[Curl] Load HTTP body of 401 response when AuthenticationChange is ca…

…ncelled. https://bugs.webkit.org/show_bug.cgi?id=191652 Patch by Takashi Komori <Takashi.Komori@sony.com> on 2019-02-26 Reviewed by Alex Christensen. Source/WebKit: Test: http/tests/security/401-logout/401-logout.php * NetworkProcess/curl/NetworkDataTaskCurl.cpp: (WebKit::NetworkDataTaskCurl::tryHttpAuthentication): (WebKit::NetworkDataTaskCurl::tryProxyAuthentication): * NetworkProcess/curl/NetworkDataTaskCurl.h: Tools: Fix WinCairo MiniBrowser behavior of authentication dialog. * MiniBrowser/win/WebKitBrowserWindow.cpp: (WebKitBrowserWindow::didReceiveAuthenticationChallenge): LayoutTests: Added appropriate expected results for WebKit/WebKitLegacy of WinCairo port. * platform/wincairo-wk1/http/tests/security/401-logout/401-logout-expected.txt: Added. * platform/wincairo/TestExpectations: * platform/wincairo/http/tests/security/401-logout/401-logout-expected.txt: Added. Canonical link: https://commits.webkit.org/209414@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242092 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Feb 26, 2019 · e95186d0c8b085b1c0e7a0806bef0344de7b5290 · e95186d
1 parent 3d8fa57
commit e95186d0c8b085b1c0e7a0806bef0344de7b5290
Showing 9 changed files with 51 additions and 14 deletions.
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
@@ -1,3 +1,16 @@
+2019-02-26  Takashi Komori  <Takashi.Komori@sony.com>
+
+        [Curl] Load HTTP body of 401 response when AuthenticationChange is cancelled.
+        https://bugs.webkit.org/show_bug.cgi?id=191652
+
+        Reviewed by Alex Christensen.
+
+        Added appropriate expected results for WebKit/WebKitLegacy of WinCairo port.
+
+        * platform/wincairo-wk1/http/tests/security/401-logout/401-logout-expected.txt: Added.
+        * platform/wincairo/TestExpectations:
+        * platform/wincairo/http/tests/security/401-logout/401-logout-expected.txt: Added.
+
 2019-02-26  Frederic Wang  <fwang@igalia.com>
 
         Split tests programmatic-scroll-iframe and scroll-iframe

diff --git a/LayoutTests/platform/wincairo-wk1/http/tests/security/401-logout/401-logout-expected.txt b/LayoutTests/platform/wincairo-wk1/http/tests/security/401-logout/401-logout-expected.txt
@@ -0,0 +1,3 @@
+http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username - didReceiveAuthenticationChallenge - Responding with username:password
+http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username&logout=1 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+PASS
diff --git a/LayoutTests/platform/wincairo/TestExpectations b/LayoutTests/platform/wincairo/TestExpectations
@@ -930,7 +930,10 @@ http/tests/pointer-lock [ Skip ]
 http/tests/preconnect [ Skip ]
 http/tests/preload [ Skip ]
 http/tests/quicklook [ Skip ]
+
 http/tests/security [ Skip ]
+http/tests/security/401-logout/401-logout.php [ Pass ]
+
 http/tests/ssl [ Skip ]
 
 [ Debug ] http/tests/storage/callbacks-are-called-in-correct-context.html [ Skip ]

diff --git a/LayoutTests/platform/wincairo/http/tests/security/401-logout/401-logout-expected.txt b/LayoutTests/platform/wincairo/http/tests/security/401-logout/401-logout-expected.txt
@@ -0,0 +1,3 @@
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
+PASS
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
@@ -1,3 +1,17 @@
+2019-02-26  Takashi Komori  <Takashi.Komori@sony.com>
+
+        [Curl] Load HTTP body of 401 response when AuthenticationChange is cancelled.
+        https://bugs.webkit.org/show_bug.cgi?id=191652
+
+        Reviewed by Alex Christensen.
+
+        Test: http/tests/security/401-logout/401-logout.php
+
+        * NetworkProcess/curl/NetworkDataTaskCurl.cpp:
+        (WebKit::NetworkDataTaskCurl::tryHttpAuthentication):
+        (WebKit::NetworkDataTaskCurl::tryProxyAuthentication):
+        * NetworkProcess/curl/NetworkDataTaskCurl.h:
+
 2019-02-26  Youenn Fablet  <youenn@apple.com>
 
         WebPageProxy should nullify m_userMediaPermissionRequestManager after resetting the media state

diff --git a/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp b/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp
@@ -359,13 +359,7 @@ void NetworkDataTaskCurl::tryHttpAuthentication(AuthenticationChallenge&& challe
             return;
         }
 
-        if (disposition == AuthenticationChallengeDisposition::UseCredential && (!credential.isEmpty() || !m_didChallengeEmptyCredentialForAuth)) {
-            // When "isAllowedToAskUserForCredentials" is false, an empty credential, which might cause
-            // an infinite authentication loop. To avoid such infinite loop, a HTTP authentication with empty
-            // user and password is processed only once.
-            if (credential.isEmpty())
-                m_didChallengeEmptyCredentialForAuth = true;
-
+        if (disposition == AuthenticationChallengeDisposition::UseCredential && !credential.isEmpty()) {
             if (m_storedCredentialsPolicy == StoredCredentialsPolicy::Use) {
                 if (credential.persistence() == CredentialPersistenceForSession || credential.persistence() == CredentialPersistencePermanent)
                     m_session->networkStorageSession().credentialStorage().set(m_partition, credential, challenge.protectionSpace(), challenge.failureResponse().url());
@@ -391,10 +385,7 @@ void NetworkDataTaskCurl::tryProxyAuthentication(WebCore::AuthenticationChalleng
             return;
         }
 
-        if (disposition == AuthenticationChallengeDisposition::UseCredential && (!credential.isEmpty() || !m_didChallengeEmptyCredentialForProxyAuth)) {
-            if (credential.isEmpty())
-                m_didChallengeEmptyCredentialForProxyAuth = true;
-
+        if (disposition == AuthenticationChallengeDisposition::UseCredential && !credential.isEmpty()) {
             CurlContext::singleton().setProxyUserPass(credential.user(), credential.password());
             CurlContext::singleton().setDefaultProxyAuthMethod();
 

diff --git a/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h b/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h
@@ -87,8 +87,6 @@ class NetworkDataTaskCurl final : public NetworkDataTask, public WebCore::CurlRe
     WebCore::ResourceResponse m_response;
     unsigned m_redirectCount { 0 };
     unsigned m_authFailureCount { 0 };
-    bool m_didChallengeEmptyCredentialForAuth { false };
-    bool m_didChallengeEmptyCredentialForProxyAuth { false };
     MonotonicTime m_startTime;
 };
 

diff --git a/Tools/ChangeLog b/Tools/ChangeLog
@@ -1,3 +1,15 @@
+2019-02-26  Takashi Komori  <Takashi.Komori@sony.com>
+
+        [Curl] Load HTTP body of 401 response when AuthenticationChange is cancelled.
+        https://bugs.webkit.org/show_bug.cgi?id=191652
+
+        Reviewed by Alex Christensen.
+
+        Fix WinCairo MiniBrowser behavior of authentication dialog.
+
+        * MiniBrowser/win/WebKitBrowserWindow.cpp:
+        (WebKitBrowserWindow::didReceiveAuthenticationChallenge):
+
 2019-02-26  Youenn Fablet  <youenn@apple.com>
 
         WebPageProxy should nullify m_userMediaPermissionRequestManager after resetting the media state

diff --git a/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp b/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp
@@ -289,5 +289,5 @@ void WebKitBrowserWindow::didReceiveAuthenticationChallenge(WKPageRef page, WKAu
         return;
     }
 
-    WKAuthenticationDecisionListenerCancel(decisionListener);
+    WKAuthenticationDecisionListenerUseCredential(decisionListener, nullptr);
 }