From: Raveendra Karu <r.karu@samsung.com>
Date: Mon, 25 Mar 2013 08:12:08 +0000 (+0900)
Subject: Authentication pop up is displayed even when Authentication credentials are set in... 
X-Git-Tag: 2.1_release~329
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ce692a9bae5f51993c97de97280bd8ea3e6c3930;p=platform%2Fframework%2Fweb%2Fwebkit-efl.git

Authentication pop up is displayed even when Authentication credentials are set in request url

[Title] Authentication pop up is displayed even when Authentication credentials are set in request url
[Issue#] DCM-596
[Problem] Even though request url contains Authentication credentials, Authentication pop is being shown.
[Cause] "Authorization" headers is not getting added to the request headers since it is skipped for http family protocols.
[Solution] Adding "Authorization" header to the request in case of http family protocols also.
[Developer] Raveendra Karu (r.karu@samsung.com)
---

diff --git a/Source/WebCore/platform/network/ResourceHandle.h b/Source/WebCore/platform/network/ResourceHandle.h
index 68f4be2..7d33b26 100644
--- a/Source/WebCore/platform/network/ResourceHandle.h
+++ b/Source/WebCore/platform/network/ResourceHandle.h
@@ -119,6 +119,11 @@ public:
     virtual void receivedRequestToContinueWithoutCredential(const AuthenticationChallenge&);
     virtual void receivedCancellation(const AuthenticationChallenge&);
 #endif
+#if USE(SOUP)
+#if ENABLE(TIZEN_ON_AUTHENTICATION_REQUESTED)
+    bool shouldUseCredentialStorage();
+#endif
+#endif
 
 #if PLATFORM(MAC)
 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
diff --git a/Source/WebCore/platform/network/soup/tizen/ResourceHandleSoupTizen.cpp b/Source/WebCore/platform/network/soup/tizen/ResourceHandleSoupTizen.cpp
index 7e45f53..364c03a 100755
--- a/Source/WebCore/platform/network/soup/tizen/ResourceHandleSoupTizen.cpp
+++ b/Source/WebCore/platform/network/soup/tizen/ResourceHandleSoupTizen.cpp
@@ -188,6 +188,9 @@ static bool startNonHTTPRequest(ResourceHandle*, KURL);
 #if ENABLE(WEB_TIMING)
 static int  milisecondsSinceRequest(double requestTime);
 #endif
+#if ENABLE(TIZEN_ON_AUTHENTICATION_REQUESTED)
+static void applyAuthenticationToRequest(ResourceHandle* handle, ResourceRequest& request, bool redirect);
+#endif
 
 ResourceHandleInternal::~ResourceHandleInternal()
 {
@@ -355,6 +358,44 @@ static void gotHeadersCallback(SoupMessage* msg, gpointer data)
     d->m_response = response;
 }
 
+#if ENABLE(TIZEN_ON_AUTHENTICATION_REQUESTED)
+static void applyAuthenticationToRequest(ResourceHandle* handle, ResourceRequest& request, bool redirect)
+{
+    // m_user/m_pass are credentials given manually, for instance, by the arguments passed to XMLHttpRequest.open().
+    ResourceHandleInternal* d = handle->getInternal();
+
+    if (handle->shouldUseCredentialStorage()) {
+        if (d->m_user.isEmpty() && d->m_pass.isEmpty())
+            d->m_initialCredential = CredentialStorage::get(request.url());
+        else if (!redirect) {
+            // If there is already a protection space known for the URL, update stored credentials
+            // before sending a request. This makes it possible to implement logout by sending an
+            // XMLHttpRequest with known incorrect credentials, and aborting it immediately (so that
+            // an authentication dialog doesn't pop up).
+            CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), request.url());
+        }
+    }
+
+    String user = d->m_user;
+    String password = d->m_pass;
+    if (!d->m_initialCredential.isEmpty()) {
+        user = d->m_initialCredential.user();
+        password = d->m_initialCredential.password();
+    }
+
+    if (user.isEmpty() && password.isEmpty())
+        return;
+
+    // We always put the credentials into the URL. In the CFNetwork-port HTTP family credentials are applied in
+    // the didReceiveAuthenticationChallenge callback, but libsoup requires us to use this method to override
+    // any previously remembered credentials. It has its own per-session credential storage.
+    KURL urlWithCredentials(request.url());
+    urlWithCredentials.setUser(user);
+    urlWithCredentials.setPass(password);
+    request.setURL(urlWithCredentials);
+}
+#endif
+
 // Called each time the message is going to be sent again except the first time.
 // It's used mostly to let webkit know about redirects.
 static void restartedCallback(SoupMessage* msg, gpointer data)
@@ -983,31 +1024,7 @@ bool ResourceHandle::start(NetworkingContext* context)
         return false;
 
 #if ENABLE(TIZEN_ON_AUTHENTICATION_REQUESTED)
-    if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) {
-        // Credentials for ftp can only be passed in URL, the didReceiveAuthenticationChallenge delegate call won't be made.
-        KURL urlWithCredentials(firstRequest().url());
-        urlWithCredentials.setUser(d->m_user);
-        urlWithCredentials.setPass(d->m_pass);
-        firstRequest().setURL(urlWithCredentials);
-    }
-
-    // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication,
-    // try and reuse the credential preemptively, as allowed by RFC 2617.
-    //if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) {
-    bool shouldUseCredentialStorage = client()->shouldUseCredentialStorage(this);
-
-    if (!shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) {
-        if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
-            // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication,
-            // try and reuse the credential preemptively, as allowed by RFC 2617.
-            d->m_initialCredential = CredentialStorage::get(firstRequest().url());
-        } else {
-            // If there is already a protection space known for the URL, update stored credentials before sending a request.
-            // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
-            // (so that an authentication dialog doesn't pop up).
-            CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
-        }
-    }
+    applyAuthenticationToRequest(this, firstRequest(), false);
 #else
     if (!(d->m_user.isEmpty() || d->m_pass.isEmpty())) {
         // If credentials were specified for this request, add them to the url,
@@ -1060,6 +1077,13 @@ void ResourceHandle::cancel()
         g_cancellable_cancel(d->m_cancellable.get());
 }
 
+#if ENABLE(TIZEN_ON_AUTHENTICATION_REQUESTED)
+bool ResourceHandle::shouldUseCredentialStorage()
+{
+    return (!client() || client()->shouldUseCredentialStorage(this)) && firstRequest().url().protocolIsInHTTPFamily();
+}
+#endif
+
 static bool hasBeenSent(ResourceHandle* handle)
 {
     ResourceHandleInternal* d = handle->getInternal();