NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthe...
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 15 Aug 2018 00:10:12 +0000 (00:10 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 15 Aug 2018 00:10:12 +0000 (00:10 +0000)
https://bugs.webkit.org/show_bug.cgi?id=186870
Source/WebCore:

<rdar://problem/41314410>

Patch by Ansh Shukla <ansh_shukla@apple.com> on 2018-08-14
Reviewed by Alex Christensen.

Add the ProtectionSpaceAuthenticationSchemeOAuth type.

* platform/network/ProtectionSpaceBase.cpp:
(WebCore::ProtectionSpaceBase::isPasswordBased const): Return yes because the oauth challenge
expects a token in return.
* platform/network/ProtectionSpaceBase.h:
* platform/network/cocoa/ProtectionSpaceCocoa.mm:
(WebCore::scheme):
(WebCore::ProtectionSpace::nsSpace const):

Source/WebCore/PAL:

<rdar://problem/41314410>

Patch by Ansh Shukla <ansh_shukla@apple.com> on 2018-08-14
Reviewed by Alex Christensen.

* pal/spi/cf/CFNetworkSPI.h: Declare OAuth string when not building against the
internal SDK.

Source/WebKit:

<rdar://problem/41314410>

Patch by Ansh Shukla <ansh_shukla@apple.com> on 2018-08-14
Reviewed by Alex Christensen.

Correctly expose the OAuth protection space type in API.

* UIProcess/API/C/WKAPICast.h:
(WebKit::toAPI):
* UIProcess/API/C/WKProtectionSpaceTypes.h:

Tools:

<rdar://problem/41314410>

Patch by Ansh Shukla <ansh_shukla@apple.com> on 2018-08-14
Reviewed by Alex Christensen.

* WebKitTestRunner/TestController.cpp:
(WTR::toString):
(WTR::TestController::canAuthenticateAgainstProtectionSpace): Expose type of authentication challenge so we can test OAuth.
(WTR::TestController::didReceiveAuthenticationChallenge):

LayoutTests:

Patch by Ansh Shukla <ansh_shukla@apple.com> on 2018-08-14
Reviewed by Alex Christensen.

Ensure the exposed authentication type to clients is OAuth.

* http/tests/loading/oauth-expected.txt: Added.
* http/tests/loading/oauth.html: Added.
* http/tests/loading/resources/oauth-subresource.php: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@234870 268f45cc-cd09-0410-ab3c-d52691b4dbfc

40 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/cache/disk-cache/speculative-validation/http-auth-expected.txt
LayoutTests/http/tests/loading/oauth-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/loading/oauth.html [new file with mode: 0644]
LayoutTests/http/tests/loading/resources/oauth-subresource.php [new file with mode: 0644]
LayoutTests/platform/mac-wk2/http/tests/inspector/network/resource-request-headers-expected.txt
LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt
LayoutTests/platform/wk2/http/tests/loading/basic-auth-resend-wrong-credentials-expected.txt
LayoutTests/platform/wk2/http/tests/loading/basic-credentials-sent-automatically-expected.txt
LayoutTests/platform/wk2/http/tests/loading/oauth-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/media/video-auth-expected.txt
LayoutTests/platform/wk2/http/tests/media/video-auth-with-allowCrossOriginSubresourcesToAskForCredentials-expected.txt
LayoutTests/platform/wk2/http/tests/misc/401-alternative-content-expected.txt
LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-1/authentication-sent-to-redirect-cross-origin-expected.txt
LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-2/authentication-sent-to-redirect-same-origin-expected.txt
LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-3/authentication-sent-to-redirect-same-origin-with-location-credentials-expected.txt
LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-4/authentication-sent-to-redirect-same-origin-url-expected.txt
LayoutTests/platform/wk2/http/tests/security/401-logout/401-logout-expected.txt
LayoutTests/platform/wk2/http/tests/security/basic-auth-subresource-expected.txt
LayoutTests/platform/wk2/http/tests/security/credentials-iframes-allowCrossOriginSubresourcesToAskForCredentials-expected.txt
LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-basic-auth-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt
LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials-expected.txt
LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-insecure-page.https-expected.txt
LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-secure-page-via-insecure-redirect.https-expected.txt
LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt
LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt
LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt
LayoutTests/platform/wk2/http/tests/xmlhttprequest/failed-auth-expected.txt
LayoutTests/platform/wk2/http/tests/xmlhttprequest/remember-bad-password-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/PAL/ChangeLog
Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h
Source/WebCore/platform/network/ProtectionSpaceBase.cpp
Source/WebCore/platform/network/ProtectionSpaceBase.h
Source/WebCore/platform/network/cocoa/ProtectionSpaceCocoa.mm
Source/WebKit/ChangeLog
Source/WebKit/UIProcess/API/C/WKAPICast.h
Source/WebKit/UIProcess/API/C/WKProtectionSpaceTypes.h
Tools/ChangeLog
Tools/WebKitTestRunner/TestController.cpp

index e2d9359..796d433 100644 (file)
@@ -1,3 +1,16 @@
+2018-08-14  Ansh Shukla  <ansh_shukla@apple.com>
+
+        NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault
+        https://bugs.webkit.org/show_bug.cgi?id=186870
+
+        Reviewed by Alex Christensen.
+
+        Ensure the exposed authentication type to clients is OAuth.
+
+        * http/tests/loading/oauth-expected.txt: Added.
+        * http/tests/loading/oauth.html: Added.
+        * http/tests/loading/resources/oauth-subresource.php: Added.
+
 2018-08-14  Ryan Haddad  <ryanhaddad@apple.com>
 
         Unreviewed test gardening for mac-wk1.
index 528d046..3c4720b 100644 (file)
@@ -1,5 +1,5 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUsername:testPassword
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUsername:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 Tests speculative revalidation of authenticated resources.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
diff --git a/LayoutTests/http/tests/loading/oauth-expected.txt b/LayoutTests/http/tests/loading/oauth-expected.txt
new file mode 100644 (file)
index 0000000..61f91cb
--- /dev/null
@@ -0,0 +1,6 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+
diff --git a/LayoutTests/http/tests/loading/oauth.html b/LayoutTests/http/tests/loading/oauth.html
new file mode 100644 (file)
index 0000000..e7a1614
--- /dev/null
@@ -0,0 +1,17 @@
+<script src="/js-test-resources/js-test-pre.js"></script>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+    testRunner.setHandlesAuthenticationChallenges(false);
+    if (testRunner.setShouldLogCanAuthenticateAgainstProtectionSpace) {
+        testRunner.setShouldLogCanAuthenticateAgainstProtectionSpace(true);
+        testRunner.waitUntilDone();
+    }
+}
+
+fetch("resources/oauth-subresource.php").then(()=>{
+    if (window.testRunner)
+        testRunner.notifyDone();
+});
+</script>
diff --git a/LayoutTests/http/tests/loading/resources/oauth-subresource.php b/LayoutTests/http/tests/loading/resources/oauth-subresource.php
new file mode 100644 (file)
index 0000000..970396f
--- /dev/null
@@ -0,0 +1,9 @@
+<?php
+$realm = $_SERVER['REQUEST_URI'];
+
+header("Cache-Control: no-store");
+header("WWW-Authenticate: OAuth realm=\"" . $realm . "\"");
+header('HTTP/1.1 401 Unauthorized');
+echo "Sent OAuth Challenge.";
+exit;
+?>
index 94cf539..7c2040f 100644 (file)
@@ -1,5 +1,5 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 Test for Resource request headers which may not have been immediately available but eventually are (Cookie, Authorization).
 
 
index 59ea275..5a5c1ac 100644 (file)
@@ -3,7 +3,7 @@ main frame - didCommitLoadForFrame
 main frame - didFinishDocumentLoadForFrame
 frame "<!--frame1-->" - didStartProvisionalLoadForFrame
 frame "<!--frame1-->" - didReceiveServerRedirectForProvisionalLoadForFrame
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with httpUsername:httpPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with httpUsername:httpPassword
 frame "<!--frame1-->" - didCommitLoadForFrame
 frame "<!--frame1-->" - didFinishDocumentLoadForFrame
 frame "<!--frame1-->" - didHandleOnloadEventsForFrame
index 607e0d8..b90b367 100644 (file)
@@ -4,13 +4,13 @@ main frame - didFinishDocumentLoadForFrame
 main frame - didHandleOnloadEventsForFrame
 main frame - didFinishLoadForFrame
 frame "<!--frame1-->" - didStartProvisionalLoadForFrame
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with wrongusername:wrongpassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with wrongusername:wrongpassword
 frame "<!--frame1-->" - didCommitLoadForFrame
 frame "<!--frame1-->" - didFinishDocumentLoadForFrame
 frame "<!--frame1-->" - didHandleOnloadEventsForFrame
 frame "<!--frame1-->" - didFinishLoadForFrame
 frame "<!--frame2-->" - didStartProvisionalLoadForFrame
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with correctusername:correctpassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with correctusername:correctpassword
 frame "<!--frame2-->" - didCommitLoadForFrame
 frame "<!--frame2-->" - didFinishDocumentLoadForFrame
 frame "<!--frame2-->" - didHandleOnloadEventsForFrame
index 754f507..eb91ebb 100644 (file)
@@ -4,13 +4,13 @@ main frame - didFinishDocumentLoadForFrame
 main frame - didHandleOnloadEventsForFrame
 main frame - didFinishLoadForFrame
 frame "<!--frame1-->" - didStartProvisionalLoadForFrame
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with first:first-pw
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with first:first-pw
 frame "<!--frame1-->" - didCommitLoadForFrame
 frame "<!--frame1-->" - didFinishDocumentLoadForFrame
 frame "<!--frame1-->" - didHandleOnloadEventsForFrame
 frame "<!--frame1-->" - didFinishLoadForFrame
 frame "<!--frame2-->" - didStartProvisionalLoadForFrame
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with second:second-pw
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with second:second-pw
 frame "<!--frame2-->" - didCommitLoadForFrame
 frame "<!--frame2-->" - didFinishDocumentLoadForFrame
 frame "<!--frame2-->" - didHandleOnloadEventsForFrame
diff --git a/LayoutTests/platform/wk2/http/tests/loading/oauth-expected.txt b/LayoutTests/platform/wk2/http/tests/loading/oauth-expected.txt
new file mode 100644 (file)
index 0000000..2fd8de6
--- /dev/null
@@ -0,0 +1,8 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+canAuthenticateAgainstProtectionSpace
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeOAuth - Simulating cancelled authentication sheet
+
index dc8012b..7727441 100644 (file)
@@ -1,4 +1,4 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with username:password
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password
  
 Tests that the media player sends authorization credentials when requesting a media file.
 Testing same domain (127.0.0.1)
index 00e0753..8de4477 100644 (file)
@@ -1,5 +1,5 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with username:password
-localhost:8000 - didReceiveAuthenticationChallenge - Responding with username:password
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password
+localhost:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password
  
 Tests that the media player sends authorization credentials when requesting a media file.
 Testing same domain (127.0.0.1)
index bab608a..ea00363 100644 (file)
@@ -1,2 +1,2 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 PASS
index 74f972b..d859b15 100644 (file)
@@ -1,4 +1,4 @@
-localhost:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+localhost:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 https://bugs.webkit.org/show_bug.cgi?id=40138
 You should load this page at 127.0.0.1:8000 so localhost:8000 is considered a different security origin.
 This test loads a php script which demands http authentication, then uses it to redirect to another script in a different origin that shows what authentication headers were sent with the final request.
index 9920310..d59fee5 100644 (file)
@@ -1,4 +1,4 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 https://bugs.webkit.org/show_bug.cgi?id=66354
 You should load this page at 127.0.0.1:8000 because the test relies on redirects within the 127.0.0.1:8000 security origin.
 This test loads a php script which demands http authentication, then uses it to redirect to another script in the same origin that shows what authentication headers were sent with the final request.
index a80c80b..89d98d0 100644 (file)
@@ -1,4 +1,4 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 https://bugs.webkit.org/show_bug.cgi?id=66354
 You should load this page at 127.0.0.1:8000 because the test relies on redirects within the 127.0.0.1:8000 security origin.
 This test loads a php script which demands http authentication, then uses it to redirect to another script in the same origin that shows what authentication headers were sent with the final request.
index b72f4b3..217c8ca 100644 (file)
@@ -1,4 +1,4 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 https://bugs.webkit.org/show_bug.cgi?id=105190
 You should load this page at 127.0.0.1:8000 because the test relies on redirects within the 127.0.0.1:8000 security origin.
 This test loads a php script which demands http authentication, then uses it to redirect via 301 to another script in the same origin that shows what authentication headers were sent with the final request. It verifies that the credentials are not placed in the final URL.
index fdfad38..412b711 100644 (file)
@@ -1,3 +1,3 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with username:password
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 PASS
index 3aa9943..6b9ff03 100644 (file)
@@ -1,8 +1,8 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 CONSOLE MESSAGE: Blocked http://localhost:8000/security/resources/subresource1/protected-image.php from asking for credentials because it is a cross-origin request.
 CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource1/protected-image.php from asking for credentials because it is a cross-origin request.
 CONSOLE MESSAGE: Blocked http://localhost:8000/security/resources/subresource2/protected-image.php from asking for credentials because it is a cross-origin request.
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.php from asking for credentials because it is a cross-origin request.
 CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource2/protected-image.php from asking for credentials because it is a cross-origin request.
 CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.php from asking for credentials because it is a cross-origin request.
index a19746e..19193f4 100644 (file)
@@ -1,4 +1,4 @@
 ALERT: parent host: 127.0.0.1 iframe host: 127.0.0.1 credentials:User: same-domain-user, password: same-domain-password.
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 ALERT: parent host: localhost iframe host: 127.0.0.1 credentials:Authentication canceled
 
index e5ee7e8..b5028ba 100644 (file)
@@ -1,6 +1,6 @@
 CONSOLE MESSAGE: line 33: The page at https://127.0.0.1:8443/security/mixedContent/insecure-basic-auth-image-allowCrossOriginSubresourcesToAskForCredentials.https.html was allowed to display insecure content from http://localhost:8000/security/mixedContent/resources/subresource2/protected-image.php.
 
-localhost:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+localhost:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 Tests that we do not ask for credentials when loading an insecure image that requires basic authentication.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
index 252c480..8c6e8bc 100644 (file)
@@ -1,6 +1,6 @@
 CONSOLE MESSAGE: line 18: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image-redirects-to-basic-auth-secure-image.html?allowCrossOriginSubresourcesToAskForCredentials=1 was allowed to display insecure content from http://127.0.0.1:8080/resources/redirect.php?url=https://localhost:8443/security/mixedContent/resources/subresource/protected-image.php.
 
-localhost:8443 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+localhost:8443 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 This test opens a new window to a secure page that loads an insecure image that redirects to a secure image guarded by basic authentication. The image should load.
 
 PASS did load image.
index 44a59e6..42d674b 100644 (file)
@@ -1,6 +1,6 @@
 CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https.html was allowed to display insecure content from http://127.0.0.1:8080/resources/redirect.php?url=https://localhost:8443/security/mixedContent/resources/subresource/protected-image.php.
 
-localhost:8443 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+localhost:8443 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 This test loads a secure image that redirects to an insecure image that redirects to a secure image guarded by basic authentication. The image should load.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
index da01ffa..dd01562 100644 (file)
@@ -1,6 +1,6 @@
 CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-allowCrossOriginSubresourcesToAskForCredentials.https.html was allowed to display insecure content from http://localhost:8080/security/mixedContent/resources/subresource/protected-image.php.
 
-localhost:8080 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+localhost:8080 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 This test loads a secure image that redirects to an secure image that redirects to an insecure image guarded by basic authentication. The image should load.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
index 3f96a8a..eb9c90c 100644 (file)
@@ -1,4 +1,4 @@
-localhost:8443 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+localhost:8443 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 This test loads a secure image that redirects to a secure image that redirects to a secure image guarded by basic authentication. The secure image should load.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
index 7259256..cb01ef1 100644 (file)
@@ -1,5 +1,5 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 Test for bug 13075: XMLHttpRequest with failed authentication should set status to 401.
 
 Sync, no credentials: OK
index 400187f..7a51426 100644 (file)
@@ -1,5 +1,5 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 rdar://problem/7062824 A wrong password entered for site or proxy auth remains in WebCore credential storage, and is sent with subsequent requests.
 
 This test counts the number of failed requests server side.
index 2d07e40..e35e1d4 100644 (file)
@@ -1,3 +1,21 @@
+2018-08-14  Ansh Shukla  <ansh_shukla@apple.com>
+
+        NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault
+        https://bugs.webkit.org/show_bug.cgi?id=186870
+        <rdar://problem/41314410>
+
+        Reviewed by Alex Christensen.
+
+        Add the ProtectionSpaceAuthenticationSchemeOAuth type.
+
+        * platform/network/ProtectionSpaceBase.cpp:
+        (WebCore::ProtectionSpaceBase::isPasswordBased const): Return yes because the oauth challenge
+        expects a token in return.
+        * platform/network/ProtectionSpaceBase.h:
+        * platform/network/cocoa/ProtectionSpaceCocoa.mm:
+        (WebCore::scheme):
+        (WebCore::ProtectionSpace::nsSpace const):
+
 2018-08-14  Basuke Suzuki  <Basuke.Suzuki@sony.com>
 
         [Curl] Implement platform default timeout interval.
index fa8557c..5268cbc 100644 (file)
@@ -1,3 +1,14 @@
+2018-08-14  Ansh Shukla  <ansh_shukla@apple.com>
+
+        NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault
+        https://bugs.webkit.org/show_bug.cgi?id=186870
+        <rdar://problem/41314410>
+
+        Reviewed by Alex Christensen.
+
+        * pal/spi/cf/CFNetworkSPI.h: Declare OAuth string when not building against the
+        internal SDK.
+
 2018-08-07  Ryan Haddad  <ryanhaddad@apple.com>
 
         Unreviewed, suppress warnings to fix the build.
index d9ba909..3dc2950 100644 (file)
@@ -178,6 +178,8 @@ typedef void (^CFCachedURLResponseCallBackBlock)(CFCachedURLResponseRef);
 #endif
 @end
 
+extern NSString * const NSURLAuthenticationMethodOAuth;
+
 #endif // defined(__OBJC__)
 
 #endif // !PLATFORM(WIN) && !USE(APPLE_INTERNAL_SDK)
index fca64c8..14eac6a 100644 (file)
@@ -108,6 +108,7 @@ bool ProtectionSpaceBase::isPasswordBased() const
     case ProtectionSpaceAuthenticationSchemeHTMLForm:
     case ProtectionSpaceAuthenticationSchemeNTLM:
     case ProtectionSpaceAuthenticationSchemeNegotiate:
+    case ProtectionSpaceAuthenticationSchemeOAuth:
         return true;
     case ProtectionSpaceAuthenticationSchemeClientCertificateRequested:
     case ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested:
index b393e64..720592d 100644 (file)
@@ -52,6 +52,7 @@ enum ProtectionSpaceAuthenticationScheme {
     ProtectionSpaceAuthenticationSchemeNegotiate = 6,
     ProtectionSpaceAuthenticationSchemeClientCertificateRequested = 7,
     ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested = 8,
+    ProtectionSpaceAuthenticationSchemeOAuth = 9,
     ProtectionSpaceAuthenticationSchemeUnknown = 100
 };
   
index db1fb51..6218cea 100644 (file)
@@ -26,6 +26,8 @@
 #import "config.h"
 #import "ProtectionSpaceCocoa.h"
 
+#import <pal/spi/cf/CFNetworkSPI.h>
+
 namespace WebCore {
 
 static ProtectionSpaceServerType type(NSURLProtectionSpace *space)
@@ -80,6 +82,8 @@ static ProtectionSpaceAuthenticationScheme scheme(NSURLProtectionSpace *space)
     if ([method isEqualToString:NSURLAuthenticationMethodServerTrust])
         return ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested;
 #endif
+    if ([method isEqualToString:NSURLAuthenticationMethodOAuth])
+        return ProtectionSpaceAuthenticationSchemeOAuth;
 
     ASSERT_NOT_REACHED();
     return ProtectionSpaceAuthenticationSchemeUnknown;
@@ -155,6 +159,9 @@ NSURLProtectionSpace *ProtectionSpace::nsSpace() const
         method = NSURLAuthenticationMethodClientCertificate;
         break;
 #endif
+    case ProtectionSpaceAuthenticationSchemeOAuth:
+        method = NSURLAuthenticationMethodOAuth;
+        break;
     default:
         ASSERT_NOT_REACHED();
     }
index 25293f8..a8ff3d6 100644 (file)
@@ -1,3 +1,17 @@
+2018-08-14  Ansh Shukla  <ansh_shukla@apple.com>
+
+        NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault
+        https://bugs.webkit.org/show_bug.cgi?id=186870
+        <rdar://problem/41314410>
+
+        Reviewed by Alex Christensen.
+
+        Correctly expose the OAuth protection space type in API.
+
+        * UIProcess/API/C/WKAPICast.h:
+        (WebKit::toAPI):
+        * UIProcess/API/C/WKProtectionSpaceTypes.h:
+
 2018-08-14  Ben Richards  <benton_richards@apple.com>
 
         Remove api misuse check so that custom webcontent service identifier can be set at runtime
index c50e1f9..e65fd97 100644 (file)
@@ -364,6 +364,8 @@ inline WKProtectionSpaceAuthenticationScheme toAPI(WebCore::ProtectionSpaceAuthe
         return kWKProtectionSpaceAuthenticationSchemeClientCertificateRequested;
     case WebCore::ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested:
         return kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested;
+    case WebCore::ProtectionSpaceAuthenticationSchemeOAuth:
+        return kWKProtectionSpaceAuthenticationSchemeOAuth;
     default:
         return kWKProtectionSpaceAuthenticationSchemeUnknown;
     }
index 4741460..1b25d03 100644 (file)
@@ -53,6 +53,7 @@ enum  {
     kWKProtectionSpaceAuthenticationSchemeNegotiate,
     kWKProtectionSpaceAuthenticationSchemeClientCertificateRequested,
     kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested,
+    kWKProtectionSpaceAuthenticationSchemeOAuth,
     kWKProtectionSpaceAuthenticationSchemeUnknown = 100,
 };
 typedef uint32_t WKProtectionSpaceAuthenticationScheme;
index 052c175..8e80d4a 100644 (file)
@@ -1,3 +1,16 @@
+2018-08-14  Ansh Shukla  <ansh_shukla@apple.com>
+
+        NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault
+        https://bugs.webkit.org/show_bug.cgi?id=186870
+        <rdar://problem/41314410>
+
+        Reviewed by Alex Christensen.
+
+        * WebKitTestRunner/TestController.cpp:
+        (WTR::toString):
+        (WTR::TestController::canAuthenticateAgainstProtectionSpace): Expose type of authentication challenge so we can test OAuth.
+        (WTR::TestController::didReceiveAuthenticationChallenge):
+
 2018-08-14  Fujii Hironori  <Hironori.Fujii@sony.com>
 
         [webkitpy][Win] LayoutTests: test names should be Unix style, separated by slash not backslash
index 01203ce..f3dc811 100644 (file)
@@ -1809,6 +1809,32 @@ void TestController::didReceiveServerRedirectForProvisionalNavigation(WKPageRef
     return;
 }
 
+static const char* toString(WKProtectionSpaceAuthenticationScheme scheme)
+{
+    switch (scheme) {
+    case kWKProtectionSpaceAuthenticationSchemeDefault:
+        return "ProtectionSpaceAuthenticationSchemeDefault";
+    case kWKProtectionSpaceAuthenticationSchemeHTTPBasic:
+        return "ProtectionSpaceAuthenticationSchemeHTTPBasic";
+    case kWKProtectionSpaceAuthenticationSchemeHTMLForm:
+        return "ProtectionSpaceAuthenticationSchemeHTMLForm";
+    case kWKProtectionSpaceAuthenticationSchemeNTLM:
+        return "ProtectionSpaceAuthenticationSchemeNTLM";
+    case kWKProtectionSpaceAuthenticationSchemeNegotiate:
+        return "ProtectionSpaceAuthenticationSchemeNegotiate";
+    case kWKProtectionSpaceAuthenticationSchemeClientCertificateRequested:
+        return "ProtectionSpaceAuthenticationSchemeClientCertificateRequested";
+    case kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested:
+        return "ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested";
+    case kWKProtectionSpaceAuthenticationSchemeOAuth:
+        return "ProtectionSpaceAuthenticationSchemeOAuth";
+    case kWKProtectionSpaceAuthenticationSchemeUnknown:
+        return "ProtectionSpaceAuthenticationSchemeUnknown";
+    }
+    ASSERT_NOT_REACHED();
+    return "ProtectionSpaceAuthenticationSchemeUnknown";
+}
+
 bool TestController::canAuthenticateAgainstProtectionSpace(WKPageRef page, WKProtectionSpaceRef protectionSpace)
 {
     if (m_shouldLogCanAuthenticateAgainstProtectionSpace)
@@ -1820,7 +1846,7 @@ bool TestController::canAuthenticateAgainstProtectionSpace(WKPageRef page, WKPro
         return host == "localhost" || host == "127.0.0.1" || (m_allowAnyHTTPSCertificateForAllowedHosts && m_allowedHosts.find(host) != m_allowedHosts.end());
     }
     
-    return authenticationScheme <= kWKProtectionSpaceAuthenticationSchemeHTTPDigest;
+    return authenticationScheme <= kWKProtectionSpaceAuthenticationSchemeHTTPDigest || authenticationScheme == kWKProtectionSpaceAuthenticationSchemeOAuth;
 }
 
 void TestController::didFinishNavigation(WKPageRef page, WKNavigationRef navigation)
@@ -1840,8 +1866,9 @@ void TestController::didReceiveAuthenticationChallenge(WKPageRef page, WKAuthent
 {
     WKProtectionSpaceRef protectionSpace = WKAuthenticationChallengeGetProtectionSpace(authenticationChallenge);
     WKAuthenticationDecisionListenerRef decisionListener = WKAuthenticationChallengeGetDecisionListener(authenticationChallenge);
+    WKProtectionSpaceAuthenticationScheme authenticationScheme = WKProtectionSpaceGetAuthenticationScheme(protectionSpace);
 
-    if (WKProtectionSpaceGetAuthenticationScheme(protectionSpace) == kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
+    if (authenticationScheme == kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
         // Any non-empty credential signals to accept the server trust. Since the cross-platform API
         // doesn't expose a way to create a credential from server trust, we use a password credential.
 
@@ -1858,7 +1885,7 @@ void TestController::didReceiveAuthenticationChallenge(WKPageRef page, WKAuthent
 
     std::string host = toSTD(adoptWK(WKProtectionSpaceCopyHost(protectionSpace)).get());
     int port = WKProtectionSpaceGetPort(protectionSpace);
-    String message = String::format("%s:%d - didReceiveAuthenticationChallenge - ", host.c_str(), port);
+    String message = String::format("%s:%d - didReceiveAuthenticationChallenge - %s - ", host.c_str(), port, toString(authenticationScheme));
     if (!m_handlesAuthenticationChallenges)
         message.append("Simulating cancelled authentication sheet\n");
     else