[webkit-changes] [140164] trunk/Source/WebCore

Fri, 18 Jan 2013 09:36:18 -0800

Title: [140164] trunk/Source/WebCore
Revision
140164
Author
[email protected]
Date
2013-01-18 09:37:59 -0800 (Fri, 18 Jan 2013)

Log Message

[BlackBerry] Only clear credentials when purgeCredentials is called
https://bugs.webkit.org/show_bug.cgi?id=107124

Patch by Joe Mason <[email protected]> on 2013-01-18
Reviewed by Yong Li.

Stop clearing credentials when sending out a request just in case they're wrong. That's stupid and
has race conditions. Only clear them when we know they're wrong.

Internal PR: 231158
Internal Reviewer: George Staikos

* platform/network/blackberry/NetworkJob.cpp:
(WebCore::NetworkJob::sendRequestWithCredentials):
(WebCore::NetworkJob::purgeCredentials):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (140163 => 140164)


--- trunk/Source/WebCore/ChangeLog	2013-01-18 17:26:50 UTC (rev 140163)
+++ trunk/Source/WebCore/ChangeLog	2013-01-18 17:37:59 UTC (rev 140164)
@@ -1,3 +1,20 @@
+2013-01-18  Joe Mason  <[email protected]>
+
+        [BlackBerry] Only clear credentials when purgeCredentials is called
+        https://bugs.webkit.org/show_bug.cgi?id=107124
+
+        Reviewed by Yong Li.
+
+        Stop clearing credentials when sending out a request just in case they're wrong. That's stupid and
+        has race conditions. Only clear them when we know they're wrong.
+
+        Internal PR: 231158
+        Internal Reviewer: George Staikos
+
+        * platform/network/blackberry/NetworkJob.cpp:
+        (WebCore::NetworkJob::sendRequestWithCredentials):
+        (WebCore::NetworkJob::purgeCredentials):
+
 2013-01-18  Andrey Adaikin  <[email protected]>
 
         Web Inspector: [Canvas] UI: add a context selector to show screenshot of any canvas in the log

Modified: trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp (140163 => 140164)


--- trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp	2013-01-18 17:26:50 UTC (rev 140163)
+++ trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp	2013-01-18 17:37:59 UTC (rev 140164)
@@ -776,6 +776,9 @@
     if (!newURL.isValid())
         return false;
 
+    // IMPORTANT: if a new source of credentials is added to this method, be sure to handle it in
+    // purgeCredentials as well!
+
     String host;
     int port;
     BlackBerry::Platform::ProxyInfo proxyInfo;
@@ -846,18 +849,7 @@
         }
 
         // Before asking the user for credentials, we check if the URL contains that.
-        if (!username.isEmpty() || !password.isEmpty()) {
-            // Prevent them from been used again if they are wrong.
-            // If they are correct, they will be put into CredentialStorage.
-            if (!proxyInfo.address.empty()) {
-                proxyInfo.username.clear();
-                proxyInfo.password.clear();
-                BlackBerry::Platform::Settings::instance()->storeProxyCredentials(proxyInfo);
-            } else {
-                m_handle->getInternal()->m_user = "";
-                m_handle->getInternal()->m_pass = "";
-            }
-        } else {
+        if (username.isEmpty() && password.isEmpty()) {
             if (m_handle->firstRequest().targetType() != ResourceRequest::TargetIsMainFrame && BlackBerry::Platform::Settings::instance()->isChromeProcess())
                 return false;
 
@@ -924,6 +916,25 @@
     if (challenge.isNull())
         return;
 
+    const String& purgeUsername = challenge.proposedCredential().user();
+    const String& purgePassword = challenge.proposedCredential().password();
+
+    // Since this credential didn't work, remove it from all sources which would return it
+    // IMPORTANT: every source that is checked for a password in sendRequestWithCredentials should
+    // be handled here!
+
+    if (challenge.protectionSpace().serverType() == ProtectionSpaceProxyHTTP || challenge.protectionSpace().serverType() == ProtectionSpaceProxyHTTPS) {
+        BlackBerry::Platform::ProxyInfo proxyInfo = BlackBerry::Platform::Settings::instance()->proxyInfo(m_handle->firstRequest().url().string());
+        if (!proxyInfo.address.empty() && purgeUsername == proxyInfo.username.c_str() && purgePassword == proxyInfo.password.c_str()) {
+            proxyInfo.username.clear();
+            proxyInfo.password.clear();
+            BlackBerry::Platform::Settings::instance()->storeProxyCredentials(proxyInfo);
+        }
+    } else if (m_handle->getInternal()->m_user == purgeUsername && m_handle->getInternal()->m_pass == purgePassword) {
+        m_handle->getInternal()->m_user = "";
+        m_handle->getInternal()->m_pass = "";
+    }
+
     CredentialStorage::remove(challenge.protectionSpace());
     challenge.setStored(false);
 #if ENABLE(BLACKBERRY_CREDENTIAL_PERSIST)

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to