Skip to content
Permalink
Browse files
[Curl] Load HTTP body of 401 response when AuthenticationChange is ca…
…ncelled.

https://bugs.webkit.org/show_bug.cgi?id=191652

Patch by Takashi Komori <Takashi.Komori@sony.com> on 2019-02-26
Reviewed by Alex Christensen.

Source/WebKit:

Test: http/tests/security/401-logout/401-logout.php

* NetworkProcess/curl/NetworkDataTaskCurl.cpp:
(WebKit::NetworkDataTaskCurl::tryHttpAuthentication):
(WebKit::NetworkDataTaskCurl::tryProxyAuthentication):
* NetworkProcess/curl/NetworkDataTaskCurl.h:

Tools:

Fix WinCairo MiniBrowser behavior of authentication dialog.

* MiniBrowser/win/WebKitBrowserWindow.cpp:
(WebKitBrowserWindow::didReceiveAuthenticationChallenge):

LayoutTests:

Added appropriate expected results for WebKit/WebKitLegacy of WinCairo port.

* platform/wincairo-wk1/http/tests/security/401-logout/401-logout-expected.txt: Added.
* platform/wincairo/TestExpectations:
* platform/wincairo/http/tests/security/401-logout/401-logout-expected.txt: Added.

Canonical link: https://commits.webkit.org/209414@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242092 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
Takashi Komori authored and webkit-commit-queue committed Feb 26, 2019
1 parent 3d8fa57 commit e95186d0c8b085b1c0e7a0806bef0344de7b5290
Showing 9 changed files with 51 additions and 14 deletions.
@@ -1,3 +1,16 @@
2019-02-26 Takashi Komori <Takashi.Komori@sony.com>

[Curl] Load HTTP body of 401 response when AuthenticationChange is cancelled.
https://bugs.webkit.org/show_bug.cgi?id=191652

Reviewed by Alex Christensen.

Added appropriate expected results for WebKit/WebKitLegacy of WinCairo port.

* platform/wincairo-wk1/http/tests/security/401-logout/401-logout-expected.txt: Added.
* platform/wincairo/TestExpectations:
* platform/wincairo/http/tests/security/401-logout/401-logout-expected.txt: Added.

2019-02-26 Frederic Wang <fwang@igalia.com>

Split tests programmatic-scroll-iframe and scroll-iframe
@@ -0,0 +1,3 @@
http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username - didReceiveAuthenticationChallenge - Responding with username:password
http://127.0.0.1:8000/security/401-logout/401-logout.php?uid=username&logout=1 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
PASS
@@ -930,7 +930,10 @@ http/tests/pointer-lock [ Skip ]
http/tests/preconnect [ Skip ]
http/tests/preload [ Skip ]
http/tests/quicklook [ Skip ]

http/tests/security [ Skip ]
http/tests/security/401-logout/401-logout.php [ Pass ]

http/tests/ssl [ Skip ]

[ Debug ] http/tests/storage/callbacks-are-called-in-correct-context.html [ Skip ]
@@ -0,0 +1,3 @@
127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password
127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
PASS
@@ -1,3 +1,17 @@
2019-02-26 Takashi Komori <Takashi.Komori@sony.com>

[Curl] Load HTTP body of 401 response when AuthenticationChange is cancelled.
https://bugs.webkit.org/show_bug.cgi?id=191652

Reviewed by Alex Christensen.

Test: http/tests/security/401-logout/401-logout.php

* NetworkProcess/curl/NetworkDataTaskCurl.cpp:
(WebKit::NetworkDataTaskCurl::tryHttpAuthentication):
(WebKit::NetworkDataTaskCurl::tryProxyAuthentication):
* NetworkProcess/curl/NetworkDataTaskCurl.h:

2019-02-26 Youenn Fablet <youenn@apple.com>

WebPageProxy should nullify m_userMediaPermissionRequestManager after resetting the media state
@@ -359,13 +359,7 @@ void NetworkDataTaskCurl::tryHttpAuthentication(AuthenticationChallenge&& challe
return;
}

if (disposition == AuthenticationChallengeDisposition::UseCredential && (!credential.isEmpty() || !m_didChallengeEmptyCredentialForAuth)) {
// When "isAllowedToAskUserForCredentials" is false, an empty credential, which might cause
// an infinite authentication loop. To avoid such infinite loop, a HTTP authentication with empty
// user and password is processed only once.
if (credential.isEmpty())
m_didChallengeEmptyCredentialForAuth = true;

if (disposition == AuthenticationChallengeDisposition::UseCredential && !credential.isEmpty()) {
if (m_storedCredentialsPolicy == StoredCredentialsPolicy::Use) {
if (credential.persistence() == CredentialPersistenceForSession || credential.persistence() == CredentialPersistencePermanent)
m_session->networkStorageSession().credentialStorage().set(m_partition, credential, challenge.protectionSpace(), challenge.failureResponse().url());
@@ -391,10 +385,7 @@ void NetworkDataTaskCurl::tryProxyAuthentication(WebCore::AuthenticationChalleng
return;
}

if (disposition == AuthenticationChallengeDisposition::UseCredential && (!credential.isEmpty() || !m_didChallengeEmptyCredentialForProxyAuth)) {
if (credential.isEmpty())
m_didChallengeEmptyCredentialForProxyAuth = true;

if (disposition == AuthenticationChallengeDisposition::UseCredential && !credential.isEmpty()) {
CurlContext::singleton().setProxyUserPass(credential.user(), credential.password());
CurlContext::singleton().setDefaultProxyAuthMethod();

@@ -87,8 +87,6 @@ class NetworkDataTaskCurl final : public NetworkDataTask, public WebCore::CurlRe
WebCore::ResourceResponse m_response;
unsigned m_redirectCount { 0 };
unsigned m_authFailureCount { 0 };
bool m_didChallengeEmptyCredentialForAuth { false };
bool m_didChallengeEmptyCredentialForProxyAuth { false };
MonotonicTime m_startTime;
};

@@ -1,3 +1,15 @@
2019-02-26 Takashi Komori <Takashi.Komori@sony.com>

[Curl] Load HTTP body of 401 response when AuthenticationChange is cancelled.
https://bugs.webkit.org/show_bug.cgi?id=191652

Reviewed by Alex Christensen.

Fix WinCairo MiniBrowser behavior of authentication dialog.

* MiniBrowser/win/WebKitBrowserWindow.cpp:
(WebKitBrowserWindow::didReceiveAuthenticationChallenge):

2019-02-26 Youenn Fablet <youenn@apple.com>

WebPageProxy should nullify m_userMediaPermissionRequestManager after resetting the media state
@@ -289,5 +289,5 @@ void WebKitBrowserWindow::didReceiveAuthenticationChallenge(WKPageRef page, WKAu
return;
}

WKAuthenticationDecisionListenerCancel(decisionListener);
WKAuthenticationDecisionListenerUseCredential(decisionListener, nullptr);
}

0 comments on commit e95186d

Please sign in to comment.