[BlackBerry] When HTTP auth fails, only purge credentials that match the failed credentials https://bugs.webkit.org/show_bug.cgi?id=116164 Patch by Joe Mason <jmason@blackberry.com> on 2013-05-15 Reviewed by Rob Buis. Internal PR: 338490 Internally Reviewed By: Lyon Chen When there are multiple HTTP requests in flight with the same bad credentials (common with proxy auth if the user mistyped their password), the first 407 that's received will cause the credentials to be purged and the password dialog to open for new credentials. This means that all 407's received after this should only purge the credentials if they have not already been updated from the dialog; otherwise they will be wiping out credentials that haven't failed yet. * platform/network/blackberry/NetworkJob.cpp: (WebCore::NetworkJob::sendRequestWithCredentials): (WebCore::NetworkJob::purgeCredentials): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@150147 268f45cc-cd09-0410-ab3c-d52691b4dbfc

commit: 8fd47179c1dfec14c898dc5ce873193ddbe49184 [log] [tgz]
author: commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Wed May 15 21:23:52 2013
committer: commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Wed May 15 21:23:52 2013
tree: 31b871de7f4089c802a550daa14e625db795d9e1
parent: af0eaca03e81527a7799b6c15a087151e4785c74 [diff]
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index d6bc9d9..9547170 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog

@@ -1,3 +1,24 @@
+2013-05-15  Joe Mason  <jmason@blackberry.com>
+
+        [BlackBerry] When HTTP auth fails, only purge credentials that match the failed credentials
+        https://bugs.webkit.org/show_bug.cgi?id=116164
+
+        Reviewed by Rob Buis.
+
+        Internal PR: 338490
+        Internally Reviewed By: Lyon Chen
+
+        When there are multiple HTTP requests in flight with the same bad credentials (common with
+        proxy auth if the user mistyped their password), the first 407 that's received will cause
+        the credentials to be purged and the password dialog to open for new credentials. This means
+        that all 407's received after this should only purge the credentials if they have not
+        already been updated from the dialog; otherwise they will be wiping out credentials that
+        haven't failed yet.
+
+        * platform/network/blackberry/NetworkJob.cpp:
+        (WebCore::NetworkJob::sendRequestWithCredentials):
+        (WebCore::NetworkJob::purgeCredentials):
+
 2013-05-15  Chris Fleizach  <cfleizach@apple.com>
 
         AX: Use caching when requesting children object on iOS

diff --git a/Source/WebCore/platform/network/blackberry/NetworkJob.cpp b/Source/WebCore/platform/network/blackberry/NetworkJob.cpp
index a53270d..92b5abe 100644
--- a/Source/WebCore/platform/network/blackberry/NetworkJob.cpp
+++ b/Source/WebCore/platform/network/blackberry/NetworkJob.cpp

@@ -862,6 +862,7 @@
         challenge.setStored(true);
         updateCurrentWebChallenge(challenge);
     } else {
+        ASSERT(credential.isEmpty());
         if (m_handle->firstRequest().targetType() == ResourceRequest::TargetIsFavicon) {
             // The favicon loading is triggerred after the main resource has been loaded
             // and parsed, so if we cancel the authentication challenge when loading the main
@@ -964,6 +965,10 @@
 
     purgeCredentials(m_handle->getInternal()->m_hostWebChallenge);
     purgeCredentials(m_handle->getInternal()->m_proxyWebChallenge);
+
+    m_handle->getInternal()->m_currentWebChallenge.nullify();
+    m_handle->getInternal()->m_proxyWebChallenge.nullify();
+    m_handle->getInternal()->m_hostWebChallenge.nullify();
 }
 
 void NetworkJob::purgeCredentials(AuthenticationChallenge& challenge)
@@ -990,11 +995,17 @@
         m_handle->getInternal()->m_pass = "";
     }
 
-    CredentialStorage::remove(challenge.protectionSpace());
-    challenge.setStored(false);
+    // Do not compare credential objects with == here, since we don't care about the persistence.
+
+    const Credential& storedCredential = CredentialStorage::get(challenge.protectionSpace());
+    if (storedCredential.user() == purgeUsername && storedCredential.password() == purgePassword) {
+        CredentialStorage::remove(challenge.protectionSpace());
+        challenge.setStored(false);
+    }
 #if ENABLE(BLACKBERRY_CREDENTIAL_PERSIST)
-    if (challenge.proposedCredential() == credentialBackingStore().getLogin(challenge.protectionSpace()))
-        credentialBackingStore().removeLogin(challenge.protectionSpace(), challenge.proposedCredential().user());
+    const Credential& persistedCredential = credentialBackingStore().getLogin(challenge.protectionSpace());
+    if (persistedCredential.user() == purgeUsername && persistedCredential.password() == purgePassword)
+        credentialBackingStore().removeLogin(challenge.protectionSpace(), purgeUsername);
 #endif
 }
commit	8fd47179c1dfec14c898dc5ce873193ddbe49184	[log] [tgz]
author	commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Wed May 15 21:23:52 2013
committer	commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Wed May 15 21:23:52 2013
tree	31b871de7f4089c802a550daa14e625db795d9e1
parent	af0eaca03e81527a7799b6c15a087151e4785c74 [diff]