<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[150147] trunk/Source/WebCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/150147">150147</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2013-05-15 14:23:52 -0700 (Wed, 15 May 2013)</dd>
</dl>

<h3>Log Message</h3>
<pre>[BlackBerry] When HTTP auth fails, only purge credentials that match the failed credentials
https://bugs.webkit.org/show_bug.cgi?id=116164

Patch by Joe Mason &lt;jmason@blackberry.com&gt; on 2013-05-15
Reviewed by Rob Buis.

Internal PR: 338490
Internally Reviewed By: Lyon Chen

When there are multiple HTTP requests in flight with the same bad credentials (common with
proxy auth if the user mistyped their password), the first 407 that's received will cause
the credentials to be purged and the password dialog to open for new credentials. This means
that all 407's received after this should only purge the credentials if they have not
already been updated from the dialog; otherwise they will be wiping out credentials that
haven't failed yet.

* platform/network/blackberry/NetworkJob.cpp:
(WebCore::NetworkJob::sendRequestWithCredentials):
(WebCore::NetworkJob::purgeCredentials):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkblackberryNetworkJobcpp">trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (150146 => 150147)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog        2013-05-15 21:17:24 UTC (rev 150146)
+++ trunk/Source/WebCore/ChangeLog        2013-05-15 21:23:52 UTC (rev 150147)
</span><span class="lines">@@ -1,3 +1,24 @@
</span><ins>+2013-05-15  Joe Mason  &lt;jmason@blackberry.com&gt;
+
+        [BlackBerry] When HTTP auth fails, only purge credentials that match the failed credentials
+        https://bugs.webkit.org/show_bug.cgi?id=116164
+
+        Reviewed by Rob Buis.
+
+        Internal PR: 338490
+        Internally Reviewed By: Lyon Chen
+
+        When there are multiple HTTP requests in flight with the same bad credentials (common with
+        proxy auth if the user mistyped their password), the first 407 that's received will cause
+        the credentials to be purged and the password dialog to open for new credentials. This means
+        that all 407's received after this should only purge the credentials if they have not
+        already been updated from the dialog; otherwise they will be wiping out credentials that
+        haven't failed yet.
+
+        * platform/network/blackberry/NetworkJob.cpp:
+        (WebCore::NetworkJob::sendRequestWithCredentials):
+        (WebCore::NetworkJob::purgeCredentials):
+
</ins><span class="cx"> 2013-05-15  Chris Fleizach  &lt;cfleizach@apple.com&gt;
</span><span class="cx"> 
</span><span class="cx">         AX: Use caching when requesting children object on iOS
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkblackberryNetworkJobcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp (150146 => 150147)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp        2013-05-15 21:17:24 UTC (rev 150146)
+++ trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp        2013-05-15 21:23:52 UTC (rev 150147)
</span><span class="lines">@@ -862,6 +862,7 @@
</span><span class="cx">         challenge.setStored(true);
</span><span class="cx">         updateCurrentWebChallenge(challenge);
</span><span class="cx">     } else {
</span><ins>+        ASSERT(credential.isEmpty());
</ins><span class="cx">         if (m_handle-&gt;firstRequest().targetType() == ResourceRequest::TargetIsFavicon) {
</span><span class="cx">             // The favicon loading is triggerred after the main resource has been loaded
</span><span class="cx">             // and parsed, so if we cancel the authentication challenge when loading the main
</span><span class="lines">@@ -964,6 +965,10 @@
</span><span class="cx"> 
</span><span class="cx">     purgeCredentials(m_handle-&gt;getInternal()-&gt;m_hostWebChallenge);
</span><span class="cx">     purgeCredentials(m_handle-&gt;getInternal()-&gt;m_proxyWebChallenge);
</span><ins>+
+    m_handle-&gt;getInternal()-&gt;m_currentWebChallenge.nullify();
+    m_handle-&gt;getInternal()-&gt;m_proxyWebChallenge.nullify();
+    m_handle-&gt;getInternal()-&gt;m_hostWebChallenge.nullify();
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void NetworkJob::purgeCredentials(AuthenticationChallenge&amp; challenge)
</span><span class="lines">@@ -990,11 +995,17 @@
</span><span class="cx">         m_handle-&gt;getInternal()-&gt;m_pass = &quot;&quot;;
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    CredentialStorage::remove(challenge.protectionSpace());
-    challenge.setStored(false);
</del><ins>+    // Do not compare credential objects with == here, since we don't care about the persistence.
+
+    const Credential&amp; storedCredential = CredentialStorage::get(challenge.protectionSpace());
+    if (storedCredential.user() == purgeUsername &amp;&amp; storedCredential.password() == purgePassword) {
+        CredentialStorage::remove(challenge.protectionSpace());
+        challenge.setStored(false);
+    }
</ins><span class="cx"> #if ENABLE(BLACKBERRY_CREDENTIAL_PERSIST)
</span><del>-    if (challenge.proposedCredential() == credentialBackingStore().getLogin(challenge.protectionSpace()))
-        credentialBackingStore().removeLogin(challenge.protectionSpace(), challenge.proposedCredential().user());
</del><ins>+    const Credential&amp; persistedCredential = credentialBackingStore().getLogin(challenge.protectionSpace());
+    if (persistedCredential.user() == purgeUsername &amp;&amp; persistedCredential.password() == purgePassword)
+        credentialBackingStore().removeLogin(challenge.protectionSpace(), purgeUsername);
</ins><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre>
</div>
</div>

</body>
</html>