[webkit-changes] [150147] trunk/Source/WebCore

Wed, 15 May 2013 14:22:14 -0700

Title: [150147] trunk/Source/WebCore
Revision
150147
Author
[email protected]
Date
2013-05-15 14:23:52 -0700 (Wed, 15 May 2013)

Log Message

[BlackBerry] When HTTP auth fails, only purge credentials that match the failed credentials
https://bugs.webkit.org/show_bug.cgi?id=116164

Patch by Joe Mason <[email protected]> on 2013-05-15
Reviewed by Rob Buis.

Internal PR: 338490
Internally Reviewed By: Lyon Chen

When there are multiple HTTP requests in flight with the same bad credentials (common with
proxy auth if the user mistyped their password), the first 407 that's received will cause
the credentials to be purged and the password dialog to open for new credentials. This means
that all 407's received after this should only purge the credentials if they have not
already been updated from the dialog; otherwise they will be wiping out credentials that
haven't failed yet.

* platform/network/blackberry/NetworkJob.cpp:
(WebCore::NetworkJob::sendRequestWithCredentials):
(WebCore::NetworkJob::purgeCredentials):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (150146 => 150147)


--- trunk/Source/WebCore/ChangeLog	2013-05-15 21:17:24 UTC (rev 150146)
+++ trunk/Source/WebCore/ChangeLog	2013-05-15 21:23:52 UTC (rev 150147)
@@ -1,3 +1,24 @@
+2013-05-15  Joe Mason  <[email protected]>
+
+        [BlackBerry] When HTTP auth fails, only purge credentials that match the failed credentials
+        https://bugs.webkit.org/show_bug.cgi?id=116164
+
+        Reviewed by Rob Buis.
+
+        Internal PR: 338490
+        Internally Reviewed By: Lyon Chen
+
+        When there are multiple HTTP requests in flight with the same bad credentials (common with
+        proxy auth if the user mistyped their password), the first 407 that's received will cause
+        the credentials to be purged and the password dialog to open for new credentials. This means
+        that all 407's received after this should only purge the credentials if they have not
+        already been updated from the dialog; otherwise they will be wiping out credentials that
+        haven't failed yet.
+
+        * platform/network/blackberry/NetworkJob.cpp:
+        (WebCore::NetworkJob::sendRequestWithCredentials):
+        (WebCore::NetworkJob::purgeCredentials):
+
 2013-05-15  Chris Fleizach  <[email protected]>
 
         AX: Use caching when requesting children object on iOS

Modified: trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp (150146 => 150147)


--- trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp	2013-05-15 21:17:24 UTC (rev 150146)
+++ trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp	2013-05-15 21:23:52 UTC (rev 150147)
@@ -862,6 +862,7 @@
         challenge.setStored(true);
         updateCurrentWebChallenge(challenge);
     } else {
+        ASSERT(credential.isEmpty());
         if (m_handle->firstRequest().targetType() == ResourceRequest::TargetIsFavicon) {
             // The favicon loading is triggerred after the main resource has been loaded
             // and parsed, so if we cancel the authentication challenge when loading the main
@@ -964,6 +965,10 @@
 
     purgeCredentials(m_handle->getInternal()->m_hostWebChallenge);
     purgeCredentials(m_handle->getInternal()->m_proxyWebChallenge);
+
+    m_handle->getInternal()->m_currentWebChallenge.nullify();
+    m_handle->getInternal()->m_proxyWebChallenge.nullify();
+    m_handle->getInternal()->m_hostWebChallenge.nullify();
 }
 
 void NetworkJob::purgeCredentials(AuthenticationChallenge& challenge)
@@ -990,11 +995,17 @@
         m_handle->getInternal()->m_pass = "";
     }
 
-    CredentialStorage::remove(challenge.protectionSpace());
-    challenge.setStored(false);
+    // Do not compare credential objects with == here, since we don't care about the persistence.
+
+    const Credential& storedCredential = CredentialStorage::get(challenge.protectionSpace());
+    if (storedCredential.user() == purgeUsername && storedCredential.password() == purgePassword) {
+        CredentialStorage::remove(challenge.protectionSpace());
+        challenge.setStored(false);
+    }
 #if ENABLE(BLACKBERRY_CREDENTIAL_PERSIST)
-    if (challenge.proposedCredential() == credentialBackingStore().getLogin(challenge.protectionSpace()))
-        credentialBackingStore().removeLogin(challenge.protectionSpace(), challenge.proposedCredential().user());
+    const Credential& persistedCredential = credentialBackingStore().getLogin(challenge.protectionSpace());
+    if (persistedCredential.user() == purgeUsername && persistedCredential.password() == purgePassword)
+        credentialBackingStore().removeLogin(challenge.protectionSpace(), purgeUsername);
 #endif
 }
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to