chrome/browser/ui/login/login_prompt_browsertest.cc - Issue 410373003: Fix cross origin check when deciding to show the HTTP auth interstitial.

Side by Side Diff: chrome/browser/ui/login/login_prompt_browsertest.cc

Issue 410373003: Fix cross origin check when deciding to show the HTTP auth interstitial. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Check only LastCommittedURL Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <algorithm>	5 #include <algorithm>

6 #include <list>	6 #include <list>

7 #include <map>	7 #include <map>

8	8

9 #include "base/metrics/field_trial.h"	9 #include "base/metrics/field_trial.h"

10 #include "base/strings/utf_string_conversions.h"	10 #include "base/strings/utf_string_conversions.h"

(...skipping 43 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
54	54

55 AuthInfo(const std::string& username,	55 AuthInfo(const std::string& username,

56 const std::string& password)	56 const std::string& password)

57 : username_(username), password_(password) {}	57 : username_(username), password_(password) {}

58 };	58 };

59	59

60 typedef std::map<std::string, AuthInfo> AuthMap;	60 typedef std::map<std::string, AuthInfo> AuthMap;

61	61

62 void SetAuthFor(LoginHandler* handler);	62 void SetAuthFor(LoginHandler* handler);

63	63

	64 void TestCrossOriginPrompt(const GURL& visit_url,

	65 std::string landing_host) const;
	Peter Kasting 2014/08/06 01:07:54 Nit: Pass by const ref Nit: Pass by const ref meacer 2014/08/06 17:36:49 Done. Show quoted text On 2014/08/06 01:07:54, Peter Kasting wrote: > Nit: Pass by const ref Done.
	66

64 AuthMap auth_map_;	67 AuthMap auth_map_;

65 std::string bad_password_;	68 std::string bad_password_;

66 std::string bad_username_;	69 std::string bad_username_;

67 std::string password_;	70 std::string password_;

68 std::string username_basic_;	71 std::string username_basic_;

69 std::string username_digest_;	72 std::string username_digest_;

70 };	73 };

71	74

72 void LoginPromptBrowserTest::SetAuthFor(LoginHandler* handler) {	75 void LoginPromptBrowserTest::SetAuthFor(LoginHandler* handler) {

73 const net::AuthChallengeInfo* challenge = handler->auth_info();	76 const net::AuthChallengeInfo* challenge = handler->auth_info();

(...skipping 702 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
776 ASSERT_EQ(1u, observer.handlers().size());	779 ASSERT_EQ(1u, observer.handlers().size());

777	780

778 while (!observer.handlers().empty()) {	781 while (!observer.handlers().empty()) {

779 WindowedAuthCancelledObserver auth_cancelled_waiter(controller);	782 WindowedAuthCancelledObserver auth_cancelled_waiter(controller);

780 LoginHandler* handler = *observer.handlers().begin();	783 LoginHandler* handler = *observer.handlers().begin();

781	784

782 ASSERT_TRUE(handler);	785 ASSERT_TRUE(handler);

783 // When a cross origin iframe displays a login prompt, the blank	786 // When a cross origin iframe displays a login prompt, the blank

784 // interstitial shouldn't be displayed and the omnibox should show the	787 // interstitial shouldn't be displayed and the omnibox should show the

785 // main frame's url, not the iframe's.	788 // main frame's url, not the iframe's.

786 EXPECT_EQ(new_host, contents->GetURL().host());	789 EXPECT_EQ(new_host, contents->GetVisibleURL().host());
	nasko 2014/08/06 10:17:37 Awesome!!! Awesome!!!
787	790

788 handler->CancelAuth();	791 handler->CancelAuth();

789 auth_cancelled_waiter.Wait();	792 auth_cancelled_waiter.Wait();

790 }	793 }

791 }	794 }

792	795

793 // Should stay on the main frame's url once the prompt the iframe is closed.	796 // Should stay on the main frame's url once the prompt the iframe is closed.

794 EXPECT_EQ("www.a.com", contents->GetURL().host());	797 EXPECT_EQ("www.a.com", contents->GetVisibleURL().host());

795	798

796 EXPECT_EQ(1, observer.auth_needed_count());	799 EXPECT_EQ(1, observer.auth_needed_count());

797 EXPECT_TRUE(test_server()->Stop());	800 EXPECT_TRUE(test_server()->Stop());

798 }	801 }

799	802

800 IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest, SupplyRedundantAuths) {	803 IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest, SupplyRedundantAuths) {

801 ASSERT_TRUE(test_server()->Start());	804 ASSERT_TRUE(test_server()->Start());

802	805

803 // Get NavigationController for tab 1.	806 // Get NavigationController for tab 1.

804 content::WebContents* contents_1 =	807 content::WebContents* contents_1 =

(...skipping 367 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1172	1175

1173 EXPECT_EQ(expected_title, contents->GetTitle());	1176 EXPECT_EQ(expected_title, contents->GetTitle());

1174 EXPECT_EQ(0, observer.auth_supplied_count());	1177 EXPECT_EQ(0, observer.auth_supplied_count());

1175 EXPECT_EQ(1, observer.auth_needed_count());	1178 EXPECT_EQ(1, observer.auth_needed_count());

1176 EXPECT_EQ(1, observer.auth_cancelled_count());	1179 EXPECT_EQ(1, observer.auth_cancelled_count());

1177 EXPECT_TRUE(test_server()->Stop());	1180 EXPECT_TRUE(test_server()->Stop());

1178 }	1181 }

1179	1182

1180 // If a cross origin navigation triggers a login prompt, the destination URL	1183 // If a cross origin navigation triggers a login prompt, the destination URL

1181 // should be shown in the omnibox.	1184 // should be shown in the omnibox.

1182 IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest,	1185 void LoginPromptBrowserTest::TestCrossOriginPrompt(

1183 ShowCorrectUrlForCrossOriginMainFrameRequests) {	1186 const GURL& visit_url,

1184 const char* kTestPage = "files/login/cross_origin.html";	1187 std::string auth_host) const {
	nasko 2014/08/06 10:17:37 nit: const std::string& nit: const std::string& meacer 2014/08/06 17:36:49 Done. Show quoted text On 2014/08/06 10:17:37, nasko (in Munich) wrote: > nit: const std::string& Done.
1185 host_resolver()->AddRule("www.a.com", "127.0.0.1");

1186 ASSERT_TRUE(test_server()->Start());

1187

1188 content::WebContents* contents =	1188 content::WebContents* contents =

1189 browser()->tab_strip_model()->GetActiveWebContents();	1189 browser()->tab_strip_model()->GetActiveWebContents();

1190 NavigationController* controller = &contents->GetController();	1190 NavigationController* controller = &contents->GetController();

1191 LoginPromptBrowserTestObserver observer;	1191 LoginPromptBrowserTestObserver observer;

1192	1192

1193 observer.Register(content::Source<NavigationController>(controller));	1193 observer.Register(content::Source<NavigationController>(controller));

1194	1194

1195 // Load a page which navigates to a cross origin page with a login prompt.	1195 // Load a page which will trigger a login prompt.

1196 {	1196 {

1197 GURL test_page = test_server()->GetURL(kTestPage);

1198 ASSERT_EQ("127.0.0.1", test_page.host());

1199

1200 WindowedAuthNeededObserver auth_needed_waiter(controller);	1197 WindowedAuthNeededObserver auth_needed_waiter(controller);

1201 browser()->OpenURL(OpenURLParams(	1198 browser()->OpenURL(OpenURLParams(

1202 test_page, Referrer(), CURRENT_TAB, content::PAGE_TRANSITION_TYPED,	1199 visit_url, Referrer(), CURRENT_TAB, content::PAGE_TRANSITION_TYPED,

1203 false));	1200 false));

1204 ASSERT_EQ("127.0.0.1", contents->GetURL().host());	1201 ASSERT_EQ(visit_url.host(), contents->GetVisibleURL().host());

1205 auth_needed_waiter.Wait();	1202 auth_needed_waiter.Wait();

1206 ASSERT_EQ(1u, observer.handlers().size());	1203 ASSERT_EQ(1u, observer.handlers().size());

1207 WaitForInterstitialAttach(contents);	1204 WaitForInterstitialAttach(contents);

1208	1205

1209 // The omnibox should show the correct origin for the new page when the	1206 // The omnibox should show the correct origin for the new page when the

1210 // login prompt is shown.	1207 // login prompt is shown.

1211 EXPECT_EQ("www.a.com", contents->GetURL().host());	1208 EXPECT_EQ(auth_host, contents->GetVisibleURL().host());

1212 EXPECT_TRUE(contents->ShowingInterstitialPage());	1209 EXPECT_TRUE(contents->ShowingInterstitialPage());

1213	1210

1214 // Cancel and wait for the interstitial to detach.	1211 // Cancel and wait for the interstitial to detach.

1215 LoginHandler* handler = *observer.handlers().begin();	1212 LoginHandler* handler = *observer.handlers().begin();

1216 scoped_refptr<content::MessageLoopRunner> loop_runner(	1213 scoped_refptr<content::MessageLoopRunner> loop_runner(

1217 new content::MessageLoopRunner);	1214 new content::MessageLoopRunner);

1218 InterstitialObserver interstitial_observer(contents,	1215 InterstitialObserver interstitial_observer(contents,

1219 base::Closure(),	1216 base::Closure(),

1220 loop_runner->QuitClosure());	1217 loop_runner->QuitClosure());

1221 handler->CancelAuth();	1218 handler->CancelAuth();

1222 if (content::InterstitialPage::GetInterstitialPage(contents))	1219 if (content::InterstitialPage::GetInterstitialPage(contents))

1223 loop_runner->Run();	1220 loop_runner->Run();

1224 EXPECT_EQ("www.a.com", contents->GetURL().host());	1221 EXPECT_EQ(auth_host, contents->GetVisibleURL().host());

1225 EXPECT_FALSE(contents->ShowingInterstitialPage());	1222 EXPECT_FALSE(contents->ShowingInterstitialPage());

1226 }	1223 }

1227 }	1224 }

1228	1225

	1226 // If a cross origin direct navigation triggers a login prompt, the login

	1227 // interstitial should be shown.

	1228 IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest,

	1229 ShowCorrectUrlForCrossOriginMainFrameRequests) {

	1230 ASSERT_TRUE(test_server()->Start());

	1231

	1232 GURL test_page = test_server()->GetURL(kAuthBasicPage);

	1233 ASSERT_EQ("127.0.0.1", test_page.host());

	1234 std::string auth_host = "127.0.0.1";
	nasko 2014/08/06 10:17:37 nit: std::string auth_host("127.0.0.1"); nit: std::string auth_host("127.0.0.1"); meacer 2014/08/06 17:36:49 Done. Show quoted text On 2014/08/06 10:17:37, nasko (in Munich) wrote: > nit: std::string auth_host("127.0.0.1"); Done.
	1235 TestCrossOriginPrompt(test_page, auth_host);

	1236 }

	1237

	1238 // If a cross origin redirect triggers a login prompt, the destination URL

	1239 // should be shown in the omnibox when the auth dialog is displayed.

	1240 IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest,

	1241 ShowCorrectUrlForCrossOriginMainFrameRedirects) {

	1242 host_resolver()->AddRule("www.a.com", "127.0.0.1");

	1243 ASSERT_TRUE(test_server()->Start());

	1244

	1245 const char* kTestPage = "files/login/cross_origin.html";
	nasko 2014/08/06 10:17:37 Why not use std::string? Why not use std::string? meacer 2014/08/06 17:36:49 Mainly for consistency with other test cases. Happ Show quoted text On 2014/08/06 10:17:37, nasko (in Munich) wrote: > Why not use std::string? Mainly for consistency with other test cases. Happy to change though.
	1246 GURL test_page = test_server()->GetURL(kTestPage);

	1247 ASSERT_EQ("127.0.0.1", test_page.host());

	1248 std::string auth_host = "www.a.com";

	1249 TestCrossOriginPrompt(test_page, auth_host);

	1250 }

	1251

1229 } // namespace	1252 } // namespace

OLD	NEW

« chrome/browser/ui/login/login_prompt.cc ('K') | « chrome/browser/ui/login/login_prompt.cc ('k') | no next file » | no next file with comments »