Refactor Notification::permission to follow the same code path as Permissions::query

[RupinMittal]

92a17b9

Refactor Notification::permission to follow the same code path as Permissions::query
https://bugs.webkit.org/show_bug.cgi?id=243502

Reviewed by NOBODY (OOPS!).

There are two functions for obtaining the permission state of the Notifications API.
We need to provide support for both to ensure compatibility with web standards. This
patch ensures that they follow the same code path since having two different paths is
unnecessary and hurts maintainability. This code path goes to the UIProcess and then
to the client to get the permission state.

This patch also removes the now uneeded cache in WebNotificationManager that
Notification::permission was relying on and enables the WebProcess cache in
WebPermissionController to be used.

* LayoutTests/http/tests/notifications/service-worker-notification-permission-expected.txt: Added.
* LayoutTests/http/tests/notifications/service-worker-notification-permission.html: Added.
* LayoutTests/http/tests/notifications/service-worker-notification-permission.js: Added.
(self.onmessage):
* LayoutTests/http/tests/push-api/subscribe-deny-permissions-on-prompt-expected.txt:
* LayoutTests/http/tests/push-api/subscribe-deny-permissions-on-prompt.html:
* LayoutTests/platform/mac-wk1/TestExpectations:
* Source/WebCore/Headers.cmake:
* Source/WebCore/Modules/permissions/PermissionController.h:
* Source/WebCore/Modules/permissions/Permissions.cpp:
(WebCore::Permissions::sourceFromContext):
(WebCore::sourceFromContext): Deleted.
* Source/WebCore/Modules/permissions/Permissions.h:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::queryPermission):
(WebKit::WebPageProxy::clearNotificationPermissionState):
* Source/WebKit/UIProcess/WebPermissionControllerProxy.cpp:
(WebKit::WebPermissionControllerProxy::querySync):
* Source/WebKit/UIProcess/WebPermissionControllerProxy.h:
* Source/WebKit/UIProcess/WebPermissionControllerProxy.messages.in:
* Source/WebKit/WebProcess/Notifications/NotificationPermissionRequestManager.cpp:
(WebKit::NotificationPermissionRequestManager::startRequest):
(WebKit::NotificationPermissionRequestManager::permissionLevel): Deleted.
* Source/WebKit/WebProcess/Notifications/NotificationPermissionRequestManager.h:
* Source/WebKit/WebProcess/Notifications/WebNotificationManager.cpp:
(WebKit::WebNotificationManager::initialize):
(WebKit::WebNotificationManager::didUpdateNotificationDecision):
(WebKit::WebNotificationManager::didRemoveNotificationDecisions):
(WebKit::WebNotificationManager::removeAllPermissionsForTesting):
(WebKit::WebNotificationManager::policyForOrigin const): Deleted.
* Source/WebKit/WebProcess/Notifications/WebNotificationManager.h:
* Source/WebKit/WebProcess/WebCoreSupport/WebNotificationClient.cpp:
(WebKit::WebNotificationClient::requestPermission):
(WebKit::WebNotificationClient::checkPermission):
(WebKit::WebNotificationClient::clearNotificationPermissionState): Deleted.
* Source/WebKit/WebProcess/WebCoreSupport/WebNotificationClient.h:
* Source/WebKit/WebProcess/WebCoreSupport/WebPermissionController.cpp:
(WebKit::WebPermissionController::query):
(WebKit::WebPermissionController::querySync):
(WebKit::WebPermissionController::webPageProxyIdentifier):
(WebKit::WebPermissionController::removeEntryFromCache):
(WebKit::WebPermissionController::clearCache):
(WebKit::WebPermissionController::tryProcessingRequests):
* Source/WebKit/WebProcess/WebCoreSupport/WebPermissionController.h:
(isType):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::clearNotificationPermissionState): Deleted.
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
* Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::removeAllWebNotificationPermissions):
* Tools/WebKitTestRunner/TestController.cpp:
(WTR::TestController::removeAllWebNotificationPermissions):
* Tools/WebKitTestRunner/TestController.h:
* Tools/WebKitTestRunner/TestInvocation.cpp:
(WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle):

92a17b9

Misc	iOS, tvOS & watchOS	macOS	Linux	Windows
✅ 🧪 style	✅ 🛠 ios	✅ 🛠 mac	✅ 🛠 wpe	✅ 🛠 🧪 win
✅ 🧪 bindings	✅ 🛠 ios-sim	✅ 🛠 mac-debug	✅ 🛠 gtk	✅ 🛠 wincairo
✅ 🧪 webkitperl	✅ 🧪 ios-wk2	✅ 🛠 mac-AS-debug	✅ 🧪 gtk-wk2
	✅ 🧪 api-ios	✅ 🧪 api-mac	❌ 🧪 api-gtk
	✅ 🛠 tv	✅ 🧪 mac-wk1
	✅ 🛠 tv-sim	✅ 🧪 mac-wk2
	✅ 🛠 watch	✅ 🧪 mac-AS-debug-wk2
	✅ 🛠 watch-sim	✅ 🧪 mac-wk2-stress

[szewai]

I think this needs to be be done after adding Worker support for Permissions API, and is better be done after change event is supported (or making web process able to cache the state to avoid sync messages).

[webkit-early-warning-system]

3c2f221

Misc	iOS, tvOS & watchOS	macOS	Linux	Windows
🧪 style	✅ 🛠 ios	✅ 🛠 mac	✅ 🛠 wpe	🛠 🧪 win
🧪 bindings	🛠 ios-sim	✅ 🛠 mac-debug	✅ 🛠 gtk	🛠 wincairo
✅ 🧪 webkitperl	✅ 🧪 ios-wk2	✅ 🛠 mac-AS-debug	✅ 🧪 gtk-wk2
	✅ 🧪 api-ios	✅ 🧪 api-mac	❌ 🧪 api-gtk
	🛠 tv	✅ 🧪 mac-wk1
🧪 services	✅ 🛠 tv-sim	❌ 🧪 mac-wk2
	🛠 watch	❌ 🧪 mac-AS-debug-wk2	🛠 jsc-mips
	✅ 🛠 watch-sim	✅ 🧪 mac-wk2-stress	🧪 jsc-mips-tests

[webkit-early-warning-system]

EWS run on previous version of this PR (hash 3c2f221)

Misc	iOS, tvOS & watchOS	macOS	Linux	Windows
❌ 🧪 style	❌ 🛠 ios	❌ 🛠 mac	❌ 🛠 wpe	❌ 🛠 🧪 win
❌ 🧪 bindings	❌ 🛠 ios-sim	✅ 🛠 mac-debug	❌ 🛠 gtk	❌ 🛠 wincairo
❌ 🧪 webkitperl	✅ 🧪 ios-wk2	❌ 🛠 mac-AS-debug	✅ 🧪 gtk-wk2
	✅ 🧪 api-ios	✅ 🧪 api-mac	❌ 🧪 api-gtk
	❌ 🛠 tv	✅ 🧪 mac-wk1
	❌ 🛠 tv-sim	❌ 🧪 mac-wk2
	❌ 🛠 watch	❌ 🧪 mac-AS-debug-wk2
	❌ 🛠 watch-sim	✅ 🧪 mac-wk2-stress

[webkit-early-warning-system]

7e0bfbe

Misc	iOS, tvOS & watchOS	macOS	Linux	Windows
🧪 style	⏳ 🛠 ios	⏳ 🛠 mac	🛠 wpe	🛠 🧪 win
⏳ 🧪 bindings	🛠 ios-sim	⏳ 🛠 mac-debug	⏳ 🛠 gtk	🛠 wincairo
⏳ 🧪 webkitperl	🧪 ios-wk2	⏳ 🛠 mac-AS-debug	⏳ 🧪 gtk-wk2
	🧪 api-ios	⏳ 🧪 api-mac	⏳ 🧪 api-gtk
🛠 🧪 jsc	⏳ 🛠 tv	⏳ 🧪 mac-wk1	⏳ 🛠 jsc-armv7
🧪 services	⏳ 🛠 tv-sim	⏳ 🧪 mac-wk2	⏳ 🧪 jsc-armv7-tests
	⏳ 🛠 watch	⏳ 🧪 mac-AS-debug-wk2	⏳ 🛠 jsc-mips
	⏳ 🛠 watch-sim	⏳ 🧪 mac-wk2-stress	⏳ 🧪 jsc-mips-tests

[webkit-early-warning-system]

EWS run on previous version of this PR (hash 7e0bfbe)

Misc	iOS, tvOS & watchOS	macOS	Linux	Windows
✅ 🧪 style	✅ 🛠 ios	✅ 🛠 mac	✅ 🛠 wpe
	✅ 🛠 ios-sim	✅ 🛠 mac-debug	✅ 🛠 gtk	✅ 🛠 wincairo
✅ 🧪 webkitperl	✅ 🧪 ios-wk2	✅ 🛠 mac-AS-debug	✅ 🧪 gtk-wk2
	✅ 🧪 api-ios	✅ 🧪 api-mac	❌ 🧪 api-gtk
✅ 🛠 🧪 jsc	✅ 🛠 tv	❌ 🧪 mac-wk1	✅ 🛠 jsc-armv7
	✅ 🛠 tv-sim	❌ 🧪 mac-wk2	✅ 🧪 jsc-armv7-tests
	✅ 🛠 watch	❌ 🧪 mac-AS-debug-wk2	✅ 🛠 jsc-mips
	✅ 🛠 watch-sim	✅ 🧪 mac-wk2-stress	✅ 🧪 jsc-mips-tests

[szewai]

Test failure looks relevant, please fix them

[webkit-early-warning-system]

92a17b9

Misc	iOS, tvOS & watchOS	macOS	Linux	Windows
✅ 🧪 style	🛠 ios	⏳ 🛠 mac	⏳ 🛠 wpe	⏳ 🛠 🧪 win
🧪 bindings	⏳ 🛠 ios-sim	⏳ 🛠 mac-debug	⏳ 🛠 gtk	⏳ 🛠 wincairo
✅ 🧪 webkitperl	⏳ 🧪 ios-wk2	⏳ 🛠 mac-AS-debug	⏳ 🧪 gtk-wk2
	⏳ 🧪 api-ios	⏳ 🧪 api-mac	⏳ 🧪 api-gtk
⏳ 🛠 🧪 jsc	⏳ 🛠 tv	⏳ 🧪 mac-wk1	⏳ 🛠 jsc-armv7
🧪 services	⏳ 🛠 tv-sim	⏳ 🧪 mac-wk2	⏳ 🧪 jsc-armv7-tests
	⏳ 🛠 watch	⏳ 🧪 mac-AS-debug-wk2	⏳ 🛠 jsc-mips
	⏳ 🛠 watch-sim	⏳ 🧪 mac-wk2-stress	⏳ 🧪 jsc-mips-tests

[webkit-early-warning-system]

EWS run on previous version of this PR (hash 07ac0dc)

Misc	iOS, tvOS & watchOS	macOS	Linux	Windows
❌ 🧪 style	❌ 🛠 ios	⏳ 🛠 mac	⏳ 🛠 wpe	❌ 🛠 🧪 win
❌ 🧪 bindings	❌ 🛠 ios-sim	⏳ 🛠 mac-debug	⏳ 🛠 gtk	⏳ 🛠 wincairo
❌ 🧪 webkitperl	❌ 🧪 ios-wk2	⏳ 🛠 mac-AS-debug	⏳ 🧪 gtk-wk2
	❌ 🧪 api-ios	⏳ 🧪 api-mac	⏳ 🧪 api-gtk
⏳ 🛠 🧪 jsc	⏳ 🛠 tv	⏳ 🧪 mac-wk1	⏳ 🛠 jsc-armv7
⏳ 🧪 services	❌ 🛠 tv-sim	⏳ 🧪 mac-wk2	⏳ 🧪 jsc-armv7-tests
	❌ 🛠 watch	⏳ 🧪 mac-AS-debug-wk2
	⏳ 🛠 watch-sim	⏳ 🧪 mac-wk2-stress

[webkit-early-warning-system]

92a17b9

Misc	iOS, tvOS & watchOS	macOS	Linux	Windows
✅ 🧪 style	✅ 🛠 ios	✅ 🛠 mac	✅ 🛠 wpe	✅ 🛠 🧪 win
✅ 🧪 bindings	✅ 🛠 ios-sim	✅ 🛠 mac-debug	✅ 🛠 gtk	✅ 🛠 wincairo
✅ 🧪 webkitperl	✅ 🧪 ios-wk2	✅ 🛠 mac-AS-debug	✅ 🧪 gtk-wk2
	✅ 🧪 api-ios	✅ 🧪 api-mac	❌ 🧪 api-gtk
	✅ 🛠 tv	✅ 🧪 mac-wk1
	✅ 🛠 tv-sim	✅ 🧪 mac-wk2
	✅ 🛠 watch	✅ 🧪 mac-AS-debug-wk2
	✅ 🛠 watch-sim	✅ 🧪 mac-wk2-stress

[szewai]

Can you explain in commit message that why this change is needed? It's not clear to me why pushManager would return different results after this patch

[RupinMittal]

WebNotificationClient::checkPermission (and thus, Notification::permission) used to get the permission state from a cache in WebNotificationManager. This cache did not get updated by calling TestController::denyNotificationPermissionOnPrompt and then WebNotificationClient::requestPermission (which is what happens in this test). So when request2 occurred, WebNotificationClient::checkPermission would return default, then fail the transient activation check and reject the promise with a "user gesture" error.

This patch removes this cache and refactors WebNotificationClient::checkPermission (and thus, Notification::permission) to get the permission state from the client (which is TestController in the case of this test). The cache in TestController that stores the permissions state does get updated by calling TestController::denyNotificationPermissionOnPrompt and then WebNotificationClient::requestPermission. So now, when request2 occurs, WebNotificationClient::checkPermission returns denied and rejects the promise with a "user denied push permission" error before reaching the transient activation check.

I spoke with @bnham about this and learned that the point of this layout test is to check that given a user gesture, the first call to PushManager::subscribe would consume the transient activation and that the second call would not have a transient activation. Due to the change described above, this check on the second call was being circumvented. We can ensure that this check occurs by altering the test the way I did in this patch.

You're right, the reason for change is not clear just by looking at the test, so I'll update the commit message with the above explanation once the bots finish and I make any other suggested changes.

[szewai]

From what's described above, It seems the right thing is to update WebKitTestRunner, making it cache the request result like a real client would do, instead of changing the test, since you don't intend to change the tested behavior (that first subscribe request fails due to user activation and second fails due to permission request).

Our current design for permissions is that each query and request goes to client, which means client is responsible to cache the result if needed.
Specifically, you might call setPermission on WebNotificationProvider in TestController::decidePolicyForNotificationPermissionRequest. (to simulate user denies the prompt and browser remembers the choice).

[RupinMittal]

I believe WebKitTestRunner already caches the result. TestController::decidePolicyForNotificationPermissionRequest. already calls setPermission on WebNotificationProvider. denyOnPrompt means that if you request/prompt for permission, the state will be set to denied. The test was expecting that after denyOnPrompt is called, then first request does a prompt, the second request will get that the permission state is default? But that doesn't seem to make sense. The permission state should be denied, no? The reason that the test was passing before this patch was because it was relying on the fact that WebKitTestRunner wasn't updating the cache in WebNotificationManager. Now that this cache is gone, and checkPermission actually goes to the client, and testRunner returns the result based on its cache in WebNotificationProvider, the second request correctly gets back that the permission state is denied.

[szewai]

Why this change? I thought we only want one implementation for both APIs, i.e. we will only use queryPermission to pull notification's permission.
This makes the cache dependent on WKNotificationManager: e.g. if client implements queryPermission but not WKNotificationManager, the result will be wrong (because cache will not be updated).

[RupinMittal]

This patch contains other code changes that ensure that calling queryPermission will also update the cache (if the permission state being queried is the state of the Notifications API.

The reason for this change was that in a previous version of this patch, the EWS bots detected a API test failure on GTK. The failure was that Notification::permission was incorrectly returning "default" instead of "granted". It turns out that the test client did not implement queryPermission and the test had been succeeding because of the cache in WebNotificationManager. Since this patch removes that cache and refactors Notification::permission to use queryPermission, the result was coming back as default. There were two options to fix this:

1. Implement queryPermission in the GTK test client
2. Make the not-working WebProcess cache in WebPermissionController work for notifications.

The second option seemed easier and more beneficial since we'll have to do this for the on change event later on anyways. I wasn't sure how to test if this will fix the API test since it was a GTK failure, so I guess we'll have to wait for the bots to check. :(

[szewai]

This patch contains other code changes that ensure that calling queryPermission will also update the cache (if the permission state being queried is the state of the Notifications API.

Let's say client implements queryPermission but not WKNotificationManager, and user sets allowed notification (e.g. in per-site settings in Safari) for a site.
For the first permission::query, client returns allowed, and WebPermissionController caches the result. Then user decides to change the setting to denied (no longer wants to receive notification from the site), and tells WebKit client. For the second permission query, what would be returned with your patch?

IIUC, before this patch, notification.permission relies on WKNotificationManager and permission.query relies on queryPermission. After this patch, both rely on either WKNotificationManager or queryPermission + WKNotificationManager, which does not seem like a progress to me.

The second option seemed easier and more beneficial since we'll have to do this for the on change event later on anyways.

The reason we implement this before change event is because we think this change would work on its own. If this change relies on cache to work, then I think we should implement change event first, since the cache might not be in this form (an origin-to-permission map). You can imagine having WebPermissionController track PermissionStatus (or PermissionObserver) objects which hold the state, then you will need to revamp the cache.

[cdumez]

Same comment, your ClientOrigin seems wrong.

[cdumez]

Again, bad ClientOrigin.

[cdumez]

Also bad.

[cdumez]

Well, this seems wrong isn't it? We used to clear only notification permissions, now we clear ALL permissions?

[RupinMittal]

Yeah, this is a mistake. I'll fix this in the next upload of the patch.

[cdumez]

m_page is a main thread object and is thus not safe to access off the main thread like you're doing here.

[cdumez]

Seems like we should have a helper function to convert one enum type to the other.

[cdumez]

How could this possibly be correct? You're doing zero type validation?

[cdumez]

The difference in behavior here is worrisome. This is meant to be a refactoring that maintain pre-existing behavior. Mixing behavior changes and refactoring in the same patch is usually a recipe for having a bad time later.