HTTP Auth cached after disabling private browsing/reset.
[WebKit-https.git] / Source / WebCore / platform / network / CredentialStorage.cpp
1 /*
2  * Copyright (C) 2009 Apple Inc. All Rights Reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "CredentialStorage.h"
28
29 #include "NetworkStorageSession.h"
30 #include "URL.h"
31 #include <wtf/NeverDestroyed.h>
32
33 #if PLATFORM(IOS)
34 #include "WebCoreThread.h"
35 #endif
36
37 namespace WebCore {
38
39 CredentialStorage& CredentialStorage::defaultCredentialStorage()
40 {
41     return NetworkStorageSession::defaultStorageSession().credentialStorage();
42 }
43
44 static String originStringFromURL(const URL& url)
45 {
46     if (url.port())
47         return url.protocol() + "://" + url.host() + ':' + String::number(url.port()) + '/';
48
49     return url.protocol() + "://" + url.host() + '/';
50 }
51
52 static String protectionSpaceMapKeyFromURL(const URL& url)
53 {
54     ASSERT(url.isValid());
55
56     // Remove the last path component that is not a directory to determine the subtree for which credentials will apply.
57     // We keep a leading slash, but remove a trailing one.
58     String directoryURL = url.string().substring(0, url.pathEnd());
59     unsigned directoryURLPathStart = url.pathStart();
60     ASSERT(directoryURL[directoryURLPathStart] == '/');
61     if (directoryURL.length() > directoryURLPathStart + 1) {
62         size_t index = directoryURL.reverseFind('/');
63         ASSERT(index != notFound);
64         directoryURL = directoryURL.substring(0, (index != directoryURLPathStart) ? index : directoryURLPathStart + 1);
65     }
66
67     return directoryURL;
68 }
69
70 void CredentialStorage::set(const Credential& credential, const ProtectionSpace& protectionSpace, const URL& url)
71 {
72     ASSERT(protectionSpace.isProxy() || protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested || url.protocolIsInHTTPFamily());
73     ASSERT(protectionSpace.isProxy() || protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested || url.isValid());
74
75     m_protectionSpaceToCredentialMap.set(protectionSpace, credential);
76
77 #if PLATFORM(IOS)
78     if (protectionSpace.authenticationScheme() != ProtectionSpaceAuthenticationSchemeClientCertificateRequested)
79         saveToPersistentStorage(protectionSpace, credential);
80 #endif
81
82     if (!protectionSpace.isProxy() && protectionSpace.authenticationScheme() != ProtectionSpaceAuthenticationSchemeClientCertificateRequested) {
83         m_originsWithCredentials.add(originStringFromURL(url));
84
85         ProtectionSpaceAuthenticationScheme scheme = protectionSpace.authenticationScheme();
86         if (scheme == ProtectionSpaceAuthenticationSchemeHTTPBasic || scheme == ProtectionSpaceAuthenticationSchemeDefault) {
87             // The map can contain both a path and its subpath - while redundant, this makes lookups faster.
88             m_pathToDefaultProtectionSpaceMap.set(protectionSpaceMapKeyFromURL(url), protectionSpace);
89         }
90     }
91 }
92
93 Credential CredentialStorage::get(const ProtectionSpace& protectionSpace)
94 {
95     return m_protectionSpaceToCredentialMap.get(protectionSpace);
96 }
97
98 void CredentialStorage::remove(const ProtectionSpace& protectionSpace)
99 {
100     m_protectionSpaceToCredentialMap.remove(protectionSpace);
101 }
102
103 HashMap<String, ProtectionSpace>::iterator CredentialStorage::findDefaultProtectionSpaceForURL(const URL& url)
104 {
105     ASSERT(url.protocolIsInHTTPFamily());
106     ASSERT(url.isValid());
107
108     // Don't spend time iterating the path for origins that don't have any credentials.
109     if (!m_originsWithCredentials.contains(originStringFromURL(url)))
110         return m_pathToDefaultProtectionSpaceMap.end();
111
112     String directoryURL = protectionSpaceMapKeyFromURL(url);
113     unsigned directoryURLPathStart = url.pathStart();
114     while (true) {
115         PathToDefaultProtectionSpaceMap::iterator iter = m_pathToDefaultProtectionSpaceMap.find(directoryURL);
116         if (iter != m_pathToDefaultProtectionSpaceMap.end())
117             return iter;
118
119         if (directoryURL.length() == directoryURLPathStart + 1)  // path is "/" already, cannot shorten it any more
120             return m_pathToDefaultProtectionSpaceMap.end();
121
122         size_t index = directoryURL.reverseFind('/', directoryURL.length() - 2);
123         ASSERT(index != notFound);
124         directoryURL = directoryURL.substring(0, (index == directoryURLPathStart) ? index + 1 : index);
125         ASSERT(directoryURL.length() > directoryURLPathStart);
126         ASSERT(directoryURL.length() == directoryURLPathStart + 1 || directoryURL[directoryURL.length() - 1] != '/');
127     }
128 }
129
130 bool CredentialStorage::set(const Credential& credential, const URL& url)
131 {
132     ASSERT(url.protocolIsInHTTPFamily());
133     ASSERT(url.isValid());
134     PathToDefaultProtectionSpaceMap::iterator iter = findDefaultProtectionSpaceForURL(url);
135     if (iter == m_pathToDefaultProtectionSpaceMap.end())
136         return false;
137     ASSERT(m_originsWithCredentials.contains(originStringFromURL(url)));
138     m_protectionSpaceToCredentialMap.set(iter->value, credential);
139     return true;
140 }
141
142 Credential CredentialStorage::get(const URL& url)
143 {
144     PathToDefaultProtectionSpaceMap::iterator iter = findDefaultProtectionSpaceForURL(url);
145     if (iter == m_pathToDefaultProtectionSpaceMap.end())
146         return Credential();
147     return m_protectionSpaceToCredentialMap.get(iter->value);
148 }
149
150 void CredentialStorage::clearCredentials()
151 {
152     m_protectionSpaceToCredentialMap.clear();
153     m_originsWithCredentials.clear();
154     m_pathToDefaultProtectionSpaceMap.clear();
155 }
156
157 } // namespace WebCore