components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler.h

// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef COMPONENTS_DATA_REDUCTION_PROXY_BROWSER_DATA_REDUCTION_PROXY_AUTH_REQUEST_HANDLER_H_
#define COMPONENTS_DATA_REDUCTION_PROXY_BROWSER_DATA_REDUCTION_PROXY_AUTH_REQUEST_HANDLER_H_

#include "base/gtest_prod_util.h"
#include "base/strings/string16.h"
#include "base/time/time.h"
#include "components/data_reduction_proxy/browser/data_reduction_proxy_settings.h"


namespace net {
class AuthChallengeInfo;
}

namespace data_reduction_proxy {

class DataReductionProxySettings;

class DataReductionProxyAuthRequestHandler {
 public:
  enum TryHandleResult {
    TRY_HANDLE_RESULT_IGNORE,
    TRY_HANDLE_RESULT_PROCEED,
    TRY_HANDLE_RESULT_CANCEL
  };

  // Constructs an authentication request handler and takes a pointer to a
  // |settings| object, which must outlive the handler.
  explicit DataReductionProxyAuthRequestHandler(
      DataReductionProxySettings* settings);
  virtual ~DataReductionProxyAuthRequestHandler();

  // Returns |PROCEED| if the authentication challenge provided is one that the
  // data reduction proxy should handle and |IGNORE| if not. Returns |CANCEL| if
  // there are a string of |MAX_BACK_TO_BACK_FAILURES| successive retries.
  TryHandleResult TryHandleAuthentication(net::AuthChallengeInfo* auth_info,
                                          base::string16* user,
                                          base::string16* password);

 protected:
  // Visible for testing.
  virtual bool IsAcceptableAuthChallenge(net::AuthChallengeInfo* auth_info);

  // Visible for testing.
  virtual base::string16 GetTokenForAuthChallenge(
      net::AuthChallengeInfo* auth_info);

  // Visible for testing.
  virtual base::TimeTicks Now();

 private:
  FRIEND_TEST_ALL_PREFIXES(DataReductionProxyAuthRequestHandlerTest,
                           CancelAfterSuccessiveAuthAttempts);



  // System timestamp of the last data reduction proxy authentication request.
  // This is used to cancel data reduction proxy auth requests that are denied
  // rather than loop forever trying a rejected token.
  static int64 auth_request_timestamp_;

  // The number of back to back data reduction proxy authentication failures
  // that occurred with no more than |MIN_AUTH_REQUEST_INTERVAL_MS| between each
  // adjacent pair of them.
  static int back_to_back_failure_count_;

  // System timestamp of the last data reduction proxy auth token invalidation.
  // This is used to expire old tokens on back-to-back failures, and distinguish
  // invalidation from repeat failures due to the client not being authorized.
  static int64 auth_token_invalidation_timestamp_;

  // Settings object for the data reduction proxy. Must outlive the handler.
  DataReductionProxySettings* settings_;

  DISALLOW_COPY_AND_ASSIGN(DataReductionProxyAuthRequestHandler);
};

}  // namespace data_reduction_proxy
#endif  // COMPONENTS_DATA_REDUCTION_PROXY_BROWSER_DATA_REDUCTION_PROXY_AUTH_REQUEST_HANDLER_H_