Reviewed by Darin Adler.
authorap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 12 Jul 2010 16:57:21 +0000 (16:57 +0000)
committerap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 12 Jul 2010 16:57:21 +0000 (16:57 +0000)
        https://bugs.webkit.org/show_bug.cgi?id=13075
        XMLHttpRequest with failed authentication should set status to 401

        https://bugs.webkit.org/show_bug.cgi?id=6871
        <rdar://problem/3363403> 401 error page is never shown

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@63095 268f45cc-cd09-0410-ab3c-d52691b4dbfc

13 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/misc/401-alternative-content-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/misc/401-alternative-content.php [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/failed-auth-expected.txt
LayoutTests/http/tests/xmlhttprequest/failed-auth.html
WebCore/ChangeLog
WebCore/platform/network/cf/ResourceHandleCFNet.cpp
WebCore/platform/network/mac/ResourceHandleMac.mm
WebKit/mac/ChangeLog
WebKit/mac/Panels/WebPanelAuthenticationHandler.m
WebKitTools/ChangeLog
WebKitTools/DumpRenderTree/mac/ResourceLoadDelegate.mm
WebKitTools/DumpRenderTree/win/ResourceLoadDelegate.cpp

index 5170c8d..aaf63f3 100644 (file)
@@ -1,3 +1,21 @@
+2010-07-09  Alexey Proskuryakov  <ap@apple.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=13075
+        XMLHttpRequest with failed authentication should set status to 401
+
+        https://bugs.webkit.org/show_bug.cgi?id=6871
+        <rdar://problem/3363403> 401 error page is never shown
+
+        * http/tests/xmlhttprequest/failed-auth-expected.txt:
+        * http/tests/xmlhttprequest/failed-auth.html:
+        Uncommented relevant subtests.
+
+        * http/tests/misc/401-alternative-content-expected.txt:
+        * http/tests/misc/401-alternative-content.php:
+        Added a test for the main resource aspect of this issue.
+
 2010-07-12  Pavel Feldman  <pfeldman@chromium.org>
 
         Not reviewed: chromium test expectations updated.
diff --git a/LayoutTests/http/tests/misc/401-alternative-content-expected.txt b/LayoutTests/http/tests/misc/401-alternative-content-expected.txt
new file mode 100644 (file)
index 0000000..7ef22e9
--- /dev/null
@@ -0,0 +1 @@
+PASS
diff --git a/LayoutTests/http/tests/misc/401-alternative-content.php b/LayoutTests/http/tests/misc/401-alternative-content.php
new file mode 100644 (file)
index 0000000..eb85ce1
--- /dev/null
@@ -0,0 +1,15 @@
+<?php
+  if (!isset($_SERVER['PHP_AUTH_USER'])) {
+   header('WWW-Authenticate: Basic realm="Please press Cancel"');
+   header('HTTP/1.0 401 Unauthorized');
+   header('Content-Type: text/html');
+   echo '<script>';
+   echo '   if (window.layoutTestController)';
+   echo '       layoutTestController.dumpAsText();';
+   echo '</script>';
+   echo 'PASS';
+   exit;
+  } else {
+   echo "FAIL: Why do you have credentials?";
+  }
+?>
index a4a5451..cc27c84 100644 (file)
@@ -2,5 +2,5 @@ Test for bug 13075: XMLHttpRequest with failed authentication should set status
 
 Sync, no credentials: OK
 Sync, incorrect credentials: OK
-Async, no credentials: [test disabled]
-Async, incorrect credentials: [test disabled]
+Async, no credentials: OK
+Async, incorrect credentials: OK
index 59123e3..f3e89e4 100644 (file)
@@ -3,8 +3,8 @@ XMLHttpRequest with failed authentication should set status to 401.</p>
 <ol>
   <li>Sync, no credentials:
   <li>Sync, incorrect credentials:
-  <li>Async, no credentials: [test disabled]
-  <li>Async, incorrect credentials: [test disabled]
+  <li>Async, no credentials: 
+  <li>Async, incorrect credentials: 
 </ol>
 <script>
 function checkResult(n, code) {
@@ -20,7 +20,7 @@ function log(n, message) {
 
 if (window.layoutTestController) {
     layoutTestController.dumpAsText();
-//    layoutTestController.waitUntilDone();
+    layoutTestController.waitUntilDone();
 } else {
     alert("Please cancel all authentication dialogs that will appear");
 }
@@ -43,7 +43,6 @@ try {
     log(2, ex);
 }
 
-/*
 try {
     var r = new XMLHttpRequest();
     r.open("GET", "resources/basic-auth/basic-auth.php?uid=login3", true);
@@ -75,5 +74,4 @@ function test4() {
         layoutTestController.notifyDone();
     }
 }
-*/
 </script>
index 34a20fb..406d786 100644 (file)
@@ -1,3 +1,19 @@
+2010-07-09  Alexey Proskuryakov  <ap@apple.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=13075
+        XMLHttpRequest with failed authentication should set status to 401
+
+        https://bugs.webkit.org/show_bug.cgi?id=6871
+        <rdar://problem/3363403> 401 error page is never shown
+
+        * platform/network/mac/ResourceHandleMac.mm: (WebCore::ResourceHandle::receivedCredential):
+        Added a comment explaining why we handle empty credentials differently here.
+
+        * platform/network/cf/ResourceHandleCFNet.cpp: (WebCore::ResourceHandle::receivedCredential):
+        Bring this code in sync with Mac.
+
 2010-07-12  Anders Carlsson  <andersca@apple.com>
 
         Reviewed by Adam Roben.
index f126d27..1139126 100644 (file)
@@ -538,6 +538,12 @@ void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge
     if (challenge != d->m_currentWebChallenge)
         return;
 
+    // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
+    if (credential.isEmpty()) {
+        receivedRequestToContinueWithoutCredential(challenge);
+        return;
+    }
+
     if (credential.persistence() == CredentialPersistenceForSession) {
         // Manage per-session credentials internally, because once NSURLCredentialPersistencePerSession is used, there is no way
         // to ignore it for a particular request (short of removing it altogether).
index f14c108..9f64d4e 100644 (file)
@@ -583,7 +583,8 @@ void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge
     ASSERT(!challenge.isNull());
     if (challenge != d->m_currentWebChallenge)
         return;
-    
+
+    // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
     if (credential.isEmpty()) {
         receivedRequestToContinueWithoutCredential(challenge);
         return;
index 315938a..eaed21b 100644 (file)
@@ -1,3 +1,21 @@
+2010-07-09  Alexey Proskuryakov  <ap@apple.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=13075
+        XMLHttpRequest with failed authentication should set status to 401
+
+        https://bugs.webkit.org/show_bug.cgi?id=6871
+        <rdar://problem/3363403> 401 error page is never shown
+
+        * Panels/WebPanelAuthenticationHandler.m:
+        (-[WebPanelAuthenticationHandler startAuthentication:window:]): Updated a comment - this
+        code cancels loading, not authentication (canceling authentication means telling to
+        continue without credentials).
+        (-[WebPanelAuthenticationHandler _authenticationDoneWithChallenge:result:]): If there were
+        no credentials provided, tell to continue without any. There may be alternative content
+        returned with 401.
+
 2010-07-09  Leon Clarke  <leonclarke@google.com>
 
         Reviewed by Adam Barth.
index c4c6e5b..694bba5 100644 (file)
@@ -113,7 +113,7 @@ WebPanelAuthenticationHandler *sharedHandler;
 
     // In this case, we have an attached sheet that's not one of our
     // authentication panels, so enqueing is not an option. Just
-    // cancel authentication instead, since this case is fairly
+    // cancel loading instead, since this case is fairly
     // unlikely (how would you be loading a page if you had an error
     // sheet up?)
     if ([w attachedSheet] != nil) {
@@ -152,7 +152,7 @@ WebPanelAuthenticationHandler *sharedHandler;
     }
 
     if (credential == nil) {
-        [[challenge sender] cancelAuthenticationChallenge:challenge];
+        [[challenge sender] continueWithoutCredentialForAuthenticationChallenge:challenge];
     } else {
         [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
     }
index 6a7b8df..b50245d 100644 (file)
@@ -1,3 +1,20 @@
+2010-07-09  Alexey Proskuryakov  <ap@apple.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=13075
+        XMLHttpRequest with failed authentication should set status to 401
+
+        https://bugs.webkit.org/show_bug.cgi?id=6871
+        <rdar://problem/3363403> 401 error page is never shown
+
+        * DumpRenderTree/mac/ResourceLoadDelegate.mm:
+        (-[ResourceLoadDelegate webView:resource:didReceiveAuthenticationChallenge:fromDataSource:]):
+        * DumpRenderTree/win/ResourceLoadDelegate.cpp:
+        (ResourceLoadDelegate::didReceiveAuthenticationChallenge):
+        Do respond even if handlesAuthenticationChallenges() is false. Pretend that the user pressed
+        the Cancel button.
+
 2010-07-12  Andreas Kling  <andreas.kling@nokia.com>
 
         Reviewed by Tor Arne Vestbø.
index 9244110..fca65f9 100644 (file)
@@ -166,8 +166,10 @@ using namespace std;
 
 - (void)webView:(WebView *)wv resource:(id)identifier didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge fromDataSource:(WebDataSource *)dataSource
 {
-    if (!gLayoutTestController->handlesAuthenticationChallenges())
+    if (!gLayoutTestController->handlesAuthenticationChallenges()) {
+        [[challenge sender] continueWithoutCredentialForAuthenticationChallenge:challenge];
         return;
+    }
     
     const char* user = gLayoutTestController->authenticationUsername().c_str();
     NSString *nsUser = [NSString stringWithFormat:@"%s", user ? user : ""];
index 2e031da..c422c11 100644 (file)
@@ -280,18 +280,20 @@ HRESULT STDMETHODCALLTYPE ResourceLoadDelegate::didReceiveAuthenticationChalleng
     /* [in] */ IWebURLAuthenticationChallenge *challenge,
     /* [in] */ IWebDataSource *dataSource)
 {
-    if (!gLayoutTestController->handlesAuthenticationChallenges())
+    COMPtr<IWebURLAuthenticationChallengeSender> sender;
+    if (!challenge || FAILED(challenge->sender(&sender)))
+        return E_FAIL;
+
+    if (!gLayoutTestController->handlesAuthenticationChallenges()) {
+        sender->continueWithoutCredentialForAuthenticationChallenge(challenge);
         return E_FAIL;
+    }
     
     const char* user = gLayoutTestController->authenticationUsername().c_str();
     const char* password = gLayoutTestController->authenticationPassword().c_str();
 
     printf("%S - didReceiveAuthenticationChallenge - Responding with %s:%s\n", descriptionSuitableForTestResult(identifier).c_str(), user, password);
-    
-    COMPtr<IWebURLAuthenticationChallengeSender> sender;
-    if (!challenge || FAILED(challenge->sender(&sender)))
-        return E_FAIL;
-        
+
     COMPtr<IWebURLCredential> credential;
     if (FAILED(WebKitCreateInstance(CLSID_WebURLCredential, 0, IID_IWebURLCredential, (void**)&credential)))
         return E_FAIL;