Add Net.HttpAuthCount histogram to track failure rate per authentication scheme.

This suffers from a few potential issues, stemming from the lack of feedback of whether an authentication attempt succeeded.
  - It will count failures from preemptive authentication but not preemptive authentication attempts.
  - It will count challenges which do not result in Authorize headers being sent back up (UrlFetcher requests before HttpAuthCache is populated, user canceling an auth attempt).

Still, it seems better than having no insight right now. If it's too noisy I'll look at ways to improve it.

BUG=57628
TEST=Manually verified that histogram counts worked.

Review URL: http://codereview.chromium.org/3590012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@62158 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 58 insertions, 0 deletions

diff --git a/net/http/http_auth_controller.cc b/net/http/http_auth_controller.cc
index 7fe07f4..736ffa9 100644
--- a/net/http/http_auth_controller.cc
+++ b/net/http/http_auth_controller.cc
@@ -4,6 +4,7 @@
 
 #include "net/http/http_auth_controller.h"
 
+#include "base/histogram.h"
 #include "base/string_util.h"
 #include "base/utf_string_conversions.h"
 #include "net/base/auth.h"
@@ -49,6 +50,42 @@ std::string AuthChallengeLogMessage(HttpResponseHeaders* headers) {
   return msg;
 }
 
+enum AuthEvent {
+  AUTH_EVENT_START = 0,
+  AUTH_EVENT_REJECT = 1,
+  AUTH_EVENT_MAX = 2,
+};
+
+// Records the number of authentication events per authentication scheme.
+void HistogramAuthEvent(HttpAuthHandler* handler, AuthEvent auth_event) {
+#if !defined(NDEBUG)
+  // Note: The on-same-thread check is intentionally not using a lock
+  // to protect access to first_thread. This method is meant to be only
+  // used on the same thread, in which case there are no race conditions. If
+  // there are race conditions (say, a read completes during a partial write),
+  // the DCHECK will correctly fail.
+  static PlatformThreadId first_thread = PlatformThread::CurrentId();
+  DCHECK_EQ(first_thread, PlatformThread::CurrentId());
+#endif
+
+  // This assumes that the schemes maintain a consistent score from
+  // 1 to 4 inclusive. The results map to:
+  //   Basic Start: 0
+  //   Basic Reject: 1
+  //   Digest Start: 2
+  //   Digest Reject: 3
+  //   NTLM Start: 4
+  //   NTLM Reject: 5
+  //   Negotiate Start: 6
+  //   Negotiate Reject: 7
+  static const int kScoreMin = 1;
+  static const int kScoreMax = 4;
+  static const int kBucketsMax = kScoreMax * AUTH_EVENT_MAX + 1;
+  DCHECK(handler->score() >= kScoreMin && handler->score() <= kScoreMax);
+  int bucket = (handler->score() - kScoreMin) * AUTH_EVENT_MAX + auth_event;
+  UMA_HISTOGRAM_ENUMERATION("Net.HttpAuthCount", bucket, kBucketsMax);
+}
+
 }  // namespace
 
 HttpAuthController::HttpAuthController(
@@ -70,12 +107,14 @@ HttpAuthController::HttpAuthController(
 }
 
 HttpAuthController::~HttpAuthController() {
+  DCHECK(CalledOnValidThread());
   user_callback_ = NULL;
 }
 
 int HttpAuthController::MaybeGenerateAuthToken(const HttpRequestInfo* request,
                                                CompletionCallback* callback,
                                                const BoundNetLog& net_log) {
+  DCHECK(CalledOnValidThread());
   bool needs_auth = HaveAuth() || SelectPreemptiveAuth(net_log);
   if (!needs_auth)
     return OK;
@@ -103,6 +142,7 @@ int HttpAuthController::MaybeGenerateAuthToken(const HttpRequestInfo* request,
 }
 
 bool HttpAuthController::SelectPreemptiveAuth(const BoundNetLog& net_log) {
+  DCHECK(CalledOnValidThread());
   DCHECK(!HaveAuth());
   DCHECK(identity_.invalid);
 
@@ -141,6 +181,7 @@ bool HttpAuthController::SelectPreemptiveAuth(const BoundNetLog& net_log) {
 
 void HttpAuthController::AddAuthorizationHeader(
     HttpRequestHeaders* authorization_headers) {
+  DCHECK(CalledOnValidThread());
   DCHECK(HaveAuth());
   authorization_headers->SetHeader(
       HttpAuth::GetAuthorizationHeaderName(target_), auth_token_);
@@ -152,6 +193,7 @@ int HttpAuthController::HandleAuthChallenge(
     bool do_not_send_server_auth,
     bool establishing_tunnel,
     const BoundNetLog& net_log) {
+  DCHECK(CalledOnValidThread());
   DCHECK(headers);
   DCHECK(auth_origin_.is_valid());
   LOG(INFO) << "The " << HttpAuth::GetAuthTargetString(target_) << " "
@@ -170,7 +212,10 @@ int HttpAuthController::HandleAuthChallenge(
       case HttpAuth::AUTHORIZATION_RESULT_ACCEPT:
         break;
       case HttpAuth::AUTHORIZATION_RESULT_INVALID:
+        InvalidateCurrentHandler();
+        break;
       case HttpAuth::AUTHORIZATION_RESULT_REJECT:
+        HistogramAuthEvent(handler_.get(), AUTH_EVENT_REJECT);
         InvalidateCurrentHandler();
         break;
       case HttpAuth::AUTHORIZATION_RESULT_STALE:
@@ -203,6 +248,8 @@ int HttpAuthController::HandleAuthChallenge(
                                   headers, target_, auth_origin_,
                                   disabled_schemes_, net_log,
                                   &handler_);
+    if (handler_.get())
+      HistogramAuthEvent(handler_.get(), AUTH_EVENT_START);
   }
 
   if (!handler_.get()) {
@@ -247,6 +294,7 @@ int HttpAuthController::HandleAuthChallenge(
 
 void HttpAuthController::ResetAuth(const string16& username,
                                    const string16& password) {
+  DCHECK(CalledOnValidThread());
   DCHECK(identity_.invalid || (username.empty() && password.empty()));
 
   if (identity_.invalid) {
@@ -287,12 +335,15 @@ void HttpAuthController::ResetAuth(const string16& username,
 }
 
 void HttpAuthController::InvalidateCurrentHandler() {
+  DCHECK(CalledOnValidThread());
+
   InvalidateRejectedAuthFromCache();
   handler_.reset();
   identity_ = HttpAuth::Identity();
 }
 
 void HttpAuthController::InvalidateRejectedAuthFromCache() {
+  DCHECK(CalledOnValidThread());
   DCHECK(HaveAuth());
 
   // TODO(eroman): this short-circuit can be relaxed. If the realm of
@@ -311,6 +362,7 @@ void HttpAuthController::InvalidateRejectedAuthFromCache() {
 }
 
 bool HttpAuthController::SelectNextAuthIdentityToTry() {
+  DCHECK(CalledOnValidThread());
   DCHECK(handler_.get());
   DCHECK(identity_.invalid);
 
@@ -358,6 +410,8 @@ bool HttpAuthController::SelectNextAuthIdentityToTry() {
 }
 
 void HttpAuthController::PopulateAuthChallenge() {
+  DCHECK(CalledOnValidThread());
+
   // Populates response_.auth_challenge with the authentication challenge info.
   // This info is consumed by URLRequestHttpJob::GetAuthChallengeInfo().
 
@@ -370,6 +424,7 @@ void HttpAuthController::PopulateAuthChallenge() {
 }
 
 void HttpAuthController::OnIOComplete(int result) {
+  DCHECK(CalledOnValidThread());
   // This error occurs with GSSAPI, if the user has not already logged in.
   // In that case, disable the current scheme as it cannot succeed.
   if (result == ERR_MISSING_AUTH_CREDENTIALS) {
@@ -385,14 +440,17 @@ void HttpAuthController::OnIOComplete(int result) {
 }
 
 scoped_refptr<AuthChallengeInfo> HttpAuthController::auth_info() {
+  DCHECK(CalledOnValidThread());
   return auth_info_;
 }
 
 bool HttpAuthController::IsAuthSchemeDisabled(const std::string& scheme) const {
+  DCHECK(CalledOnValidThread());
   return disabled_schemes_.find(scheme) != disabled_schemes_.end();
 }
 
 void HttpAuthController::DisableAuthScheme(const std::string& scheme) {
+  DCHECK(CalledOnValidThread());
   disabled_schemes_.insert(scheme);
 }