From 51ba37440d9008ed4a0cb5293ec15d3331367017 Mon Sep 17 00:00:00 2001
From: Cheng Zhao <zcbenz@gmail.com>
Date: Wed, 28 Oct 2015 21:20:08 +0800
Subject: [PATCH] Guard against multiple calls of auth

---
 atom/browser/login_handler.cc | 16 +++++++++++++++-
 atom/browser/login_handler.h  |  9 +++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/atom/browser/login_handler.cc b/atom/browser/login_handler.cc
index ca6e5de..7a1a77c 100644
--- a/atom/browser/login_handler.cc
+++ b/atom/browser/login_handler.cc
@@ -30,7 +30,8 @@ void ResetLoginHandlerForRequest(net::URLRequest* request) {
 
 LoginHandler::LoginHandler(net::AuthChallengeInfo* auth_info,
                            net::URLRequest* request)
-    : auth_info_(auth_info),
+    : handled_auth_(false),
+      auth_info_(auth_info),
       request_(request),
       render_process_host_id_(0),
       render_frame_id_(0) {
@@ -56,6 +57,8 @@ content::WebContents* LoginHandler::GetWebContents() const {
 void LoginHandler::Login(const base::string16& username,
                          const base::string16& password) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
+  if (TestAndSetAuthHandled())
+    return;
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
       base::Bind(&LoginHandler::DoLogin, this, username, password));
@@ -63,14 +66,25 @@ void LoginHandler::Login(const base::string16& username,
 
 void LoginHandler::CancelAuth() {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
+  if (TestAndSetAuthHandled())
+    return;
   BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
                           base::Bind(&LoginHandler::DoCancelAuth, this));
 }
 
 void LoginHandler::OnRequestCancelled() {
+  TestAndSetAuthHandled();
   request_ = nullptr;
 }
 
+// Marks authentication as handled and returns the previous handled state.
+bool LoginHandler::TestAndSetAuthHandled() {
+  base::AutoLock lock(handled_auth_lock_);
+  bool was_handled = handled_auth_;
+  handled_auth_ = true;
+  return was_handled;
+}
+
 void LoginHandler::DoCancelAuth() {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 
diff --git a/atom/browser/login_handler.h b/atom/browser/login_handler.h
index 899bc8c..52ec1ab 100644
--- a/atom/browser/login_handler.h
+++ b/atom/browser/login_handler.h
@@ -6,6 +6,7 @@
 #define ATOM_BROWSER_LOGIN_HANDLER_H_
 
 #include "base/strings/string16.h"
+#include "base/synchronization/lock.h"
 #include "content/public/browser/resource_dispatcher_host_login_delegate.h"
 
 namespace content {
@@ -48,6 +49,14 @@ class LoginHandler : public content::ResourceDispatcherHostLoginDelegate {
   void DoCancelAuth();
   void DoLogin(const base::string16& username, const base::string16& password);
 
+  // Marks authentication as handled and returns the previous handled
+  // state.
+  bool TestAndSetAuthHandled();
+
+  // True if we've handled auth (Login or CancelAuth has been called).
+  bool handled_auth_;
+  mutable base::Lock handled_auth_lock_;
+
   // Who/where/what asked for the authentication.
   scoped_refptr<net::AuthChallengeInfo> auth_info_;
 
-- 
2.7.4