Reviewed by Darin.
authorap <ap@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 10 Apr 2006 04:40:28 +0000 (04:40 +0000)
committerap <ap@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 10 Apr 2006 04:40:28 +0000 (04:40 +0000)
        - fix http://bugzilla.opendarwin.org/show_bug.cgi?id=7877
        XMLHttpRequest ignores username/password passed to open()

        Test: http/tests/xmlhttprequest/basic-auth.html

        * platform/KURL.cpp:
        (KURL::setUser): Enable a code path that handles non-empty user name -
        it was already present, but commented out and protected with an assertion.
        (KURL::setPass): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@13751 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/xmlhttprequest/basic-auth-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/basic-auth.html [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/resources/basic-auth.php [new file with mode: 0644]
WebCore/ChangeLog
WebCore/platform/KURL.cpp

index b33b1531434a0ba9a03b8de2910d68c87b763a1f..d540370d5a5c5fccb9d13b0ba598140ccdce98cd 100644 (file)
@@ -1,3 +1,14 @@
+2006-04-09  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Darin.
+
+        - test for http://bugzilla.opendarwin.org/show_bug.cgi?id=7877
+        XMLHttpRequest ignores username/password passed to open()
+
+        * http/tests/xmlhttprequest/basic-auth-expected.txt: Added.
+        * http/tests/xmlhttprequest/basic-auth.html: Added.
+        * http/tests/xmlhttprequest/resources/basic-auth.php: Added.
+
 2006-04-09  Darin Adler  <darin@apple.com>
 
         Reviewed by Anders.
diff --git a/LayoutTests/http/tests/xmlhttprequest/basic-auth-expected.txt b/LayoutTests/http/tests/xmlhttprequest/basic-auth-expected.txt
new file mode 100644 (file)
index 0000000..1ee5096
--- /dev/null
@@ -0,0 +1,10 @@
+Tests for bug 7877: XMLHttpRequest ignores username/password passed to open()
+
+sync: User: sync, password: 123.
+sync2: User: sync2, password: 123.
+sync3: User: sync3, password: 123.
+sync4: User: sync4, password: 123.
+async: User: async, password: 123.
+async2: User: async2, password: 123.
+async3: User: async3, password: 123.
+async4: User: async4, password: 123.
diff --git a/LayoutTests/http/tests/xmlhttprequest/basic-auth.html b/LayoutTests/http/tests/xmlhttprequest/basic-auth.html
new file mode 100644 (file)
index 0000000..41e42ad
--- /dev/null
@@ -0,0 +1,79 @@
+<html>
+<body>
+<p>Tests for <a href="http://bugzilla.opendarwin.org/show_bug.cgi?id=7877">bug 7877</a>: 
+XMLHttpRequest ignores username/password passed to open()
+<script>
+    if (window.layoutTestController) {
+        layoutTestController.dumpAsText();
+        layoutTestController.waitUntilDone();
+    }
+    
+    var console_messages = document.createElement("ol");
+    document.body.appendChild(console_messages);
+    
+    function log(message)
+    {
+        var item = document.createElement("li");
+        item.appendChild(document.createTextNode(message));
+        console_messages.appendChild(item);
+    }
+
+    // sync
+    req = new XMLHttpRequest;
+    req.open("GET", "resources/basic-auth.php?uid=sync", false, "sync", "123");
+    req.send("");
+    log('sync: ' + req.responseText);
+
+    req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth.php?uid=sync2"), false, "sync2", "123");
+    req.send("");
+    log('sync2: ' + req.responseText);
+
+    req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth.php?uid=sync3").replace("http://", "http://sync3:123@"), false);
+    req.send("");
+    log('sync3: ' + req.responseText);
+
+    req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth.php?uid=sync4").replace("http://", "http://incorrect:incorrect@"), false, "sync4", "123");
+    req.send("");
+    log('sync4: ' + req.responseText);
+
+    // async
+    var asyncStep = 1;
+
+    req.onreadystatechange = processStateChange;
+    req.open("GET", "resources/basic-auth.php?uid=async", true, "async", "123");
+    req.send("");
+
+    function processStateChange() {
+    
+      if (req.readyState == 4){
+        if (req.status == 200){
+          if (asyncStep == 1) {
+            asyncStep = 2;
+            log('async: ' + req.responseText);
+            req.onreadystatechange = processStateChange;
+            req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth.php?uid=async2"), true, "async2", "123");
+            req.send("");
+          } else if (asyncStep == 2) {
+            asyncStep = 3;
+            log('async2: ' + req.responseText);
+            req.onreadystatechange = processStateChange;
+            req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth.php?uid=async3").replace("http://", "http://async3:123@"), true, "async3", "123");
+            req.send("");
+          } else if (asyncStep == 3) {
+            asyncStep = 4;
+            log('async3: ' + req.responseText);
+            req.onreadystatechange = processStateChange;
+            req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth.php?uid=async4").replace("http://", "http://incorrect:incorrect@"), true, "async4", "123");
+            req.send("");
+          } else if (asyncStep == 4) {
+            log('async4: ' + req.responseText);
+            if (window.layoutTestController)
+              layoutTestController.notifyDone();
+          }
+        }
+      }
+    }
+
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth.php b/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth.php
new file mode 100644 (file)
index 0000000..95dce5d
--- /dev/null
@@ -0,0 +1,10 @@
+<?php
+  if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
+   header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
+   header('HTTP/1.0 401 Unauthorized');
+   echo 'Authentication canceled';
+   exit;
+  } else {
+   echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
+  }
+?>
index aabc4a8ed1b3c84094288068d5094c022df7731c..f78fe3bbd27bcfd68c942229ac7f7edad99771ee 100644 (file)
@@ -1,3 +1,17 @@
+2006-04-09  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Darin.
+
+        - fix http://bugzilla.opendarwin.org/show_bug.cgi?id=7877
+        XMLHttpRequest ignores username/password passed to open()
+
+        Test: http/tests/xmlhttprequest/basic-auth.html
+
+        * platform/KURL.cpp:
+        (KURL::setUser): Enable a code path that handles non-empty user name -
+        it was already present, but commented out and protected with an assertion.
+        (KURL::setPass): Ditto.
+
 2006-04-09  Darin Adler  <darin@apple.com>
 
         Reviewed by Anders.
index 610439d7e4597d83e04fae9cce2e8193ea2cfad0..166ef953ae0c45b3bb015c147f3702ecdb3a3865 100644 (file)
@@ -605,23 +605,16 @@ void KURL::setUser(const DeprecatedString &user)
         DeprecatedString u;
         int end = userEndPos;
         if (!user.isEmpty()) {
-            // Untested code, but this is never used.
-            ASSERT_NOT_REACHED();
-#if 0
             u = user;
-            if (userStartPos == schemeEndPos + 1) {
+            if (userStartPos == schemeEndPos + 1)
                 u = "//" + u;
-            }
             // Add '@' if we didn't have one before.
-            if (end == hostEndPos || (end == passwordEndPos && urlString[end] != '@')) {
+            if (end == hostEndPos || (end == passwordEndPos && urlString[end] != '@'))
                 u += '@';
-            }
-#endif
         } else {
             // Remove '@' if we now have neither user nor password.
-            if (userEndPos == passwordEndPos && end != hostEndPos && urlString[end] == '@') {
+            if (userEndPos == passwordEndPos && end != hostEndPos && urlString[end] == '@')
                 end += 1;
-            }
         }
         const DeprecatedString newURL = urlString.left(userStartPos) + u + urlString.mid(end);
         parse(newURL.ascii(), &newURL);
@@ -634,23 +627,16 @@ void KURL::setPass(const DeprecatedString &password)
         DeprecatedString p;
         int end = passwordEndPos;
         if (!password.isEmpty()) {
-            // Untested code, but this is never used.
-            ASSERT_NOT_REACHED();
-#if 0
             p = ':' + password + '@';
-            if (userEndPos == schemeEndPos + 1) {
+            if (userEndPos == schemeEndPos + 1)
                 p = "//" + p;
-            }
             // Eat the existing '@' since we are going to add our own.
-            if (end != hostEndPos && urlString[end] == '@') {
+            if (end != hostEndPos && urlString[end] == '@')
                 end += 1;
-            }
-#endif
         } else {
             // Remove '@' if we now have neither user nor password.
-            if (userStartPos == userEndPos && end != hostEndPos && urlString[end] == '@') {
+            if (userStartPos == userEndPos && end != hostEndPos && urlString[end] == '@')
                 end += 1;
-            }
         }
         const DeprecatedString newURL = urlString.left(userEndPos) + p + urlString.mid(end);
         parse(newURL.ascii(), &newURL);