[BlackBerry] When HTTP auth fails, only purge credentials that match …

…the failed credentials https://bugs.webkit.org/show_bug.cgi?id=116164 Patch by Joe Mason <jmason@blackberry.com> on 2013-05-15 Reviewed by Rob Buis. Internal PR: 338490 Internally Reviewed By: Lyon Chen When there are multiple HTTP requests in flight with the same bad credentials (common with proxy auth if the user mistyped their password), the first 407 that's received will cause the credentials to be purged and the password dialog to open for new credentials. This means that all 407's received after this should only purge the credentials if they have not already been updated from the dialog; otherwise they will be wiping out credentials that haven't failed yet. * platform/network/blackberry/NetworkJob.cpp: (WebCore::NetworkJob::sendRequestWithCredentials): (WebCore::NetworkJob::purgeCredentials): Canonical link: https://commits.webkit.org/134576@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@150147 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · May 15, 2013 · c239be7 · c239be7
1 parent d3b7654
commit c239be7
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 4 deletions.
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
@@ -1,3 +1,24 @@
+2013-05-15  Joe Mason  <jmason@blackberry.com>
+
+        [BlackBerry] When HTTP auth fails, only purge credentials that match the failed credentials
+        https://bugs.webkit.org/show_bug.cgi?id=116164
+
+        Reviewed by Rob Buis.
+
+        Internal PR: 338490
+        Internally Reviewed By: Lyon Chen
+
+        When there are multiple HTTP requests in flight with the same bad credentials (common with
+        proxy auth if the user mistyped their password), the first 407 that's received will cause
+        the credentials to be purged and the password dialog to open for new credentials. This means
+        that all 407's received after this should only purge the credentials if they have not
+        already been updated from the dialog; otherwise they will be wiping out credentials that
+        haven't failed yet.
+
+        * platform/network/blackberry/NetworkJob.cpp:
+        (WebCore::NetworkJob::sendRequestWithCredentials):
+        (WebCore::NetworkJob::purgeCredentials):
+
 2013-05-15  Chris Fleizach  <cfleizach@apple.com>
 
         AX: Use caching when requesting children object on iOS

diff --git a/Source/WebCore/platform/network/blackberry/NetworkJob.cpp b/Source/WebCore/platform/network/blackberry/NetworkJob.cpp
@@ -862,6 +862,7 @@ NetworkJob::SendRequestResult NetworkJob::sendRequestWithCredentials(ProtectionS
         challenge.setStored(true);
         updateCurrentWebChallenge(challenge);
     } else {
+        ASSERT(credential.isEmpty());
         if (m_handle->firstRequest().targetType() == ResourceRequest::TargetIsFavicon) {
             // The favicon loading is triggerred after the main resource has been loaded
             // and parsed, so if we cancel the authentication challenge when loading the main
@@ -964,6 +965,10 @@ void NetworkJob::purgeCredentials()
 
     purgeCredentials(m_handle->getInternal()->m_hostWebChallenge);
     purgeCredentials(m_handle->getInternal()->m_proxyWebChallenge);
+
+    m_handle->getInternal()->m_currentWebChallenge.nullify();
+    m_handle->getInternal()->m_proxyWebChallenge.nullify();
+    m_handle->getInternal()->m_hostWebChallenge.nullify();
 }
 
 void NetworkJob::purgeCredentials(AuthenticationChallenge& challenge)
@@ -990,11 +995,17 @@ void NetworkJob::purgeCredentials(AuthenticationChallenge& challenge)
         m_handle->getInternal()->m_pass = "";
     }
 
-    CredentialStorage::remove(challenge.protectionSpace());
-    challenge.setStored(false);
+    // Do not compare credential objects with == here, since we don't care about the persistence.
+
+    const Credential& storedCredential = CredentialStorage::get(challenge.protectionSpace());
+    if (storedCredential.user() == purgeUsername && storedCredential.password() == purgePassword) {
+        CredentialStorage::remove(challenge.protectionSpace());
+        challenge.setStored(false);
+    }
 #if ENABLE(BLACKBERRY_CREDENTIAL_PERSIST)
-    if (challenge.proposedCredential() == credentialBackingStore().getLogin(challenge.protectionSpace()))
-        credentialBackingStore().removeLogin(challenge.protectionSpace(), challenge.proposedCredential().user());
+    const Credential& persistedCredential = credentialBackingStore().getLogin(challenge.protectionSpace());
+    if (persistedCredential.user() == purgeUsername && persistedCredential.password() == purgePassword)
+        credentialBackingStore().removeLogin(challenge.protectionSpace(), purgeUsername);
 #endif
 }