| + "Content-Length: 5\r\n"
|
| + "Content-Type: text/plain\r\n"
|
| + "Connection: keep-alive\r\n\r\n"
|
| + "Hello"),
|
| + };
|
| +
|
| + StaticSocketDataProvider data1(data_reads1, arraysize(data_reads1),
|
| + data_writes1, arraysize(data_writes1));
|
| + session_deps_.socket_factory->AddSocketDataProvider(&data1);
|
| +
|
| + StaticSocketDataProvider data2(data_reads2, arraysize(data_reads2),
|
| + data_writes2, arraysize(data_writes2));
|
| + session_deps_.socket_factory->AddSocketDataProvider(&data2);
|
| +
|
| + StaticSocketDataProvider data3(data_reads3, arraysize(data_reads3),
|
| + data_writes3, arraysize(data_writes3));
|
| + session_deps_.socket_factory->AddSocketDataProvider(&data3);
|
| +
|
| + std::unique_ptr<HttpNetworkTransaction> trans(
|
| + new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
|
| +
|
| + TestCompletionCallback callback;
|
| + int rv = trans->Start(&request, callback.callback(), NetLogWithSource());
|
| + EXPECT_THAT(callback.GetResult(rv), IsOk());
|
| +
|
| + const HttpResponseInfo* response = trans->GetResponseInfo();
|
| + ASSERT_TRUE(response);
|
| + ASSERT_TRUE(response->headers);
|
| + EXPECT_TRUE(HttpVersion(1, 1) == response->headers->GetHttpVersion());
|
| +
|
| + // The following three tests assert that an authentication challenge was
|
| + // received and that the stack is ready to respond to the challenge using
|
| + // ambient credentials.
|
| + EXPECT_EQ(401, response->headers->response_code());
|
| + EXPECT_TRUE(trans->IsReadyToRestartForAuth());
|
| + EXPECT_FALSE(response->auth_challenge);
|
| +
|
| + rv = trans->RestartWithAuth(AuthCredentials(), callback.callback());
|
| + EXPECT_THAT(callback.GetResult(rv), IsOk());
|
| + response = trans->GetResponseInfo();
|
| + ASSERT_TRUE(response);
|
| + ASSERT_TRUE(response->headers);
|
| +
|
| + // The following three tests assert that an authentication challenge was
|
| + // received and that the stack needs explicit credentials before it is ready
|
| + // to respond to the challenge.
|
| + EXPECT_EQ(401, response->headers->response_code());
|
| + EXPECT_FALSE(trans->IsReadyToRestartForAuth());
|
| + EXPECT_TRUE(response->auth_challenge);
|
| +
|
| + rv = trans->RestartWithAuth(AuthCredentials(), callback.callback());
|
| + EXPECT_THAT(callback.GetResult(rv), IsOk());
|
| + response = trans->GetResponseInfo();
|
| + ASSERT_TRUE(response);
|
| + ASSERT_TRUE(response->headers);
|
| + EXPECT_EQ(200, response->headers->response_code());
|
| +
|
| + trans.reset();
|
| + session->CloseAllConnections();
|
| +}
|
| +
|
| // Test the load timing for HTTPS requests with an HTTP proxy.
|
| TEST_F(HttpNetworkTransactionTest, HttpProxyLoadTimingNoPacTwoRequests) {
|
| HttpRequestInfo request1;
|
| @@ -11397,18 +11529,20 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| static const int kNoSSL = 500;
|
|
|
| struct TestConfig {
|
| + int line_number;
|
| const char* const proxy_url;
|
| AuthTiming proxy_auth_timing;
|
| - int proxy_auth_rv;
|
| + int first_generate_proxy_token_rv;
|
| const char* const server_url;
|
| AuthTiming server_auth_timing;
|
| - int server_auth_rv;
|
| + int first_generate_server_token_rv;
|
| int num_auth_rounds;
|
| int first_ssl_round;
|
| - TestRound rounds[3];
|
| + TestRound rounds[4];
|
| } test_configs[] = {
|
| // Non-authenticating HTTP server with a direct connection.
|
| - {NULL,
|
| + {__LINE__,
|
| + nullptr,
|
| AUTH_NONE,
|
| OK,
|
| kServer,
|
| @@ -11418,7 +11552,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| kNoSSL,
|
| {TestRound(kGet, kSuccess, OK)}},
|
| // Authenticating HTTP server with a direct connection.
|
| - {NULL,
|
| + {__LINE__,
|
| + nullptr,
|
| AUTH_NONE,
|
| OK,
|
| kServer,
|
| @@ -11428,17 +11563,84 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| kNoSSL,
|
| {TestRound(kGet, kServerChallenge, OK),
|
| TestRound(kGetAuth, kSuccess, OK)}},
|
| - {NULL,
|
| + {__LINE__,
|
| + nullptr,
|
| AUTH_NONE,
|
| OK,
|
| kServer,
|
| AUTH_SYNC,
|
| ERR_INVALID_AUTH_CREDENTIALS,
|
| + 3,
|
| + kNoSSL,
|
| + {TestRound(kGet, kServerChallenge, OK),
|
| + TestRound(kGet, kServerChallenge, OK),
|
| + TestRound(kGetAuth, kSuccess, OK)}},
|
| + {__LINE__,
|
| + nullptr,
|
| + AUTH_NONE,
|
| + OK,
|
| + kServer,
|
| + AUTH_SYNC,
|
| + ERR_UNSUPPORTED_AUTH_SCHEME,
|
| + 2,
|
| + kNoSSL,
|
| + {TestRound(kGet, kServerChallenge, OK), TestRound(kGet, kSuccess, OK)}},
|
| + {__LINE__,
|
| + nullptr,
|
| + AUTH_NONE,
|
| + OK,
|
| + kServer,
|
| + AUTH_SYNC,
|
| + ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS,
|
| + 2,
|
| + kNoSSL,
|
| + {TestRound(kGet, kServerChallenge, OK), TestRound(kGet, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| + AUTH_SYNC,
|
| + ERR_FAILED,
|
| + kServer,
|
| + AUTH_NONE,
|
| + OK,
|
| + 2,
|
| + kNoSSL,
|
| + {TestRound(kGetProxy, kProxyChallenge, OK),
|
| + TestRound(kGetProxy, kFailure, ERR_FAILED)}},
|
| + {__LINE__,
|
| + kProxy,
|
| + AUTH_ASYNC,
|
| + ERR_FAILED,
|
| + kServer,
|
| + AUTH_NONE,
|
| + OK,
|
| + 2,
|
| + kNoSSL,
|
| + {TestRound(kGetProxy, kProxyChallenge, OK),
|
| + TestRound(kGetProxy, kFailure, ERR_FAILED)}},
|
| + {__LINE__,
|
| + nullptr,
|
| + AUTH_NONE,
|
| + OK,
|
| + kServer,
|
| + AUTH_SYNC,
|
| + ERR_FAILED,
|
| 2,
|
| kNoSSL,
|
| {TestRound(kGet, kServerChallenge, OK),
|
| - TestRound(kGetAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| - {NULL,
|
| + TestRound(kGet, kFailure, ERR_FAILED)}},
|
| + {__LINE__,
|
| + nullptr,
|
| + AUTH_NONE,
|
| + OK,
|
| + kServer,
|
| + AUTH_ASYNC,
|
| + ERR_FAILED,
|
| + 2,
|
| + kNoSSL,
|
| + {TestRound(kGet, kServerChallenge, OK),
|
| + TestRound(kGet, kFailure, ERR_FAILED)}},
|
| + {__LINE__,
|
| + nullptr,
|
| AUTH_NONE,
|
| OK,
|
| kServer,
|
| @@ -11448,18 +11650,22 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| kNoSSL,
|
| {TestRound(kGet, kServerChallenge, OK),
|
| TestRound(kGetAuth, kSuccess, OK)}},
|
| - {NULL,
|
| + {__LINE__,
|
| + nullptr,
|
| AUTH_NONE,
|
| OK,
|
| kServer,
|
| AUTH_ASYNC,
|
| ERR_INVALID_AUTH_CREDENTIALS,
|
| - 2,
|
| + 3,
|
| kNoSSL,
|
| {TestRound(kGet, kServerChallenge, OK),
|
| - TestRound(kGetAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| + // The second round uses a HttpAuthHandlerMock that always succeeds.
|
| + TestRound(kGet, kServerChallenge, OK),
|
| + TestRound(kGetAuth, kSuccess, OK)}},
|
| // Non-authenticating HTTP server through a non-authenticating proxy.
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_NONE,
|
| OK,
|
| kServer,
|
| @@ -11469,7 +11675,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| kNoSSL,
|
| {TestRound(kGetProxy, kSuccess, OK)}},
|
| // Authenticating HTTP server through a non-authenticating proxy.
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_NONE,
|
| OK,
|
| kServer,
|
| @@ -11479,18 +11686,20 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| kNoSSL,
|
| {TestRound(kGetProxy, kServerChallenge, OK),
|
| TestRound(kGetAuthThroughProxy, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_NONE,
|
| OK,
|
| kServer,
|
| AUTH_SYNC,
|
| ERR_INVALID_AUTH_CREDENTIALS,
|
| - 2,
|
| + 3,
|
| kNoSSL,
|
| {TestRound(kGetProxy, kServerChallenge, OK),
|
| - TestRound(kGetAuthThroughProxy, kFailure,
|
| - ERR_INVALID_AUTH_CREDENTIALS)}},
|
| - {kProxy,
|
| + TestRound(kGetProxy, kServerChallenge, OK),
|
| + TestRound(kGetAuthThroughProxy, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_NONE,
|
| OK,
|
| kServer,
|
| @@ -11500,7 +11709,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| kNoSSL,
|
| {TestRound(kGetProxy, kServerChallenge, OK),
|
| TestRound(kGetAuthThroughProxy, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_NONE,
|
| OK,
|
| kServer,
|
| @@ -11509,10 +11719,10 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 2,
|
| kNoSSL,
|
| {TestRound(kGetProxy, kServerChallenge, OK),
|
| - TestRound(kGetAuthThroughProxy, kFailure,
|
| - ERR_INVALID_AUTH_CREDENTIALS)}},
|
| + TestRound(kGetProxy, kSuccess, OK)}},
|
| // Non-authenticating HTTP server through an authenticating proxy.
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_SYNC,
|
| OK,
|
| kServer,
|
| @@ -11522,7 +11732,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| kNoSSL,
|
| {TestRound(kGetProxy, kProxyChallenge, OK),
|
| TestRound(kGetProxyAuth, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_SYNC,
|
| ERR_INVALID_AUTH_CREDENTIALS,
|
| kServer,
|
| @@ -11531,8 +11742,9 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 2,
|
| kNoSSL,
|
| {TestRound(kGetProxy, kProxyChallenge, OK),
|
| - TestRound(kGetProxyAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| - {kProxy,
|
| + TestRound(kGetProxy, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_ASYNC,
|
| OK,
|
| kServer,
|
| @@ -11542,7 +11754,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| kNoSSL,
|
| {TestRound(kGetProxy, kProxyChallenge, OK),
|
| TestRound(kGetProxyAuth, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_ASYNC,
|
| ERR_INVALID_AUTH_CREDENTIALS,
|
| kServer,
|
| @@ -11551,9 +11764,22 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 2,
|
| kNoSSL,
|
| {TestRound(kGetProxy, kProxyChallenge, OK),
|
| - TestRound(kGetProxyAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| + TestRound(kGetProxy, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| + AUTH_ASYNC,
|
| + ERR_INVALID_AUTH_CREDENTIALS,
|
| + kServer,
|
| + AUTH_NONE,
|
| + OK,
|
| + 3,
|
| + kNoSSL,
|
| + {TestRound(kGetProxy, kProxyChallenge, OK),
|
| + TestRound(kGetProxy, kProxyChallenge, OK),
|
| + TestRound(kGetProxyAuth, kSuccess, OK)}},
|
| // Authenticating HTTP server through an authenticating proxy.
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_SYNC,
|
| OK,
|
| kServer,
|
| @@ -11564,7 +11790,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| {TestRound(kGetProxy, kProxyChallenge, OK),
|
| TestRound(kGetProxyAuth, kServerChallenge, OK),
|
| TestRound(kGetAuthWithProxyAuth, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_SYNC,
|
| OK,
|
| kServer,
|
| @@ -11574,9 +11801,9 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| kNoSSL,
|
| {TestRound(kGetProxy, kProxyChallenge, OK),
|
| TestRound(kGetProxyAuth, kServerChallenge, OK),
|
| - TestRound(kGetAuthWithProxyAuth, kFailure,
|
| - ERR_INVALID_AUTH_CREDENTIALS)}},
|
| - {kProxy,
|
| + TestRound(kGetProxyAuth, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_ASYNC,
|
| OK,
|
| kServer,
|
| @@ -11587,7 +11814,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| {TestRound(kGetProxy, kProxyChallenge, OK),
|
| TestRound(kGetProxyAuth, kServerChallenge, OK),
|
| TestRound(kGetAuthWithProxyAuth, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_ASYNC,
|
| OK,
|
| kServer,
|
| @@ -11597,9 +11825,9 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| kNoSSL,
|
| {TestRound(kGetProxy, kProxyChallenge, OK),
|
| TestRound(kGetProxyAuth, kServerChallenge, OK),
|
| - TestRound(kGetAuthWithProxyAuth, kFailure,
|
| - ERR_INVALID_AUTH_CREDENTIALS)}},
|
| - {kProxy,
|
| + TestRound(kGetProxyAuth, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_SYNC,
|
| OK,
|
| kServer,
|
| @@ -11610,7 +11838,21 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| {TestRound(kGetProxy, kProxyChallenge, OK),
|
| TestRound(kGetProxyAuth, kServerChallenge, OK),
|
| TestRound(kGetAuthWithProxyAuth, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| + AUTH_SYNC,
|
| + ERR_INVALID_AUTH_CREDENTIALS,
|
| + kServer,
|
| + AUTH_ASYNC,
|
| + OK,
|
| + 4,
|
| + kNoSSL,
|
| + {TestRound(kGetProxy, kProxyChallenge, OK),
|
| + TestRound(kGetProxy, kProxyChallenge, OK),
|
| + TestRound(kGetProxyAuth, kServerChallenge, OK),
|
| + TestRound(kGetAuthWithProxyAuth, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_SYNC,
|
| OK,
|
| kServer,
|
| @@ -11620,9 +11862,9 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| kNoSSL,
|
| {TestRound(kGetProxy, kProxyChallenge, OK),
|
| TestRound(kGetProxyAuth, kServerChallenge, OK),
|
| - TestRound(kGetAuthWithProxyAuth, kFailure,
|
| - ERR_INVALID_AUTH_CREDENTIALS)}},
|
| - {kProxy,
|
| + TestRound(kGetProxyAuth, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_ASYNC,
|
| OK,
|
| kServer,
|
| @@ -11633,7 +11875,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| {TestRound(kGetProxy, kProxyChallenge, OK),
|
| TestRound(kGetProxyAuth, kServerChallenge, OK),
|
| TestRound(kGetAuthWithProxyAuth, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_ASYNC,
|
| OK,
|
| kServer,
|
| @@ -11643,10 +11886,23 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| kNoSSL,
|
| {TestRound(kGetProxy, kProxyChallenge, OK),
|
| TestRound(kGetProxyAuth, kServerChallenge, OK),
|
| - TestRound(kGetAuthWithProxyAuth, kFailure,
|
| - ERR_INVALID_AUTH_CREDENTIALS)}},
|
| + TestRound(kGetProxyAuth, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| + AUTH_ASYNC,
|
| + ERR_INVALID_AUTH_CREDENTIALS,
|
| + kServer,
|
| + AUTH_ASYNC,
|
| + ERR_INVALID_AUTH_CREDENTIALS,
|
| + 4,
|
| + kNoSSL,
|
| + {TestRound(kGetProxy, kProxyChallenge, OK),
|
| + TestRound(kGetProxy, kProxyChallenge, OK),
|
| + TestRound(kGetProxyAuth, kServerChallenge, OK),
|
| + TestRound(kGetProxyAuth, kSuccess, OK)}},
|
| // Non-authenticating HTTPS server with a direct connection.
|
| - {NULL,
|
| + {__LINE__,
|
| + nullptr,
|
| AUTH_NONE,
|
| OK,
|
| kSecureServer,
|
| @@ -11656,7 +11912,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 0,
|
| {TestRound(kGet, kSuccess, OK)}},
|
| // Authenticating HTTPS server with a direct connection.
|
| - {NULL,
|
| + {__LINE__,
|
| + nullptr,
|
| AUTH_NONE,
|
| OK,
|
| kSecureServer,
|
| @@ -11666,7 +11923,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 0,
|
| {TestRound(kGet, kServerChallenge, OK),
|
| TestRound(kGetAuth, kSuccess, OK)}},
|
| - {NULL,
|
| + {__LINE__,
|
| + nullptr,
|
| AUTH_NONE,
|
| OK,
|
| kSecureServer,
|
| @@ -11674,9 +11932,9 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| ERR_INVALID_AUTH_CREDENTIALS,
|
| 2,
|
| 0,
|
| - {TestRound(kGet, kServerChallenge, OK),
|
| - TestRound(kGetAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| - {NULL,
|
| + {TestRound(kGet, kServerChallenge, OK), TestRound(kGet, kSuccess, OK)}},
|
| + {__LINE__,
|
| + nullptr,
|
| AUTH_NONE,
|
| OK,
|
| kSecureServer,
|
| @@ -11686,7 +11944,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 0,
|
| {TestRound(kGet, kServerChallenge, OK),
|
| TestRound(kGetAuth, kSuccess, OK)}},
|
| - {NULL,
|
| + {__LINE__,
|
| + nullptr,
|
| AUTH_NONE,
|
| OK,
|
| kSecureServer,
|
| @@ -11694,10 +11953,10 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| ERR_INVALID_AUTH_CREDENTIALS,
|
| 2,
|
| 0,
|
| - {TestRound(kGet, kServerChallenge, OK),
|
| - TestRound(kGetAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| + {TestRound(kGet, kServerChallenge, OK), TestRound(kGet, kSuccess, OK)}},
|
| // Non-authenticating HTTPS server with a non-authenticating proxy.
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_NONE,
|
| OK,
|
| kSecureServer,
|
| @@ -11707,7 +11966,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 0,
|
| {TestRound(kConnect, kProxyConnected, OK, &kGet, &kSuccess)}},
|
| // Authenticating HTTPS server through a non-authenticating proxy.
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_NONE,
|
| OK,
|
| kSecureServer,
|
| @@ -11717,7 +11977,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 0,
|
| {TestRound(kConnect, kProxyConnected, OK, &kGet, &kServerChallenge),
|
| TestRound(kGetAuth, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_NONE,
|
| OK,
|
| kSecureServer,
|
| @@ -11726,8 +11987,9 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 2,
|
| 0,
|
| {TestRound(kConnect, kProxyConnected, OK, &kGet, &kServerChallenge),
|
| - TestRound(kGetAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| - {kProxy,
|
| + TestRound(kGet, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_NONE,
|
| OK,
|
| kSecureServer,
|
| @@ -11737,7 +11999,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 0,
|
| {TestRound(kConnect, kProxyConnected, OK, &kGet, &kServerChallenge),
|
| TestRound(kGetAuth, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_NONE,
|
| OK,
|
| kSecureServer,
|
| @@ -11746,9 +12009,10 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 2,
|
| 0,
|
| {TestRound(kConnect, kProxyConnected, OK, &kGet, &kServerChallenge),
|
| - TestRound(kGetAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| + TestRound(kGet, kSuccess, OK)}},
|
| // Non-Authenticating HTTPS server through an authenticating proxy.
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_SYNC,
|
| OK,
|
| kSecureServer,
|
| @@ -11758,7 +12022,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 1,
|
| {TestRound(kConnect, kProxyChallenge, OK),
|
| TestRound(kConnectProxyAuth, kProxyConnected, OK, &kGet, &kSuccess)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_SYNC,
|
| ERR_INVALID_AUTH_CREDENTIALS,
|
| kSecureServer,
|
| @@ -11767,8 +12032,31 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 2,
|
| kNoSSL,
|
| {TestRound(kConnect, kProxyChallenge, OK),
|
| - TestRound(kConnectProxyAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| - {kProxy,
|
| + TestRound(kConnect, kProxyConnected, OK, &kGet, &kSuccess)}},
|
| + {__LINE__,
|
| + kProxy,
|
| + AUTH_SYNC,
|
| + ERR_UNSUPPORTED_AUTH_SCHEME,
|
| + kSecureServer,
|
| + AUTH_NONE,
|
| + OK,
|
| + 2,
|
| + kNoSSL,
|
| + {TestRound(kConnect, kProxyChallenge, OK),
|
| + TestRound(kConnect, kProxyConnected, OK, &kGet, &kSuccess)}},
|
| + {__LINE__,
|
| + kProxy,
|
| + AUTH_SYNC,
|
| + ERR_UNEXPECTED,
|
| + kSecureServer,
|
| + AUTH_NONE,
|
| + OK,
|
| + 2,
|
| + kNoSSL,
|
| + {TestRound(kConnect, kProxyChallenge, OK),
|
| + TestRound(kConnect, kProxyConnected, ERR_UNEXPECTED)}},
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_ASYNC,
|
| OK,
|
| kSecureServer,
|
| @@ -11778,7 +12066,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 1,
|
| {TestRound(kConnect, kProxyChallenge, OK),
|
| TestRound(kConnectProxyAuth, kProxyConnected, OK, &kGet, &kSuccess)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_ASYNC,
|
| ERR_INVALID_AUTH_CREDENTIALS,
|
| kSecureServer,
|
| @@ -11787,9 +12076,10 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| 2,
|
| kNoSSL,
|
| {TestRound(kConnect, kProxyChallenge, OK),
|
| - TestRound(kConnectProxyAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| + TestRound(kConnect, kProxyConnected, OK, &kGet, &kSuccess)}},
|
| // Authenticating HTTPS server through an authenticating proxy.
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_SYNC,
|
| OK,
|
| kSecureServer,
|
| @@ -11801,7 +12091,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| TestRound(kConnectProxyAuth, kProxyConnected, OK, &kGet,
|
| &kServerChallenge),
|
| TestRound(kGetAuth, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_SYNC,
|
| OK,
|
| kSecureServer,
|
| @@ -11812,8 +12103,9 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| {TestRound(kConnect, kProxyChallenge, OK),
|
| TestRound(kConnectProxyAuth, kProxyConnected, OK, &kGet,
|
| &kServerChallenge),
|
| - TestRound(kGetAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| - {kProxy,
|
| + TestRound(kGet, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_ASYNC,
|
| OK,
|
| kSecureServer,
|
| @@ -11825,7 +12117,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| TestRound(kConnectProxyAuth, kProxyConnected, OK, &kGet,
|
| &kServerChallenge),
|
| TestRound(kGetAuth, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_ASYNC,
|
| OK,
|
| kSecureServer,
|
| @@ -11836,8 +12129,9 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| {TestRound(kConnect, kProxyChallenge, OK),
|
| TestRound(kConnectProxyAuth, kProxyConnected, OK, &kGet,
|
| &kServerChallenge),
|
| - TestRound(kGetAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| - {kProxy,
|
| + TestRound(kGet, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_SYNC,
|
| OK,
|
| kSecureServer,
|
| @@ -11849,7 +12143,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| TestRound(kConnectProxyAuth, kProxyConnected, OK, &kGet,
|
| &kServerChallenge),
|
| TestRound(kGetAuth, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_SYNC,
|
| OK,
|
| kSecureServer,
|
| @@ -11860,8 +12155,9 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| {TestRound(kConnect, kProxyChallenge, OK),
|
| TestRound(kConnectProxyAuth, kProxyConnected, OK, &kGet,
|
| &kServerChallenge),
|
| - TestRound(kGetAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| - {kProxy,
|
| + TestRound(kGet, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_ASYNC,
|
| OK,
|
| kSecureServer,
|
| @@ -11873,7 +12169,8 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| TestRound(kConnectProxyAuth, kProxyConnected, OK, &kGet,
|
| &kServerChallenge),
|
| TestRound(kGetAuth, kSuccess, OK)}},
|
| - {kProxy,
|
| + {__LINE__,
|
| + kProxy,
|
| AUTH_ASYNC,
|
| OK,
|
| kSecureServer,
|
| @@ -11884,19 +12181,34 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| {TestRound(kConnect, kProxyChallenge, OK),
|
| TestRound(kConnectProxyAuth, kProxyConnected, OK, &kGet,
|
| &kServerChallenge),
|
| - TestRound(kGetAuth, kFailure, ERR_INVALID_AUTH_CREDENTIALS)}},
|
| + TestRound(kGet, kSuccess, OK)}},
|
| + {__LINE__,
|
| + kProxy,
|
| + AUTH_ASYNC,
|
| + ERR_INVALID_AUTH_CREDENTIALS,
|
| + kSecureServer,
|
| + AUTH_ASYNC,
|
| + ERR_INVALID_AUTH_CREDENTIALS,
|
| + 4,
|
| + 2,
|
| + {TestRound(kConnect, kProxyChallenge, OK),
|
| + TestRound(kConnect, kProxyChallenge, OK),
|
| + TestRound(kConnectProxyAuth, kProxyConnected, OK, &kGet,
|
| + &kServerChallenge),
|
| + TestRound(kGet, kSuccess, OK)}},
|
| };
|
|
|
| - for (size_t i = 0; i < arraysize(test_configs); ++i) {
|
| + for (const auto& test_config : test_configs) {
|
| + SCOPED_TRACE(::testing::Message() << "Test config at "
|
| + << test_config.line_number);
|
| HttpAuthHandlerMock::Factory* auth_factory(
|
| new HttpAuthHandlerMock::Factory());
|
| session_deps_.http_auth_handler_factory.reset(auth_factory);
|
| SSLInfo empty_ssl_info;
|
| - const TestConfig& test_config = test_configs[i];
|
|
|
| // Set up authentication handlers as necessary.
|
| if (test_config.proxy_auth_timing != AUTH_NONE) {
|
| - for (int n = 0; n < 2; n++) {
|
| + for (int n = 0; n < 3; n++) {
|
| HttpAuthHandlerMock* auth_handler(new HttpAuthHandlerMock());
|
| std::string auth_challenge = "Mock realm=proxy";
|
| GURL origin(test_config.proxy_url);
|
| @@ -11907,7 +12219,7 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| NetLogWithSource());
|
| auth_handler->SetGenerateExpectation(
|
| test_config.proxy_auth_timing == AUTH_ASYNC,
|
| - test_config.proxy_auth_rv);
|
| + n == 0 ? test_config.first_generate_proxy_token_rv : OK);
|
| auth_factory->AddMockHandler(auth_handler, HttpAuth::AUTH_PROXY);
|
| }
|
| }
|
| @@ -11922,8 +12234,20 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| NetLogWithSource());
|
| auth_handler->SetGenerateExpectation(
|
| test_config.server_auth_timing == AUTH_ASYNC,
|
| - test_config.server_auth_rv);
|
| + test_config.first_generate_server_token_rv);
|
| auth_factory->AddMockHandler(auth_handler, HttpAuth::AUTH_SERVER);
|
| +
|
| + // The second handler always succeeds. It should only be used where there
|
| + // are multiple auth sessions for server auth in the same network
|
| + // transaction using the same auth scheme.
|
| + std::unique_ptr<HttpAuthHandlerMock> second_handler =
|
| + base::MakeUnique<HttpAuthHandlerMock>();
|
| + second_handler->InitFromChallenge(&tokenizer, HttpAuth::AUTH_SERVER,
|
| + empty_ssl_info, origin,
|
| + NetLogWithSource());
|
| + second_handler->SetGenerateExpectation(true, OK);
|
| + auth_factory->AddMockHandler(second_handler.release(),
|
| + HttpAuth::AUTH_SERVER);
|
| }
|
| if (test_config.proxy_url) {
|
| session_deps_.proxy_service =
|
| @@ -11998,7 +12322,7 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| rv = callback.WaitForResult();
|
|
|
| // Compare results with expected data.
|
| - EXPECT_EQ(read_write_round.expected_rv, rv);
|
| + EXPECT_THAT(rv, IsError(read_write_round.expected_rv));
|
| const HttpResponseInfo* response = trans.GetResponseInfo();
|
| if (read_write_round.expected_rv != OK) {
|
| EXPECT_EQ(round + 1, test_config.num_auth_rounds);
|
| @@ -12008,6 +12332,7 @@ TEST_F(HttpNetworkTransactionTest, GenerateAuthToken) {
|
| EXPECT_TRUE(response->auth_challenge);
|
| } else {
|
| EXPECT_FALSE(response->auth_challenge);
|
| + EXPECT_FALSE(trans.IsReadyToRestartForAuth());
|
| }
|
| }
|
| }
|
| @@ -12121,6 +12446,8 @@ TEST_F(HttpNetworkTransactionTest, MultiRoundAuth) {
|
| ASSERT_TRUE(response);
|
| EXPECT_TRUE(response->auth_challenge);
|
| EXPECT_EQ(0, transport_pool->IdleSocketCountInGroup(kSocketGroup));
|
| + EXPECT_EQ(HttpAuthHandlerMock::State::WAIT_FOR_GENERATE_AUTH_TOKEN,
|
| + auth_handler->state());
|
|
|
| // In between rounds, another request comes in for the same domain.
|
| // It should not be able to grab the TCP socket that trans has already
|
| @@ -12144,6 +12471,8 @@ TEST_F(HttpNetworkTransactionTest, MultiRoundAuth) {
|
| ASSERT_TRUE(response);
|
| EXPECT_FALSE(response->auth_challenge);
|
| EXPECT_EQ(0, transport_pool->IdleSocketCountInGroup(kSocketGroup));
|
| + EXPECT_EQ(HttpAuthHandlerMock::State::WAIT_FOR_GENERATE_AUTH_TOKEN,
|
| + auth_handler->state());
|
|
|
| // Third round of authentication.
|
| auth_handler->SetGenerateExpectation(false, OK);
|
| @@ -12155,6 +12484,8 @@ TEST_F(HttpNetworkTransactionTest, MultiRoundAuth) {
|
| ASSERT_TRUE(response);
|
| EXPECT_FALSE(response->auth_challenge);
|
| EXPECT_EQ(0, transport_pool->IdleSocketCountInGroup(kSocketGroup));
|
| + EXPECT_EQ(HttpAuthHandlerMock::State::WAIT_FOR_GENERATE_AUTH_TOKEN,
|
| + auth_handler->state());
|
|
|
| // Fourth round of authentication, which completes successfully.
|
| auth_handler->SetGenerateExpectation(false, OK);
|
| @@ -12167,6 +12498,12 @@ TEST_F(HttpNetworkTransactionTest, MultiRoundAuth) {
|
| EXPECT_FALSE(response->auth_challenge);
|
| EXPECT_EQ(0, transport_pool->IdleSocketCountInGroup(kSocketGroup));
|
|
|
| + // In WAIT_FOR_CHALLENGE, although in reality the auth handler is done. A real
|
| + // auth handler should transition to a DONE state in concert with the remote
|
| + // server. But that's not something we can test here with a mock handler.
|
| + EXPECT_EQ(HttpAuthHandlerMock::State::WAIT_FOR_CHALLENGE,
|
| + auth_handler->state());
|
| +
|
| // Read the body since the fourth round was successful. This will also
|
| // release the socket back to the pool.
|
| scoped_refptr<IOBufferWithSize> io_buf(new IOBufferWithSize(50));
|
|
|
Chromium Code Reviews
Issue 2518633002:
[Merge M55] [net/auth] Deal better with ERR_INVALID_AUTH_CREDENTIALS error. (Closed)
