From 2b90b85687c2265847bc685a546a6085860545b1 Mon Sep 17 00:00:00 2001
From: "beidson@apple.com"
 <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue, 7 Feb 2012 21:37:17 +0000
Subject: [PATCH] <rdar://problem/9567286> and
 https://bugs.webkit.org/show_bug.cgi?id=78003 WebKit associates credentials
 with the wrong site if the authentication challenge takes place after a
 redirect chain

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Test: http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html

Associate the credential with the URL of the challenge itself, not the original request:
* platform/network/cf/ResourceHandleCFNet.cpp:
(WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
(WebCore::ResourceHandle::receivedCredential):
* platform/network/mac/ResourceHandleMac.mm:
(WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
(WebCore::ResourceHandle::receivedCredential):

LayoutTests:

* http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt: Added.
* http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html: Added.
* http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php: Added.
* http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php: Added.
* http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@106982 268f45cc-cd09-0410-ab3c-d52691b4dbfc
---
 LayoutTests/ChangeLog                              | 13 ++++++++++
 ...-redirect-stores-wrong-credentials-expected.txt | 30 ++++++++++++++++++++++
 ...on-after-redirect-stores-wrong-credentials.html | 20 +++++++++++++++
 .../wrong-credential-1-redirect-to-auth.php        |  6 +++++
 ...g-credential-2-auth-then-redirect-to-finish.php | 13 ++++++++++
 ...credential-3-output-credentials-then-finish.php | 10 ++++++++
 Source/WebCore/ChangeLog                           | 17 ++++++++++++
 .../platform/network/cf/ResourceHandleCFNet.cpp    |  6 ++---
 .../platform/network/mac/ResourceHandleMac.mm      |  4 +--
 9 files changed, 114 insertions(+), 5 deletions(-)
 create mode 100644 LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt
 create mode 100644 LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html
 create mode 100644 LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php
 create mode 100644 LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php
 create mode 100644 LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 2e8a7ea..b66ff40 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,16 @@
+2012-02-07  Brady Eidson  <beidson@apple.com>
+
+        <rdar://problem/9567286> and https://bugs.webkit.org/show_bug.cgi?id=78003
+        WebKit associates credentials with the wrong site if the authentication challenge takes place after a redirect chain
+
+        Reviewed by Alexey Proskuryakov.
+
+        * http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt: Added.
+        * http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html: Added.
+        * http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php: Added.
+        * http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php: Added.
+        * http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php: Added.
+
 2012-02-07  Julien Chaffraix  <jchaffraix@webkit.org>
 
         Revert r106958.
diff --git a/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt b/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt
new file mode 100644
index 0000000..d5e367b
--- /dev/null
+++ b/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt
@@ -0,0 +1,30 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didReceiveServerRedirectForProvisionalLoadForFrame
+<unknown> - didReceiveAuthenticationChallenge - Responding with httpUsername:httpPassword
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - willPerformClientRedirectToURL: http://localhost:8000/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php 
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCancelClientRedirectForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+This test causes an HTTP authentication challenge in the middle of a redirect chain.
+It then loads a new page after that challenge, and the new page should *not* get any credentials passed to it.
+See bug 78003 for more details.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+No HTTP authentication credentials
+
diff --git a/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html b/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html
new file mode 100644
index 0000000..a610a7b
--- /dev/null
+++ b/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html
@@ -0,0 +1,20 @@
+<html>
+<script>
+if (window.layoutTestController) {
+	layoutTestController.dumpAsText();
+	layoutTestController.dumpChildFramesAsText();
+	layoutTestController.waitUntilDone();
+	layoutTestController.setHandlesAuthenticationChallenges(true);
+    layoutTestController.setAuthenticationUsername("httpUsername");
+    layoutTestController.setAuthenticationPassword("httpPassword");
+}
+</script>
+
+<body>
+This test causes an HTTP authentication challenge in the middle of a redirect chain.<br>
+It then loads a new page after that challenge, and the new page should *not* get any credentials passed to it.<br>
+See <a href="https://bugs.webkit.org/show_bug.cgi?id=78003">bug 78003</a> for more details.<br>
+<iframe src="http://localhost:8000/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php">
+</iframe><br>
+</body>
+</html>
\ No newline at end of file
diff --git a/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php b/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php
new file mode 100644
index 0000000..352e87d
--- /dev/null
+++ b/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php
@@ -0,0 +1,6 @@
+<?php
+// This page was supposed to be loaded using a localhost URL.
+// That is important, and the next page has to be loaded using 127.0.0.1.
+header("Location: http://127.0.0.1:8000/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php");
+exit;
+?>
\ No newline at end of file
diff --git a/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php b/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php
new file mode 100644
index 0000000..f5d03bd
--- /dev/null
+++ b/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php
@@ -0,0 +1,13 @@
+<?php
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+    header('WWW-Authenticate: Basic');
+    header('HTTP/1.0 401 Unauthorized');
+    exit;
+}
+?>
+<script>
+// This page was supposed to be loaded using a 127.0.0.1 URL.
+// That is important, and the final page has to be loaded using localhost.
+// Plus, the redirect to the final page in this test has to be a new page load to trigger the bug; It cannot be an HTTP redirect.
+window.setTimeout("window.location = 'http://localhost:8000/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php';", 0);
+</script>
diff --git a/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php b/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php
new file mode 100644
index 0000000..937e460
--- /dev/null
+++ b/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php
@@ -0,0 +1,10 @@
+<?php
+if (!isset($_SERVER['PHP_AUTH_USER']))
+	echo "No HTTP authentication credentials<br>";
+else
+	echo "Authenticated as {$_SERVER['PHP_AUTH_USER']} with password {$_SERVER['PHP_AUTH_PW']}<br>";
+?>
+<script>
+if (window.layoutTestController)
+	layoutTestController.notifyDone();
+</script>
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index ebfaa53..780eca1 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2012-02-07  Brady Eidson  <beidson@apple.com>
+
+        <rdar://problem/9567286> and https://bugs.webkit.org/show_bug.cgi?id=78003
+        WebKit associates credentials with the wrong site if the authentication challenge takes place after a redirect chain
+
+        Reviewed by Alexey Proskuryakov.
+
+        Test: http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html
+
+        Associate the credential with the URL of the challenge itself, not the original request:
+        * platform/network/cf/ResourceHandleCFNet.cpp:
+        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): 
+        (WebCore::ResourceHandle::receivedCredential):
+        * platform/network/mac/ResourceHandleMac.mm:
+        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
+        (WebCore::ResourceHandle::receivedCredential):
+
 2012-02-07  Tony Chang  <tony@chromium.org>
 
         move warning about css values and render style constants closer to where it applies
diff --git a/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp b/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp
index 3ec3254..fbfb902 100644
--- a/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp
+++ b/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp
@@ -604,7 +604,7 @@ void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChall
         
         KURL urlToStore;
         if (challenge.failureResponse().httpStatusCode() == 401)
-            urlToStore = firstRequest().url();
+            urlToStore = challenge.failureResponse().url();
         CredentialStorage::set(core(credential.get()), challenge.protectionSpace(), urlToStore);
         
         CFURLConnectionUseCredential(d->m_connection.get(), credential.get(), challenge.cfURLAuthChallengeRef());
@@ -628,7 +628,7 @@ void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChall
                 ASSERT(credential.persistence() == CredentialPersistenceNone);
                 if (challenge.failureResponse().httpStatusCode() == 401) {
                     // Store the credential back, possibly adding it as a default for this directory.
-                    CredentialStorage::set(credential, challenge.protectionSpace(), firstRequest().url());
+                    CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
                 }
                 RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(credential));
                 CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
@@ -675,7 +675,7 @@ void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge
         
         KURL urlToStore;
         if (challenge.failureResponse().httpStatusCode() == 401)
-            urlToStore = firstRequest().url();      
+            urlToStore = challenge.failureResponse().url();      
         CredentialStorage::set(webCredential, challenge.protectionSpace(), urlToStore);
 
         CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
diff --git a/Source/WebCore/platform/network/mac/ResourceHandleMac.mm b/Source/WebCore/platform/network/mac/ResourceHandleMac.mm
index d22162e..06a81c5 100644
--- a/Source/WebCore/platform/network/mac/ResourceHandleMac.mm
+++ b/Source/WebCore/platform/network/mac/ResourceHandleMac.mm
@@ -562,7 +562,7 @@ void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChall
                 ASSERT(credential.persistence() == CredentialPersistenceNone);
                 if (challenge.failureResponse().httpStatusCode() == 401) {
                     // Store the credential back, possibly adding it as a default for this directory.
-                    CredentialStorage::set(credential, challenge.protectionSpace(), firstRequest().url());
+                    CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
                 }
                 [challenge.sender() useCredential:mac(credential) forAuthenticationChallenge:mac(challenge)];
                 return;
@@ -620,7 +620,7 @@ void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge
         Credential webCredential(credential, CredentialPersistenceNone);
         KURL urlToStore;
         if (challenge.failureResponse().httpStatusCode() == 401)
-            urlToStore = firstRequest().url();
+            urlToStore = challenge.failureResponse().url();
         CredentialStorage::set(webCredential, core([d->m_currentMacChallenge protectionSpace]), urlToStore);
         [[d->m_currentMacChallenge sender] useCredential:mac(webCredential) forAuthenticationChallenge:d->m_currentMacChallenge];
     } else
-- 
2.7.4