Changeset 206731 in webkit
- Timestamp:
- Oct 3, 2016 3:32:52 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 1 deleted
- 15 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/ChangeLog
r206618 r206731 1 2016-10-03 Carlos Garcia Campos <cgarcia@igalia.com> 2 3 [SOUP] Cleanup persistent credential storage code 4 https://bugs.webkit.org/show_bug.cgi?id=162777 5 6 Reviewed by Alex Christensen. 7 8 Remove ENABLE(CREDENTIAL_STORAGE) build flag and replace it by USE(LIBSECRET). 9 10 * Source/cmake/OptionsGTK.cmake: 11 * Source/cmake/WebKitFeatures.cmake: 12 1 13 2016-09-29 Aaron Chu <aaron_chu@apple.com> 2 14 -
trunk/Source/WebCore/ChangeLog
r206730 r206731 1 2016-10-03 Carlos Garcia Campos <cgarcia@igalia.com> 2 3 [SOUP] Cleanup persistent credential storage code 4 https://bugs.webkit.org/show_bug.cgi?id=162777 5 6 Reviewed by Alex Christensen. 7 8 We have this feature behind ENABLE_CREDENTIAL_STORAGE flag, which is confusing, because we use credential 9 storage unconditionally and this is only about persistent storage. Also the flag assumes libsecret is available, 10 and since it's only used by GTK sometimes we use GTK ifdefs instead of CREDENTIAL_STORAGE. So, I think we should 11 use USE(LIBSECRET) instead, and reduce a bit the ifdefs in common soup code. Another problem is that current 12 implementation is always used, while it should depend on the current network storage session and never used in 13 ephemeral sessions. This patch moves the code from CredentialBackingStore to NetworkStorageSessionSoup and 14 modernizes a bit. 15 16 * PlatformGTK.cmake: Remove CredentialBackingStore.cpp. 17 * platform/gtk/GRefPtrGtk.cpp: Use USE(LIBSECRET) 18 * platform/gtk/GRefPtrGtk.h: 19 * platform/network/NetworkStorageSession.h: 20 * platform/network/ResourceHandleInternal.h: 21 * platform/network/gtk/CredentialBackingStore.cpp: Removed. 22 * platform/network/gtk/CredentialBackingStore.h: Removed. 23 * platform/network/soup/NetworkStorageSessionSoup.cpp: 24 (WebCore::NetworkStorageSession::~NetworkStorageSession): 25 (WebCore::schemeFromProtectionSpaceServerType): 26 (WebCore::authTypeFromProtectionSpaceAuthenticationScheme): 27 (WebCore::NetworkStorageSession::getCredentialFromPersistentStorage): 28 (WebCore::NetworkStorageSession::saveCredentialToPersistentStorage): 29 (WebCore::NetworkStorageSession::ensurePrivateBrowsingSession): Deleted. 30 (WebCore::NetworkStorageSession::switchToNewTestingSession): Deleted. 31 * platform/network/soup/ResourceHandleSoup.cpp: 32 (WebCore::gotHeadersCallback): 33 (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): 34 (WebCore::ResourceHandle::receivedCredential): 35 (WebCore::ResourceHandle::continueDidReceiveAuthenticationChallenge): Deleted. 36 (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential): Deleted. 37 (WebCore::ResourceHandle::receivedCancellation): Deleted. 38 1 39 2016-10-03 Carlos Garcia Campos <cgarcia@igalia.com> 2 40 -
trunk/Source/WebCore/PlatformGTK.cmake
r206381 r206731 163 163 platform/mediastream/gtk/SDPProcessorScriptResourceGtk.cpp 164 164 165 platform/network/gtk/CredentialBackingStore.cpp166 167 165 platform/network/soup/AuthenticationChallengeSoup.cpp 168 166 platform/network/soup/CertificateInfo.cpp -
trunk/Source/WebCore/platform/gtk/GRefPtrGtk.cpp
r194377 r206731 24 24 #include <gtk/gtk.h> 25 25 26 #if ENABLE(CREDENTIAL_STORAGE)26 #if USE(LIBSECRET) 27 27 #define SECRET_WITH_UNSTABLE 1 28 28 #define SECRET_API_SUBJECT_TO_CHANGE 1 … … 45 45 } 46 46 47 #if ENABLE(CREDENTIAL_STORAGE)47 #if USE(LIBSECRET) 48 48 template <> SecretValue* refGPtr(SecretValue* ptr) 49 49 { -
trunk/Source/WebCore/platform/gtk/GRefPtrGtk.h
r194377 r206731 32 32 template <> void derefGPtr(GtkTargetList* ptr); 33 33 34 #if ENABLE(CREDENTIAL_STORAGE)34 #if USE(LIBSECRET) 35 35 template <> SecretValue* refGPtr(SecretValue* ptr); 36 36 template <> void derefGPtr(SecretValue* ptr); -
trunk/Source/WebCore/platform/network/NetworkStorageSession.h
r204603 r206731 35 35 #endif 36 36 37 #if USE(SOUP) 38 #include <wtf/Function.h> 39 #include <wtf/glib/GRefPtr.h> 40 #endif 41 37 42 namespace WebCore { 38 43 … … 67 72 68 73 SoupNetworkSession& soupNetworkSession() const; 69 void setSoupNetworkSession(std::unique_ptr<SoupNetworkSession>); 74 void getCredentialFromPersistentStorage(const ProtectionSpace&, Function<void (Credential&&)> completionHandler); 75 void saveCredentialToPersistentStorage(const ProtectionSpace&, const Credential&); 70 76 #else 71 77 NetworkStorageSession(SessionID, NetworkingContext*); … … 83 89 #elif USE(SOUP) 84 90 std::unique_ptr<SoupNetworkSession> m_session; 91 #if USE(LIBSECRET) 92 Function<void (Credential&&)> m_persisentStorageCompletionHandler; 93 GRefPtr<GCancellable> m_persisentStorageCancellable; 94 #endif 85 95 #else 86 96 RefPtr<NetworkingContext> m_context; -
trunk/Source/WebCore/platform/network/ResourceHandleInternal.h
r202611 r206731 179 179 size_t m_previousPosition; 180 180 bool m_useAuthenticationManager; 181 #endif182 #if PLATFORM(GTK)183 181 struct { 184 182 Credential credential; 185 AuthenticationChallenge challenge;183 ProtectionSpace protectionSpace; 186 184 } m_credentialDataToSaveInPersistentStore; 187 185 #endif -
trunk/Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp
r204327 r206731 2 2 * Copyright (C) 2013 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2013 University of Szeged. All rights reserved. 4 * Copyright (C) 2016 Igalia S.L. 4 5 * 5 6 * Redistribution and use in source and binary forms, with or without … … 32 33 #include "ResourceHandle.h" 33 34 #include "SoupNetworkSession.h" 35 #include <libsoup/soup.h> 34 36 #include <wtf/MainThread.h> 35 37 #include <wtf/NeverDestroyed.h> 38 #include <wtf/glib/GUniquePtr.h> 39 40 #if USE(LIBSECRET) 41 #include "GRefPtrGtk.h" 42 #include <glib/gi18n-lib.h> 43 #define SECRET_WITH_UNSTABLE 1 44 #define SECRET_API_SUBJECT_TO_CHANGE 1 45 #include <libsecret/secret.h> 46 #endif 36 47 37 48 namespace WebCore { … … 45 56 NetworkStorageSession::~NetworkStorageSession() 46 57 { 58 #if USE(LIBSECRET) 59 g_cancellable_cancel(m_persisentStorageCancellable.get()); 60 #endif 47 61 } 48 62 … … 79 93 } 80 94 81 void NetworkStorageSession::setSoupNetworkSession(std::unique_ptr<SoupNetworkSession> session) 82 { 83 m_session = WTFMove(session); 84 } 85 86 } 87 88 #endif 95 #if USE(LIBSECRET) 96 static const char* schemeFromProtectionSpaceServerType(ProtectionSpaceServerType serverType) 97 { 98 switch (serverType) { 99 case ProtectionSpaceServerHTTP: 100 case ProtectionSpaceProxyHTTP: 101 return SOUP_URI_SCHEME_HTTP; 102 case ProtectionSpaceServerHTTPS: 103 case ProtectionSpaceProxyHTTPS: 104 return SOUP_URI_SCHEME_HTTPS; 105 case ProtectionSpaceServerFTP: 106 case ProtectionSpaceProxyFTP: 107 return SOUP_URI_SCHEME_FTP; 108 case ProtectionSpaceServerFTPS: 109 case ProtectionSpaceProxySOCKS: 110 break; 111 } 112 113 ASSERT_NOT_REACHED(); 114 return SOUP_URI_SCHEME_HTTP; 115 } 116 117 static const char* authTypeFromProtectionSpaceAuthenticationScheme(ProtectionSpaceAuthenticationScheme scheme) 118 { 119 switch (scheme) { 120 case ProtectionSpaceAuthenticationSchemeDefault: 121 case ProtectionSpaceAuthenticationSchemeHTTPBasic: 122 return "Basic"; 123 case ProtectionSpaceAuthenticationSchemeHTTPDigest: 124 return "Digest"; 125 case ProtectionSpaceAuthenticationSchemeNTLM: 126 return "NTLM"; 127 case ProtectionSpaceAuthenticationSchemeNegotiate: 128 return "Negotiate"; 129 case ProtectionSpaceAuthenticationSchemeHTMLForm: 130 case ProtectionSpaceAuthenticationSchemeClientCertificateRequested: 131 case ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested: 132 ASSERT_NOT_REACHED(); 133 break; 134 case ProtectionSpaceAuthenticationSchemeUnknown: 135 return "unknown"; 136 } 137 138 ASSERT_NOT_REACHED(); 139 return "unknown"; 140 } 141 #endif // USE(LIBSECRET) 142 143 void NetworkStorageSession::getCredentialFromPersistentStorage(const ProtectionSpace& protectionSpace, Function<void (Credential&&)> completionHandler) 144 { 145 #if USE(LIBSECRET) 146 if (m_sessionID.isEphemeral()) { 147 completionHandler({ }); 148 return; 149 } 150 151 const String& realm = protectionSpace.realm(); 152 if (realm.isEmpty()) { 153 completionHandler({ }); 154 return; 155 } 156 157 GRefPtr<GHashTable> attributes = adoptGRef(secret_attributes_build(SECRET_SCHEMA_COMPAT_NETWORK, 158 "domain", realm.utf8().data(), 159 "server", protectionSpace.host().utf8().data(), 160 "port", protectionSpace.port(), 161 "protocol", schemeFromProtectionSpaceServerType(protectionSpace.serverType()), 162 "authtype", authTypeFromProtectionSpaceAuthenticationScheme(protectionSpace.authenticationScheme()), 163 nullptr)); 164 if (!attributes) { 165 completionHandler({ }); 166 return; 167 } 168 169 m_persisentStorageCancellable = adoptGRef(g_cancellable_new()); 170 m_persisentStorageCompletionHandler = WTFMove(completionHandler); 171 secret_service_search(nullptr, SECRET_SCHEMA_COMPAT_NETWORK, attributes.get(), 172 static_cast<SecretSearchFlags>(SECRET_SEARCH_UNLOCK | SECRET_SEARCH_LOAD_SECRETS), m_persisentStorageCancellable.get(), 173 [](GObject* source, GAsyncResult* result, gpointer userData) { 174 GUniqueOutPtr<GError> error; 175 GUniquePtr<GList> elements(secret_service_search_finish(SECRET_SERVICE(source), result, &error.outPtr())); 176 if (g_error_matches (error.get(), G_IO_ERROR, G_IO_ERROR_CANCELLED)) 177 return; 178 179 NetworkStorageSession* session = static_cast<NetworkStorageSession*>(userData); 180 auto completionHandler = std::exchange(session->m_persisentStorageCompletionHandler, nullptr); 181 if (error || !elements || !elements->data) { 182 completionHandler({ }); 183 return; 184 } 185 186 GRefPtr<SecretItem> secretItem = adoptGRef(static_cast<SecretItem*>(elements->data)); 187 GRefPtr<GHashTable> attributes = adoptGRef(secret_item_get_attributes(secretItem.get())); 188 String user = String::fromUTF8(static_cast<const char*>(g_hash_table_lookup(attributes.get(), "user"))); 189 if (user.isEmpty()) { 190 completionHandler({ }); 191 return; 192 } 193 194 size_t length; 195 GRefPtr<SecretValue> secretValue = adoptGRef(secret_item_get_secret(secretItem.get())); 196 const char* passwordData = secret_value_get(secretValue.get(), &length); 197 completionHandler(Credential(user, String::fromUTF8(passwordData, length), CredentialPersistencePermanent)); 198 }, this); 199 #else 200 UNUSED_PARAM(protectionSpace); 201 completionHandler({ }); 202 #endif 203 } 204 205 void NetworkStorageSession::saveCredentialToPersistentStorage(const ProtectionSpace& protectionSpace, const Credential& credential) 206 { 207 #if USE(LIBSECRET) 208 if (m_sessionID.isEphemeral()) 209 return; 210 211 if (credential.isEmpty()) 212 return; 213 214 const String& realm = protectionSpace.realm(); 215 if (realm.isEmpty()) 216 return; 217 218 GRefPtr<GHashTable> attributes = adoptGRef(secret_attributes_build(SECRET_SCHEMA_COMPAT_NETWORK, 219 "domain", realm.utf8().data(), 220 "server", protectionSpace.host().utf8().data(), 221 "port", protectionSpace.port(), 222 "protocol", schemeFromProtectionSpaceServerType(protectionSpace.serverType()), 223 "authtype", authTypeFromProtectionSpaceAuthenticationScheme(protectionSpace.authenticationScheme()), 224 nullptr)); 225 if (!attributes) 226 return; 227 228 g_hash_table_insert(attributes.get(), g_strdup("user"), g_strdup(credential.user().utf8().data())); 229 CString utf8Password = credential.password().utf8(); 230 GRefPtr<SecretValue> newSecretValue = adoptGRef(secret_value_new(utf8Password.data(), utf8Password.length(), "text/plain")); 231 secret_service_store(nullptr, SECRET_SCHEMA_COMPAT_NETWORK, attributes.get(), SECRET_COLLECTION_DEFAULT, _("WebKitGTK+ password"), 232 newSecretValue.get(), nullptr, nullptr, nullptr); 233 #else 234 UNUSED_PARAM(protectionSpace); 235 UNUSED_PARAM(credential); 236 #endif 237 } 238 239 } // namespace WebCore 240 241 #endif // USE(SOUP) -
trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
r206582 r206731 67 67 #include "BlobRegistryImpl.h" 68 68 69 #if PLATFORM(GTK)70 #include "CredentialBackingStore.h"71 #endif72 73 69 namespace WebCore { 74 70 … … 231 227 ResourceHandleInternal* d = handle->getInternal(); 232 228 233 #if PLATFORM(GTK)234 229 // We are a bit more conservative with the persistent credential storage than the session store, 235 230 // since we are waiting until we know that this authentication succeeded before actually storing. 236 231 // This is because we want to avoid hitting the disk twice (once to add and once to remove) for 237 232 // incorrect credentials or polluting the keychain with invalid credentials. 238 if (!isAuthenticationFailureStatusCode(message->status_code) && message->status_code < 500 && !d->m_credentialDataToSaveInPersistentStore.credential.isEmpty()) {239 credentialBackingStore().storeCredentialsForChallenge(240 d->m_credentialDataToSaveInPersistentStore. challenge,233 if (!isAuthenticationFailureStatusCode(message->status_code) && message->status_code < 500) { 234 d->m_context->storageSession().saveCredentialToPersistentStorage( 235 d->m_credentialDataToSaveInPersistentStore.protectionSpace, 241 236 d->m_credentialDataToSaveInPersistentStore.credential); 242 237 } 243 #endif244 238 245 239 // The original response will be needed later to feed to willSendRequest in … … 971 965 } 972 966 973 #if PLATFORM(GTK)974 void getCredentialFromPersistentStoreCallback(const Credential& credential, void* data)975 {976 static_cast<ResourceHandle*>(data)->continueDidReceiveAuthenticationChallenge(credential);977 }978 #endif979 980 967 void ResourceHandle::continueDidReceiveAuthenticationChallenge(const Credential& credentialFromPersistentStorage) 981 968 { … … 1031 1018 soup_session_pause_message(challenge.soupSession(), challenge.soupMessage()); 1032 1019 1033 #if PLATFORM(GTK)1034 1020 // We could also do this before we even start the request, but that would be at the expense 1035 1021 // of all request latency, versus a one-time latency for the small subset of requests that … … 1037 1023 // will become session credentials after the first use. 1038 1024 if (useCredentialStorage) { 1039 credentialBackingStore().credentialForChallenge(challenge, getCredentialFromPersistentStoreCallback, this); 1040 return; 1041 } 1042 #endif 1025 d->m_context->storageSession().getCredentialFromPersistentStorage(challenge.protectionSpace(), [this, protectedThis = makeRef(*this)] (Credential&& credential) { 1026 continueDidReceiveAuthenticationChallenge(WTFMove(credential)); 1027 }); 1028 return; 1029 } 1043 1030 1044 1031 continueDidReceiveAuthenticationChallenge(Credential()); … … 1075 1062 CredentialStorage::defaultCredentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url()); 1076 1063 1077 #if PLATFORM(GTK)1078 1064 if (credential.persistence() == CredentialPersistencePermanent) { 1079 1065 d->m_credentialDataToSaveInPersistentStore.credential = credential; 1080 d->m_credentialDataToSaveInPersistentStore. challenge = challenge;1066 d->m_credentialDataToSaveInPersistentStore.protectionSpace = challenge.protectionSpace(); 1081 1067 } 1082 #endif1083 1068 } 1084 1069 -
trunk/Source/WebKit2/ChangeLog
r206720 r206731 1 2016-10-03 Carlos Garcia Campos <cgarcia@igalia.com> 2 3 [SOUP] Cleanup persistent credential storage code 4 https://bugs.webkit.org/show_bug.cgi?id=162777 5 6 Reviewed by Alex Christensen. 7 8 Use USE(LIBSECRET) instead of ENABLE(CREDENTIAL_STORAGE). 9 10 * UIProcess/API/gtk/WebKitAuthenticationRequest.cpp: 11 (webkit_authentication_request_can_save_credentials): 12 1 13 2016-10-02 Ryan Haddad <ryanhaddad@apple.com> 2 14 -
trunk/Source/WebKit2/UIProcess/API/gtk/WebKitAuthenticationRequest.cpp
r186059 r206731 162 162 g_return_val_if_fail(WEBKIT_IS_AUTHENTICATION_REQUEST(request), FALSE); 163 163 164 #if ENABLE(CREDENTIAL_STORAGE)164 #if USE(LIBSECRET) 165 165 return !request->priv->privateBrowsingEnabled; 166 166 #else -
trunk/Source/cmake/OptionsGTK.cmake
r206507 r206731 88 88 WEBKIT_OPTION_DEFINE(USE_LIBNOTIFY "Whether to enable the default web notification implementation." PUBLIC ON) 89 89 WEBKIT_OPTION_DEFINE(USE_LIBHYPHEN "Whether to enable the default automatic hyphenation implementation." PUBLIC ON) 90 WEBKIT_OPTION_DEFINE(USE_LIBSECRET "Whether to enable the persistent credential storage using libsecret." PUBLIC ON) 90 91 91 92 # Private options specific to the GTK+ port. Changing these options is … … 134 135 # changing the value of the option. 135 136 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_ACCELERATED_2D_CANVAS PUBLIC OFF) 136 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_CREDENTIAL_STORAGE PUBLIC ON)137 137 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_DRAG_SUPPORT PUBLIC ON) 138 138 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_GEOLOCATION PUBLIC ON) … … 229 229 endif () 230 230 231 if ( ENABLE_CREDENTIAL_STORAGE)231 if (USE_LIBSECRET) 232 232 find_package(Libsecret) 233 233 if (NOT LIBSECRET_FOUND) 234 message(FATAL_ERROR "libsecret is needed for ENABLE_CREDENTIAL_STORAGE")234 message(FATAL_ERROR "libsecret is needed for USE_LIBSECRET") 235 235 endif () 236 236 endif () -
trunk/Source/cmake/WebKitFeatures.cmake
r206503 r206731 84 84 WEBKIT_OPTION_DEFINE(ENABLE_CONTENT_FILTERING "Toggle content filtering support" PRIVATE OFF) 85 85 WEBKIT_OPTION_DEFINE(ENABLE_CONTEXT_MENUS "Toggle Context Menu support" PRIVATE ON) 86 WEBKIT_OPTION_DEFINE(ENABLE_CREDENTIAL_STORAGE "Toggle Credential Storage support" PRIVATE OFF)87 86 WEBKIT_OPTION_DEFINE(ENABLE_CSP_NEXT "Toggle Content Security Policy 1.1 support" PRIVATE OFF) 88 87 WEBKIT_OPTION_DEFINE(ENABLE_CSS3_TEXT "Toggle CSS3 Text support" PRIVATE OFF) -
trunk/Tools/ChangeLog
r206723 r206731 1 2016-10-03 Carlos Garcia Campos <cgarcia@igalia.com> 2 3 [SOUP] Cleanup persistent credential storage code 4 https://bugs.webkit.org/show_bug.cgi?id=162777 5 6 Reviewed by Alex Christensen. 7 8 Use USE(LIBSECRET) instead of ENABLE(CREDENTIAL_STORAGE). 9 10 * TestWebKitAPI/Tests/WebKit2Gtk/TestAuthentication.cpp: 11 (testWebViewAuthenticationStorage): 12 1 13 2016-10-02 Darin Adler <darin@apple.com> 2 14 -
trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestAuthentication.cpp
r190413 r206731 196 196 // If WebKit has been compiled with libsecret, and private browsing is disabled 197 197 // then check that credentials can be saved. 198 #if ENABLE(CREDENTIAL_STORAGE)198 #if USE(LIBSECRET) 199 199 webkit_settings_set_enable_private_browsing(webkit_web_view_get_settings(test->m_webView), FALSE); 200 200 test->loadURI(kServer->getURIForPath("/auth-test.html").data());
Note: See TracChangeset
for help on using the changeset viewer.