Skip to site navigation (Press enter)

[webkit-changes] [197223] trunk/Source/WebKit2

achristensen Fri, 26 Feb 2016 17:29:16 -0800

Title: [197223] trunk/Source/WebKit2

Revision: 197223
Author: achristen...@apple.com
Date: 2016-02-26 17:29:05 -0800 (Fri, 26 Feb 2016)

Log Message

Clear credentials and prevent unauthorized credential storage when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154755


Reviewed by Brady Eidson.

Credentials from previous tests were being used sometimes, notably in 
http/tests/misc/401-alternative-content.php when running multiple credential-based
tests with the same WebKitTestRunner.

* NetworkProcess/NetworkDataTask.h:
* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::clearCachedCredentials):
(WebKit::NetworkProcess::ensurePrivateBrowsingSession):
* NetworkProcess/NetworkSession.h:
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTask::NetworkDataTask):
(WebKit::NetworkDataTask::tryPasswordBasedAuthentication):
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(WebKit::NetworkSession::~NetworkSession):
(WebKit::NetworkSession::clearCredentials):
(WebKit::NetworkSession::dataTaskForIdentifier):

Modified Paths

trunk/Source/WebKit2/ChangeLog
trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.h
trunk/Source/WebKit2/NetworkProcess/NetworkProcess.cpp
trunk/Source/WebKit2/NetworkProcess/NetworkSession.h
trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm

Diff

Modified: trunk/Source/WebKit2/ChangeLog (197222 => 197223)


--- trunk/Source/WebKit2/ChangeLog	2016-02-27 01:21:37 UTC (rev 197222)
+++ trunk/Source/WebKit2/ChangeLog	2016-02-27 01:29:05 UTC (rev 197223)
@@ -1,3 +1,27 @@
+2016-02-26  Alex Christensen  <achristen...@webkit.org>
+
+        Clear credentials and prevent unauthorized credential storage when using NetworkSession
+        https://bugs.webkit.org/show_bug.cgi?id=154755
+
+        Reviewed by Brady Eidson.
+
+        Credentials from previous tests were being used sometimes, notably in 
+        http/tests/misc/401-alternative-content.php when running multiple credential-based
+        tests with the same WebKitTestRunner.
+
+        * NetworkProcess/NetworkDataTask.h:
+        * NetworkProcess/NetworkProcess.cpp:
+        (WebKit::NetworkProcess::clearCachedCredentials):
+        (WebKit::NetworkProcess::ensurePrivateBrowsingSession):
+        * NetworkProcess/NetworkSession.h:
+        * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
+        (WebKit::NetworkDataTask::NetworkDataTask):
+        (WebKit::NetworkDataTask::tryPasswordBasedAuthentication):
+        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+        (WebKit::NetworkSession::~NetworkSession):
+        (WebKit::NetworkSession::clearCredentials):
+        (WebKit::NetworkSession::dataTaskForIdentifier):
+
 2016-02-26  Gavin Barraclough  <barraclo...@apple.com>
 
         Page TimerAlignmentIntervalIncrease mechanism should have upper limit

Modified: trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.h (197222 => 197223)


--- trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.h	2016-02-27 01:21:37 UTC (rev 197222)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.h	2016-02-27 01:29:05 UTC (rev 197223)
@@ -146,6 +146,7 @@
     DownloadID m_pendingDownloadID;
     String m_user;
     String m_password;
+    WebCore::StoredCredentials m_storedCredentials;
     String m_lastHTTPMethod;
     String m_pendingDownloadLocation;
     WebCore::ResourceRequest m_firstRequest;

Modified: trunk/Source/WebKit2/NetworkProcess/NetworkProcess.cpp (197222 => 197223)


--- trunk/Source/WebKit2/NetworkProcess/NetworkProcess.cpp	2016-02-27 01:21:37 UTC (rev 197222)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkProcess.cpp	2016-02-27 01:29:05 UTC (rev 197223)
@@ -270,6 +270,9 @@
 void NetworkProcess::clearCachedCredentials()
 {
     NetworkStorageSession::defaultStorageSession().credentialStorage().clearCredentials();
+#if USE(NETWORK_SESSION)
+    NetworkSession::defaultSession().clearCredentials();
+#endif
 }
 
 void NetworkProcess::ensurePrivateBrowsingSession(SessionID sessionID)

Modified: trunk/Source/WebKit2/NetworkProcess/NetworkSession.h (197222 => 197223)


--- trunk/Source/WebKit2/NetworkProcess/NetworkSession.h	2016-02-27 01:21:37 UTC (rev 197222)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkSession.h	2016-02-27 01:29:05 UTC (rev 197223)
@@ -54,6 +54,7 @@
     ~NetworkSession();
 
     static NetworkSession& defaultSession();
+    void clearCredentials();
 
     NetworkDataTask* dataTaskForIdentifier(NetworkDataTask::TaskIdentifier);

Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm (197222 => 197223)


--- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm	2016-02-27 01:21:37 UTC (rev 197222)
+++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm	2016-02-27 01:29:05 UTC (rev 197223)
@@ -47,6 +47,7 @@
     : m_failureTimer(*this, &NetworkDataTask::failureTimerFired)
     , m_session(session)
     , m_client(&client)
+    , m_storedCredentials(storedCredentials)
     , m_lastHTTPMethod(requestWithCredentials.httpMethod())
     , m_firstRequest(requestWithCredentials)
     , m_shouldClearReferrerOnHTTPSToHTTPRedirect(shouldClearReferrerOnHTTPSToHTTPRedirect)
@@ -210,7 +211,8 @@
         return false;
     
     if (!m_user.isNull() && !m_password.isNull()) {
-        completionHandler(AuthenticationChallengeDisposition::UseCredential, WebCore::Credential(m_user, m_password, WebCore::CredentialPersistenceForSession));
+        auto persistence = m_storedCredentials == WebCore::StoredCredentials::AllowStoredCredentials ? WebCore::CredentialPersistenceForSession : WebCore::CredentialPersistenceNone;
+        completionHandler(AuthenticationChallengeDisposition::UseCredential, WebCore::Credential(m_user, m_password, persistence));
         m_user = String();
         m_password = String();
         return true;

Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm (197222 => 197223)


--- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm	2016-02-27 01:21:37 UTC (rev 197222)
+++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm	2016-02-27 01:29:05 UTC (rev 197223)
@@ -253,6 +253,18 @@
     [m_sessionWithoutCredentialStorage invalidateAndCancel];
 }
 
+void NetworkSession::clearCredentials()
+{
+    NSURLCredentialStorage *credentialStorage = m_sessionWithCredentialStorage.get().configuration.URLCredentialStorage;
+    NSDictionary<NSURLProtectionSpace *, NSDictionary<NSString *, NSURLCredential *> *> *credentials = credentialStorage.allCredentials;
+    
+    for (NSURLProtectionSpace *protectionSpace in credentials) {
+        NSDictionary<NSString *, NSURLCredential *> *credentialsDict = [credentials objectForKey:protectionSpace];
+        for (NSString *user in credentialsDict)
+            [credentialStorage removeCredential:[credentialsDict objectForKey:user] forProtectionSpace:protectionSpace];
+    }
+}
+
 NetworkDataTask* NetworkSession::dataTaskForIdentifier(NetworkDataTask::TaskIdentifier taskIdentifier)
 {
     ASSERT(isMainThread());

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes