Changeset 234912 in webkit

Timestamp:

Aug 15, 2018 10:38:39 PM (6 years ago)

Author:

commit-queue@webkit.org

Message:

NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault
​https://bugs.webkit.org/show_bug.cgi?id=186870
Source/WebCore:

<rdar://problem/41314410>

Patch by Ansh Shukla <​ansh_shukla@apple.com> on 2018-08-15
Reviewed by Alex Christensen.

Add the ProtectionSpaceAuthenticationSchemeOAuth type.

• platform/network/ProtectionSpaceBase.cpp:

(WebCore::ProtectionSpaceBase::isPasswordBased const): Return yes because the oauth challenge
expects a token in return.

• platform/network/ProtectionSpaceBase.h:
• platform/network/cocoa/ProtectionSpaceCocoa.mm:

(WebCore::scheme):
(WebCore::ProtectionSpace::nsSpace const):

Source/WebCore/PAL:

<rdar://problem/41314410>

Patch by Ansh Shukla <​ansh_shukla@apple.com> on 2018-08-15
Reviewed by Alex Christensen.

• pal/spi/cf/CFNetworkSPI.h: Declare OAuth string when not building against the

internal SDK.

Source/WebKit:

<rdar://problem/41314410>

Patch by Ansh Shukla <​ansh_shukla@apple.com> on 2018-08-15
Reviewed by Alex Christensen.

Correctly expose the OAuth protection space type in API.

• UIProcess/API/C/WKAPICast.h:

(WebKit::toAPI):

• UIProcess/API/C/WKProtectionSpaceTypes.h:

Tools:

<rdar://problem/41314410>

Patch by Ansh Shukla <​ansh_shukla@apple.com> on 2018-08-15
Reviewed by Alex Christensen.

• WebKitTestRunner/TestController.cpp:

(WTR::toString):
(WTR::TestController::canAuthenticateAgainstProtectionSpace): Expose type of authentication challenge so we can test OAuth.
(WTR::TestController::didReceiveAuthenticationChallenge):

LayoutTests:

Patch by Ansh Shukla <​ansh_shukla@apple.com> on 2018-08-15
Reviewed by Alex Christensen.

Ensure the exposed authentication type to clients is OAuth.

• http/tests/loading/oauth-expected.txt: Added.
• http/tests/loading/oauth.html: Added.
• http/tests/loading/resources/oauth-subresource.php: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/cache/disk-cache/speculative-validation/http-auth-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/loading/oauth-expected.txt (added)
• LayoutTests/http/tests/loading/oauth.html (added)
• LayoutTests/http/tests/loading/resources/oauth-subresource.php (added)
• LayoutTests/platform/mac-wk2/http/tests/inspector/network/resource-request-headers-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/loading/basic-auth-resend-wrong-credentials-expected.txt (modified) (2 diffs)
• LayoutTests/platform/wk2/http/tests/loading/basic-credentials-sent-automatically-expected.txt (modified) (2 diffs)
• LayoutTests/platform/wk2/http/tests/loading/oauth-expected.txt (added)
• LayoutTests/platform/wk2/http/tests/media/video-auth-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/media/video-auth-with-allowCrossOriginSubresourcesToAskForCredentials-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/misc/401-alternative-content-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-1/authentication-sent-to-redirect-cross-origin-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-2/authentication-sent-to-redirect-same-origin-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-3/authentication-sent-to-redirect-same-origin-with-location-credentials-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-4/authentication-sent-to-redirect-same-origin-url-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/security/401-logout/401-logout-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/security/basic-auth-subresource-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/security/credentials-iframes-allowCrossOriginSubresourcesToAskForCredentials-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-basic-auth-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-insecure-page.https-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-secure-page-via-insecure-redirect.https-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/xmlhttprequest/failed-auth-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/http/tests/xmlhttprequest/remember-bad-password-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/PAL/ChangeLog (modified) (1 diff)
• Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h (modified) (1 diff)
• Source/WebCore/platform/network/ProtectionSpaceBase.cpp (modified) (1 diff)
• Source/WebCore/platform/network/ProtectionSpaceBase.h (modified) (1 diff)
• Source/WebCore/platform/network/cocoa/ProtectionSpaceCocoa.mm (modified) (3 diffs)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/API/C/WKAPICast.h (modified) (1 diff)
• Source/WebKit/UIProcess/API/C/WKProtectionSpaceTypes.h (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/WebKitTestRunner/TestController.cpp (modified) (4 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2018-08-15  Ansh Shukla  <ansh_shukla@apple.com>
+
+        NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault
+        https://bugs.webkit.org/show_bug.cgi?id=186870
+
+        Reviewed by Alex Christensen.
+
+        Ensure the exposed authentication type to clients is OAuth.
+
+        * http/tests/loading/oauth-expected.txt: Added.
+        * http/tests/loading/oauth.html: Added.
+        * http/tests/loading/resources/oauth-subresource.php: Added.
+
 2018-08-15  Christopher Reid  <chris.reid@sony.com>
 

trunk/LayoutTests/http/tests/cache/disk-cache/speculative-validation/http-auth-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUsername:testPassword
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUsername:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 Tests speculative revalidation of authenticated resources.
 

trunk/LayoutTests/platform/mac-wk2/http/tests/inspector/network/resource-request-headers-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 Test for Resource request headers which may not have been immediately available but eventually are (Cookie, Authorization).
 

trunk/LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt

@@ -4 +4 @@
 frame "<!--frame1-->" - didStartProvisionalLoadForFrame
 frame "<!--frame1-->" - didReceiveServerRedirectForProvisionalLoadForFrame
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with httpUsername:httpPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with httpUsername:httpPassword
 frame "<!--frame1-->" - didCommitLoadForFrame
 frame "<!--frame1-->" - didFinishDocumentLoadForFrame

trunk/LayoutTests/platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt

@@ -3 +3 @@
 main frame - didFinishDocumentLoadForFrame
 frame "<!--frame1-->" - didStartProvisionalLoadForFrame
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with webkit:rocks
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with webkit:rocks
 frame "<!--frame1-->" - didCommitLoadForFrame
 frame "<!--frame1-->" - didFinishDocumentLoadForFrame

trunk/LayoutTests/platform/wk2/http/tests/loading/basic-auth-resend-wrong-credentials-expected.txt

@@ -5 +5 @@
 main frame - didFinishLoadForFrame
 frame "<!--frame1-->" - didStartProvisionalLoadForFrame
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with wrongusername:wrongpassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with wrongusername:wrongpassword
 frame "<!--frame1-->" - didCommitLoadForFrame
 frame "<!--frame1-->" - didFinishDocumentLoadForFrame
@@ -11 +11 @@
 frame "<!--frame1-->" - didFinishLoadForFrame
 frame "<!--frame2-->" - didStartProvisionalLoadForFrame
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with correctusername:correctpassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with correctusername:correctpassword
 frame "<!--frame2-->" - didCommitLoadForFrame
 frame "<!--frame2-->" - didFinishDocumentLoadForFrame

trunk/LayoutTests/platform/wk2/http/tests/loading/basic-credentials-sent-automatically-expected.txt

@@ -5 +5 @@
 main frame - didFinishLoadForFrame
 frame "<!--frame1-->" - didStartProvisionalLoadForFrame
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with first:first-pw
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with first:first-pw
 frame "<!--frame1-->" - didCommitLoadForFrame
 frame "<!--frame1-->" - didFinishDocumentLoadForFrame
@@ -11 +11 @@
 frame "<!--frame1-->" - didFinishLoadForFrame
 frame "<!--frame2-->" - didStartProvisionalLoadForFrame
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with second:second-pw
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with second:second-pw
 frame "<!--frame2-->" - didCommitLoadForFrame
 frame "<!--frame2-->" - didFinishDocumentLoadForFrame

trunk/LayoutTests/platform/wk2/http/tests/media/video-auth-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with username:password
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password
  
 Tests that the media player sends authorization credentials when requesting a media file.

trunk/LayoutTests/platform/wk2/http/tests/media/video-auth-with-allowCrossOriginSubresourcesToAskForCredentials-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with username:password
-localhost:8000 - didReceiveAuthenticationChallenge - Responding with username:password
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password
+localhost:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password
  
 Tests that the media player sends authorization credentials when requesting a media file.

trunk/LayoutTests/platform/wk2/http/tests/misc/401-alternative-content-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 PASS

trunk/LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-1/authentication-sent-to-redirect-cross-origin-expected.txt

@@ -1 @@
-localhost:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+localhost:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 https://bugs.webkit.org/show_bug.cgi?id=40138
 You should load this page at 127.0.0.1:8000 so localhost:8000 is considered a different security origin.

trunk/LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-2/authentication-sent-to-redirect-same-origin-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 https://bugs.webkit.org/show_bug.cgi?id=66354
 You should load this page at 127.0.0.1:8000 because the test relies on redirects within the 127.0.0.1:8000 security origin.

trunk/LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-3/authentication-sent-to-redirect-same-origin-with-location-credentials-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 https://bugs.webkit.org/show_bug.cgi?id=66354
 You should load this page at 127.0.0.1:8000 because the test relies on redirects within the 127.0.0.1:8000 security origin.

trunk/LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-4/authentication-sent-to-redirect-same-origin-url-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 https://bugs.webkit.org/show_bug.cgi?id=105190
 You should load this page at 127.0.0.1:8000 because the test relies on redirects within the 127.0.0.1:8000 security origin.

trunk/LayoutTests/platform/wk2/http/tests/security/401-logout/401-logout-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with username:password
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 PASS

trunk/LayoutTests/platform/wk2/http/tests/security/basic-auth-subresource-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 CONSOLE MESSAGE: Blocked http://localhost:8000/security/resources/subresource1/protected-image.php from asking for credentials because it is a cross-origin request.
 CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource1/protected-image.php from asking for credentials because it is a cross-origin request.
 CONSOLE MESSAGE: Blocked http://localhost:8000/security/resources/subresource2/protected-image.php from asking for credentials because it is a cross-origin request.
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.php from asking for credentials because it is a cross-origin request.
 CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource2/protected-image.php from asking for credentials because it is a cross-origin request.

trunk/LayoutTests/platform/wk2/http/tests/security/credentials-iframes-allowCrossOriginSubresourcesToAskForCredentials-expected.txt

@@ -1 +1 @@
 ALERT: parent host: 127.0.0.1 iframe host: 127.0.0.1 credentials:User: same-domain-user, password: same-domain-password.
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 ALERT: parent host: localhost iframe host: 127.0.0.1 credentials:Authentication canceled
 

trunk/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-basic-auth-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: line 33: The page at https://127.0.0.1:8443/security/mixedContent/insecure-basic-auth-image-allowCrossOriginSubresourcesToAskForCredentials.https.html was allowed to display insecure content from http://localhost:8000/security/mixedContent/resources/subresource2/protected-image.php.
 
-localhost:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+localhost:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 Tests that we do not ask for credentials when loading an insecure image that requires basic authentication.
 

trunk/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: line 18: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image-redirects-to-basic-auth-secure-image.html?allowCrossOriginSubresourcesToAskForCredentials=1 was allowed to display insecure content from http://127.0.0.1:8080/resources/redirect.php?url=https://localhost:8443/security/mixedContent/resources/subresource/protected-image.php.
 
-localhost:8443 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+localhost:8443 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 This test opens a new window to a secure page that loads an insecure image that redirects to a secure image guarded by basic authentication. The image should load.
 

trunk/LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-insecure-page.https-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 Authenticated with username testUser.

trunk/LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-secure-page-via-insecure-redirect.https-expected.txt

@@ -1 @@
-127.0.0.1:8443 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+127.0.0.1:8443 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 Authenticated with username testUser.

trunk/LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https.html was allowed to display insecure content from http://127.0.0.1:8080/resources/redirect.php?url=https://localhost:8443/security/mixedContent/resources/subresource/protected-image.php.
 
-localhost:8443 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+localhost:8443 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 This test loads a secure image that redirects to an insecure image that redirects to a secure image guarded by basic authentication. The image should load.
 

trunk/LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-allowCrossOriginSubresourcesToAskForCredentials.https.html was allowed to display insecure content from http://localhost:8080/security/mixedContent/resources/subresource/protected-image.php.
 
-localhost:8080 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+localhost:8080 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 This test loads a secure image that redirects to an secure image that redirects to an insecure image guarded by basic authentication. The image should load.
 

trunk/LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt

@@ -1 @@
-localhost:8443 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+localhost:8443 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 This test loads a secure image that redirects to a secure image that redirects to a secure image guarded by basic authentication. The secure image should load.
 

trunk/LayoutTests/platform/wk2/http/tests/xmlhttprequest/failed-auth-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 Test for bug 13075: XMLHttpRequest with failed authentication should set status to 401.
 

trunk/LayoutTests/platform/wk2/http/tests/xmlhttprequest/remember-bad-password-expected.txt

@@ -1 @@
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 rdar://problem/7062824 A wrong password entered for site or proxy auth remains in WebCore credential storage, and is sent with subsequent requests.
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2018-08-15  Ansh Shukla  <ansh_shukla@apple.com>
+
+        NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault
+        https://bugs.webkit.org/show_bug.cgi?id=186870
+        <rdar://problem/41314410>
+
+        Reviewed by Alex Christensen.
+
+        Add the ProtectionSpaceAuthenticationSchemeOAuth type.
+
+        * platform/network/ProtectionSpaceBase.cpp:
+        (WebCore::ProtectionSpaceBase::isPasswordBased const): Return yes because the oauth challenge
+        expects a token in return.
+        * platform/network/ProtectionSpaceBase.h:
+        * platform/network/cocoa/ProtectionSpaceCocoa.mm:
+        (WebCore::scheme):
+        (WebCore::ProtectionSpace::nsSpace const):
+
 2018-08-15  Ben Richards  <benton_richards@apple.com>
 

trunk/Source/WebCore/PAL/ChangeLog

@@ +1 @@
+2018-08-15  Ansh Shukla  <ansh_shukla@apple.com>
+
+        NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault
+        https://bugs.webkit.org/show_bug.cgi?id=186870
+        <rdar://problem/41314410>
+
+        Reviewed by Alex Christensen.
+
+        * pal/spi/cf/CFNetworkSPI.h: Declare OAuth string when not building against the
+        internal SDK.
+
 2018-08-15  Aditya Keerthi  <akeerthi@apple.com>
 

trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h

@@ -178 +178 @@
 #endif
 @end
+
+extern NSString * const NSURLAuthenticationMethodOAuth;
 
 #endif // defined(__OBJC__)

trunk/Source/WebCore/platform/network/ProtectionSpaceBase.cpp

@@ -109 +109 @@
     case ProtectionSpaceAuthenticationSchemeNTLM:
     case ProtectionSpaceAuthenticationSchemeNegotiate:
+    case ProtectionSpaceAuthenticationSchemeOAuth:
         return true;
     case ProtectionSpaceAuthenticationSchemeClientCertificateRequested:

trunk/Source/WebCore/platform/network/ProtectionSpaceBase.h

@@ -53 +53 @@
     ProtectionSpaceAuthenticationSchemeClientCertificateRequested = 7,
     ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested = 8,
+    ProtectionSpaceAuthenticationSchemeOAuth = 9,
     ProtectionSpaceAuthenticationSchemeUnknown = 100
 };

trunk/Source/WebCore/platform/network/cocoa/ProtectionSpaceCocoa.mm

@@ -26 +26 @@
 #import "config.h"
 #import "ProtectionSpaceCocoa.h"
+
+#import <pal/spi/cf/CFNetworkSPI.h>
 
 namespace WebCore {
@@ -81 +83 @@
         return ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested;
 #endif
+    if ([method isEqualToString:NSURLAuthenticationMethodOAuth])
+        return ProtectionSpaceAuthenticationSchemeOAuth;
 
     ASSERT_NOT_REACHED();
@@ -156 +160 @@
         break;
 #endif
+    case ProtectionSpaceAuthenticationSchemeOAuth:
+        method = NSURLAuthenticationMethodOAuth;
+        break;
     default:
         ASSERT_NOT_REACHED();

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2018-08-15  Ansh Shukla  <ansh_shukla@apple.com>
+
+        NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault
+        https://bugs.webkit.org/show_bug.cgi?id=186870
+        <rdar://problem/41314410>
+
+        Reviewed by Alex Christensen.
+
+        Correctly expose the OAuth protection space type in API.
+
+        * UIProcess/API/C/WKAPICast.h:
+        (WebKit::toAPI):
+        * UIProcess/API/C/WKProtectionSpaceTypes.h:
+
 2018-08-15  Ben Richards  <benton_richards@apple.com>
 

trunk/Source/WebKit/UIProcess/API/C/WKAPICast.h

@@ -365 +365 @@
     case WebCore::ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested:
         return kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested;
+    case WebCore::ProtectionSpaceAuthenticationSchemeOAuth:
+        return kWKProtectionSpaceAuthenticationSchemeOAuth;
     default:
         return kWKProtectionSpaceAuthenticationSchemeUnknown;

trunk/Source/WebKit/UIProcess/API/C/WKProtectionSpaceTypes.h

@@ -54 +54 @@
     kWKProtectionSpaceAuthenticationSchemeClientCertificateRequested,
     kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested,
+    kWKProtectionSpaceAuthenticationSchemeOAuth,
     kWKProtectionSpaceAuthenticationSchemeUnknown = 100,
 };

trunk/Tools/ChangeLog

@@ +1 @@
+2018-08-15  Ansh Shukla  <ansh_shukla@apple.com>
+
+        NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault
+        https://bugs.webkit.org/show_bug.cgi?id=186870
+        <rdar://problem/41314410>
+
+        Reviewed by Alex Christensen.
+
+        * WebKitTestRunner/TestController.cpp:
+        (WTR::toString):
+        (WTR::TestController::canAuthenticateAgainstProtectionSpace): Expose type of authentication challenge so we can test OAuth.
+        (WTR::TestController::didReceiveAuthenticationChallenge):
+
 2018-08-15  Ben Richards  <benton_richards@apple.com>
 

trunk/Tools/WebKitTestRunner/TestController.cpp

@@ -1810 +1810 @@
 }
 
+static const char* toString(WKProtectionSpaceAuthenticationScheme scheme)
+{
+    switch (scheme) {
+    case kWKProtectionSpaceAuthenticationSchemeDefault:
+        return "ProtectionSpaceAuthenticationSchemeDefault";
+    case kWKProtectionSpaceAuthenticationSchemeHTTPBasic:
+        return "ProtectionSpaceAuthenticationSchemeHTTPBasic";
+    case kWKProtectionSpaceAuthenticationSchemeHTMLForm:
+        return "ProtectionSpaceAuthenticationSchemeHTMLForm";
+    case kWKProtectionSpaceAuthenticationSchemeNTLM:
+        return "ProtectionSpaceAuthenticationSchemeNTLM";
+    case kWKProtectionSpaceAuthenticationSchemeNegotiate:
+        return "ProtectionSpaceAuthenticationSchemeNegotiate";
+    case kWKProtectionSpaceAuthenticationSchemeClientCertificateRequested:
+        return "ProtectionSpaceAuthenticationSchemeClientCertificateRequested";
+    case kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested:
+        return "ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested";
+    case kWKProtectionSpaceAuthenticationSchemeOAuth:
+        return "ProtectionSpaceAuthenticationSchemeOAuth";
+    case kWKProtectionSpaceAuthenticationSchemeUnknown:
+        return "ProtectionSpaceAuthenticationSchemeUnknown";
+    }
+    ASSERT_NOT_REACHED();
+    return "ProtectionSpaceAuthenticationSchemeUnknown";
+}
+
 bool TestController::canAuthenticateAgainstProtectionSpace(WKPageRef page, WKProtectionSpaceRef protectionSpace)
 {
@@ -1821 +1847 @@
     }
     
-    return authenticationScheme <= kWKProtectionSpaceAuthenticationSchemeHTTPDigest;
+    return authenticationScheme <= kWKProtectionSpaceAuthenticationSchemeHTTPDigest || authenticationScheme == kWKProtectionSpaceAuthenticationSchemeOAuth;
 }
 
@@ -1841 +1867 @@
     WKProtectionSpaceRef protectionSpace = WKAuthenticationChallengeGetProtectionSpace(authenticationChallenge);
     WKAuthenticationDecisionListenerRef decisionListener = WKAuthenticationChallengeGetDecisionListener(authenticationChallenge);
-
-    if (WKProtectionSpaceGetAuthenticationScheme(protectionSpace) == kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
+    WKProtectionSpaceAuthenticationScheme authenticationScheme = WKProtectionSpaceGetAuthenticationScheme(protectionSpace);
+
+    if (authenticationScheme == kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
         // Any non-empty credential signals to accept the server trust. Since the cross-platform API
         // doesn't expose a way to create a credential from server trust, we use a password credential.
@@ -1859 +1886 @@
     std::string host = toSTD(adoptWK(WKProtectionSpaceCopyHost(protectionSpace)).get());
     int port = WKProtectionSpaceGetPort(protectionSpace);
-    String message = String::format("%s:%d - didReceiveAuthenticationChallenge - ", host.c_str(), port);
+    String message = String::format("%s:%d - didReceiveAuthenticationChallenge - %s - ", host.c_str(), port, toString(authenticationScheme));
     if (!m_handlesAuthenticationChallenges)
         message.append("Simulating cancelled authentication sheet\n");