Check and invalidate cached credentials if they were used for preemptive authentication and were rejected by the server.

BUG=72589
TEST=net_unittests --gtest_filter=HttpAuthHandler*.HandleAnotherChallenge

Review URL: http://codereview.chromium.org/6525035

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75390 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 14 insertions, 3 deletions

diff --git a/net/http/http_auth_handler_basic.cc b/net/http/http_auth_handler_basic.cc
index e48aa67..9ed28e2 100644
--- a/net/http/http_auth_handler_basic.cc
+++ b/net/http/http_auth_handler_basic.cc
@@ -53,9 +53,20 @@ bool HttpAuthHandlerBasic::ParseChallenge(
 
 HttpAuth::AuthorizationResult HttpAuthHandlerBasic::HandleAnotherChallenge(
     HttpAuth::ChallengeTokenizer* challenge) {
-  // Basic authentication is always a single round, so any responses should
-  // be treated as a rejection.
-  return HttpAuth::AUTHORIZATION_RESULT_REJECT;
+  // Basic authentication is always a single round, so any responses
+  // should be treated as a rejection.  However, if the new challenge
+  // is for a different realm, then indicate the realm change.
+  HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs();
+  std::string realm;
+  while (parameters.GetNext()) {
+    if (LowerCaseEqualsASCII(parameters.name(), "realm")) {
+      realm = parameters.value();
+      break;
+    }
+  }
+  return (realm_ != realm)?
+      HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM:
+      HttpAuth::AUTHORIZATION_RESULT_REJECT;
 }
 
 int HttpAuthHandlerBasic::GenerateAuthTokenImpl(