1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_HTTP_HTTP_AUTH_CONTROLLER_H_ 6 #define NET_HTTP_HTTP_AUTH_CONTROLLER_H_ 7 #pragma once 8 9 #include <set> 10 #include <string> 11 12 #include "base/basictypes.h" 13 #include "base/memory/ref_counted.h" 14 #include "base/memory/scoped_ptr.h" 15 #include "base/string16.h" 16 #include "base/threading/non_thread_safe.h" 17 #include "googleurl/src/gurl.h" 18 #include "net/base/completion_callback.h" 19 #include "net/base/net_log.h" 20 #include "net/http/http_auth.h" 21 22 namespace net { 23 24 class AuthChallengeInfo; 25 class HttpAuthHandler; 26 class HttpAuthHandlerFactory; 27 class HttpAuthCache; 28 class HttpRequestHeaders; 29 struct HttpRequestInfo; 30 31 class HttpAuthController : public base::RefCounted<HttpAuthController>, 32 public base::NonThreadSafe { 33 public: 34 // The arguments are self explanatory except possibly for |auth_url|, which 35 // should be both the auth target and auth path in a single url argument. 36 HttpAuthController(HttpAuth::Target target, 37 const GURL& auth_url, 38 HttpAuthCache* http_auth_cache, 39 HttpAuthHandlerFactory* http_auth_handler_factory); 40 41 // Generate an authentication token for |target| if necessary. The return 42 // value is a net error code. |OK| will be returned both in the case that 43 // a token is correctly generated synchronously, as well as when no tokens 44 // were necessary. 45 virtual int MaybeGenerateAuthToken(const HttpRequestInfo* request, 46 CompletionCallback* callback, 47 const BoundNetLog& net_log); 48 49 // Adds either the proxy auth header, or the origin server auth header, 50 // as specified by |target_|. 51 virtual void AddAuthorizationHeader( 52 HttpRequestHeaders* authorization_headers); 53 54 // Checks for and handles HTTP status code 401 or 407. 55 // |HandleAuthChallenge()| returns OK on success, or a network error code 56 // otherwise. It may also populate |auth_info_|. 57 virtual int HandleAuthChallenge(scoped_refptr<HttpResponseHeaders> headers, 58 bool do_not_send_server_auth, 59 bool establishing_tunnel, 60 const BoundNetLog& net_log); 61 62 // Store the supplied credentials and prepare to restart the auth. 63 virtual void ResetAuth(const string16& username, 64 const string16& password); 65 66 virtual bool HaveAuthHandler() const; 67 68 virtual bool HaveAuth() const; 69 70 virtual scoped_refptr<AuthChallengeInfo> auth_info(); 71 72 virtual bool IsAuthSchemeDisabled(HttpAuth::Scheme scheme) const; 73 virtual void DisableAuthScheme(HttpAuth::Scheme scheme); 74 75 private: 76 // Actions for InvalidateCurrentHandler() 77 enum InvalidateHandlerAction { 78 INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS, 79 INVALIDATE_HANDLER 80 }; 81 82 // So that we can mock this object. 83 friend class base::RefCounted<HttpAuthController>; 84 85 virtual ~HttpAuthController(); 86 87 // Searches the auth cache for an entry that encompasses the request's path. 88 // If such an entry is found, updates |identity_| and |handler_| with the 89 // cache entry's data and returns true. 90 bool SelectPreemptiveAuth(const BoundNetLog& net_log); 91 92 // Invalidates the current handler. If |action| is 93 // INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS, then also invalidate 94 // the cached credentials used by the handler. 95 void InvalidateCurrentHandler(InvalidateHandlerAction action); 96 97 // Invalidates any auth cache entries after authentication has failed. 98 // The identity that was rejected is |identity_|. 99 void InvalidateRejectedAuthFromCache(); 100 101 // Sets |identity_| to the next identity that the transaction should try. It 102 // chooses candidates by searching the auth cache and the URL for a 103 // username:password. Returns true if an identity was found. 104 bool SelectNextAuthIdentityToTry(); 105 106 // Populates auth_info_ with the challenge information, so that 107 // URLRequestHttpJob can prompt for a username/password. 108 void PopulateAuthChallenge(); 109 110 // If |result| indicates a permanent failure, disables the current 111 // auth scheme for this controller and returns true. Returns false 112 // otherwise. 113 bool DisableOnAuthHandlerResult(int result); 114 115 void OnIOComplete(int result); 116 117 // Indicates if this handler is for Proxy auth or Server auth. 118 HttpAuth::Target target_; 119 120 // Holds the {scheme, host, path, port} for the authentication target. 121 const GURL auth_url_; 122 123 // Holds the {scheme, host, port} for the authentication target. 124 const GURL auth_origin_; 125 126 // The absolute path of the resource needing authentication. 127 // For proxy authentication the path is empty. 128 const std::string auth_path_; 129 130 // |handler_| encapsulates the logic for the particular auth-scheme. 131 // This includes the challenge's parameters. If NULL, then there is no 132 // associated auth handler. 133 scoped_ptr<HttpAuthHandler> handler_; 134 135 // |identity_| holds the (username/password) that should be used by 136 // the handler_ to generate credentials. This identity can come from 137 // a number of places (url, cache, prompt). 138 HttpAuth::Identity identity_; 139 140 // |auth_token_| contains the opaque string to pass to the proxy or 141 // server to authenticate the client. 142 std::string auth_token_; 143 144 // Contains information about the auth challenge. 145 scoped_refptr<AuthChallengeInfo> auth_info_; 146 147 // True if we've used the username/password embedded in the URL. This 148 // makes sure we use the embedded identity only once for the transaction, 149 // preventing an infinite auth restart loop. 150 bool embedded_identity_used_; 151 152 // True if default credentials have already been tried for this transaction 153 // in response to an HTTP authentication challenge. 154 bool default_credentials_used_; 155 156 // These two are owned by the HttpNetworkSession/IOThread, which own the 157 // objects which reference |this|. Therefore, these raw pointers are valid 158 // for the lifetime of this object. 159 HttpAuthCache* const http_auth_cache_; 160 HttpAuthHandlerFactory* const http_auth_handler_factory_; 161 162 std::set<HttpAuth::Scheme> disabled_schemes_; 163 164 CompletionCallbackImpl<HttpAuthController> io_callback_; 165 CompletionCallback* user_callback_; 166 }; 167 168 } // namespace net 169 170 #endif // NET_HTTP_HTTP_AUTH_CONTROLLER_H_ 171