[BlackBerry] Auth credentials set in private mode are reused in public mode.
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 9 May 2012 03:35:14 +0000 (03:35 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 9 May 2012 03:35:14 +0000 (03:35 +0000)
https://bugs.webkit.org/show_bug.cgi?id=84697

Patch by Jason Liu <jason.liu@torchmobile.com.cn> on 2012-05-08
Reviewed by Rob Buis.

Add setPrivateMode function for CredentialStorage.

Source/WebCore:

Now, we only save credentials in memory and CredentialBackingStore isn't enabled.
When we set private mode from on to off, we clear all these temporary credentials.

We have to change Private Browsing to test, so have to write a manual test case.
Test: ManualTests/blackberry/http-auth-private-mode-changed.html

* network/CredentialStorage.cpp:
(WebCore::CredentialStorage::setPrivateMode):
(WebCore):
* platform/network/CredentialStorage.h:
(CredentialStorage):

Source/WebKit/blackberry:

We have to change Private Browsing to test, so have to write a manual test case.
Test: ManualTests/blackberry/http-auth-private-mode-changed.html

* Api/WebPage.cpp:
(BlackBerry::WebKit::WebPagePrivate::didChangeSettings):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@116488 268f45cc-cd09-0410-ab3c-d52691b4dbfc

ManualTests/blackberry/http-auth-private-mode-changed.html [new file with mode: 0644]
ManualTests/blackberry/http-auth-private-mode-changed.php [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/network/CredentialStorage.cpp
Source/WebCore/platform/network/CredentialStorage.h
Source/WebKit/blackberry/Api/WebPage.cpp
Source/WebKit/blackberry/ChangeLog

diff --git a/ManualTests/blackberry/http-auth-private-mode-changed.html b/ManualTests/blackberry/http-auth-private-mode-changed.html
new file mode 100644 (file)
index 0000000..d735963
--- /dev/null
@@ -0,0 +1,16 @@
+<html>
+  <body>
+    <p>Both http-auth-private-mode-changed.html and http-auth-private-mode-changed.php must be served over http.</p>
+    <p>This tests the behavior of http authentication when private browsering is set from on to off. This is for <a href="https://bugs.webkit.org/show_bug.cgi?id=84697">https://bugs.webkit.org/show_bug.cgi?id=84697</a></p><br>
+    <p>
+      Test steps:<br>
+      1. Set Private Browsing on. (Settings -> Privacy & Security -> Private Browsing).<br>
+      2. Press <a href="http-auth-private-mode-changed.php">Start test here</a>.<br>
+      3. When dialog pops up, enter real credential(username: "aaaa", password: "aaaa") and press Ok button.<br>
+      4. Set Private Browsing off. (Settings -> Privacy & Security -> Private Browsing).<br>
+      5. Refresh the page.<br>
+      6. There should be a dialog for you to input username and password again.<br>
+         If you can't see the dialog, this test fails.<br>
+    </p>
+  </body>
+</html>
diff --git a/ManualTests/blackberry/http-auth-private-mode-changed.php b/ManualTests/blackberry/http-auth-private-mode-changed.php
new file mode 100644 (file)
index 0000000..f85111b
--- /dev/null
@@ -0,0 +1,17 @@
+<?php
+    $username = $password = "aaaa";
+
+    if ($_SERVER['PHP_AUTH_USER'] == $username && $_SERVER['PHP_AUTH_PW'] == $password){
+        echo 'Test steps:<br>';
+        echo '1. Set Private Browsing off. (Settings -> Privacy & Security -> Private Browsing)<br>';
+        echo '2. Refresh the page.<br>';
+        echo '3. There should be a dialog for you to input username and password again.<br>';
+        echo 'If you can\'t see the dialog, this test fails.<br>';
+        exit;
+    } else {
+        header('WWW-Authenticate: Basic realm="My Realm"');
+        header('HTTP/1.0 401 Unauthorized');
+        echo "Authorization Required.";
+        exit;
+    }
+?>
index 2449f05..edc40e0 100644 (file)
@@ -1,3 +1,24 @@
+2012-05-08  Jason Liu  <jason.liu@torchmobile.com.cn>
+
+        [BlackBerry] Auth credentials set in private mode are reused in public mode.
+        https://bugs.webkit.org/show_bug.cgi?id=84697
+
+        Reviewed by Rob Buis.
+
+        Add setPrivateMode function for CredentialStorage.
+
+        Now, we only save credentials in memory and CredentialBackingStore isn't enabled.
+        When we set private mode from on to off, we clear all these temporary credentials.
+
+        We have to change Private Browsing to test, so have to write a manual test case.
+        Test: ManualTests/blackberry/http-auth-private-mode-changed.html
+
+        * network/CredentialStorage.cpp:
+        (WebCore::CredentialStorage::setPrivateMode):
+        (WebCore):
+        * platform/network/CredentialStorage.h:
+        (CredentialStorage):
+
 2012-05-08  Rakesh KN  <rakesh.kn@motorola.com>
 
         RadioNodeList support in HTMLFormElement::elements
index f0984f8..f624d4f 100644 (file)
@@ -159,4 +159,10 @@ Credential CredentialStorage::get(const KURL& url)
     return protectionSpaceToCredentialMap().get(iter->second);
 }
 
+void CredentialStorage::setPrivateMode(bool mode)
+{
+    if (!mode)
+        protectionSpaceToCredentialMap().clear();
+}
+
 } // namespace WebCore
index d11384d..49af452 100644 (file)
@@ -46,6 +46,8 @@ public:
     // a client should assume that all paths at or deeper than the depth of a known protected resource share are within the same protection space.
     static bool set(const Credential&, const KURL&); // Returns true if the URL corresponds to a known protection space, so credentials could be updated.
     static Credential get(const KURL&);
+
+    static void setPrivateMode(bool);
 };
 
 } // namespace WebCore
index 21e906a..00f08b0 100644 (file)
@@ -35,6 +35,7 @@
 #include "ContextMenuClientBlackBerry.h"
 #include "CookieManager.h"
 #include "CredentialManager.h"
+#include "CredentialStorage.h"
 #include "CredentialTransformData.h"
 #include "DOMSupport.h"
 #include "Database.h"
@@ -5994,6 +5995,8 @@ void WebPagePrivate::didChangeSettings(WebSettings* webSettings)
 
     cookieManager().setPrivateMode(webSettings->isPrivateBrowsingEnabled());
 
+    CredentialStorage::setPrivateMode(webSettings->isPrivateBrowsingEnabled());
+
     if (m_mainFrame && m_mainFrame->view()) {
         Color backgroundColor(webSettings->backgroundColor());
         m_mainFrame->view()->updateBackgroundRecursively(backgroundColor, backgroundColor.hasAlpha());
index 76dcbc2..399ca3f 100644 (file)
@@ -1,3 +1,18 @@
+2012-05-08  Jason Liu  <jason.liu@torchmobile.com.cn>
+
+        [BlackBerry] Auth credentials set in private mode are reused in public mode.
+        https://bugs.webkit.org/show_bug.cgi?id=84697
+
+        Reviewed by Rob Buis.
+
+        Add setPrivateMode function for CredentialStorage.
+
+        We have to change Private Browsing to test, so have to write a manual test case.
+        Test: ManualTests/blackberry/http-auth-private-mode-changed.html
+
+        * Api/WebPage.cpp:
+        (BlackBerry::WebKit::WebPagePrivate::didChangeSettings):
+
 2012-05-08  Crystal Zhang  <haizhang@rim.com>
     
             [BlackBerry] Implement a popup client for HTML controls