Bug 38956

Summary: [Gtk] http/tests/xmlhttprequest/basic-auth-default.html fails
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: mrobinson, svillar, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Other   
OS: All   
Attachments:
Description Flags
Fix basic authentication in WebKitGtk+
mrobinson: review-
Fix basic authentication in WebKitGtk+
mrobinson: review-
Fix basic authentication in WebKitGtk+ mrobinson: review+

Description Alexey Proskuryakov 2010-05-11 17:23:02 PDT
This means that loader doesn't preemptively send Basic credentials to directories that are known to be in a certain protection space.

This is not a bug per RFC 2616 - mostly a performance issue.
Comment 1 Sergio Villar Senin 2010-10-06 04:43:41 PDT
Created attachment 69924 [details]
Fix basic authentication in WebKitGtk+

libsoup does support sending credentials to directories under known protection spaces. The problem was basically located in soup_uri_to_string() function used to create the request. That function never returns the password, that's why authentication fails. This patch provides a wrapper over that function that makes this test work properly.
Comment 2 Martin Robinson 2010-10-08 08:35:58 PDT
Comment on attachment 69924 [details]
Fix basic authentication in WebKitGtk+

View in context: https://bugs.webkit.org/attachment.cgi?id=69924&action=review

Great patch. I have a few suggestions, but I like the way this fix is structured.

> WebCore/platform/network/soup/ResourceHandleSoup.cpp:755
> +    ResourceHandleInternal* d = handle->getInternal();
> +
> +    d->m_context = context;

I don't understand how this change is related. Was it included by accident?

> WebCore/platform/network/soup/ResourceRequestSoup.cpp:28
> +#include "UriSoup.h"

I think I'd prefer this include to be called SoupURI or SoupURIUtils to match the type name.

> WebCore/platform/network/soup/UriSoup.cpp:27
> +gchar*
> +uriSoupToStringWithPassword(SoupURI* soupUri)

No newline needed after the return type and the parameter should be soupURI. IMO, it should also be soupURITo<something> (see below).

> WebCore/platform/network/soup/UriSoup.cpp:42
> +    gchar* url = soup_uri_to_string(soupUri, FALSE);
> +
> +    if (!soupUri->password)
> +        return url;
> +
> +    GString* stringUrl = g_string_sized_new(strlen(url) + strlen(soupUri->password) + 1);
> +    const gchar* at = strchr(url, '@');
> +
> +    stringUrl = g_string_append(stringUrl, url);
> +    stringUrl = g_string_insert_c(stringUrl, at - url, ':');
> +    stringUrl = g_string_insert(stringUrl, at - url + 1, soupUri->password);
> +    g_free(url);
> +
> +    return g_string_free(stringUrl, FALSE);

Perhaps this method should just return a KURL. That might future-proof it in case soup ever starts including the password. It could just be something like this:

GOwnPtr<gchar> urlString(soup_uri_toString(soupURI));
KURL url(KURL(), String::fromUTF8(urlString.get()));
if (!soupURI->password)
    return url;
url->setPass(String::fromUTF8(soupURI->password);
return url;

You should also put a comment here with a link to the bug and a little text describing the issue.

> WebCore/platform/network/soup/UriSoup.h:3
> + * Copyright (C) 2008 Xan Lopez <xan@gnome.org>
> + * Copyright (C) 2008 Apple Inc. All rights reserved.

There should just be an Igalia line here and 2010. :)

> WebCore/platform/network/soup/UriSoup.h:30
> +#include <libsoup/soup.h>

I'd prefer a forward declaration here instead of a libsoup include.
Comment 3 Sergio Villar Senin 2010-10-08 08:46:18 PDT
(In reply to comment #2)
> (From update of attachment 69924 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=69924&action=review
> 
> Great patch. I have a few suggestions, but I like the way this fix is structured.
> 
> > WebCore/platform/network/soup/ResourceHandleSoup.cpp:755
> > +    ResourceHandleInternal* d = handle->getInternal();
> > +
> > +    d->m_context = context;
> 
> I don't understand how this change is related. Was it included by accident?

Actually it's not related but I think it's missing anyway.
 
> > WebCore/platform/network/soup/ResourceRequestSoup.cpp:28
> > +#include "UriSoup.h"
> 
> I think I'd prefer this include to be called SoupURI or SoupURIUtils to match the type name.

Not strong feelings about that, but take into account that we currently have CookieJarSoup or GOwnPtrSoup. That was the reason why I chose uri before Soup.
 
> > WebCore/platform/network/soup/UriSoup.cpp:27
> > +gchar*
> > +uriSoupToStringWithPassword(SoupURI* soupUri)
> 
> No newline needed after the return type and the parameter should be soupURI. IMO, it should also be soupURITo<something> (see below).
> 
> > WebCore/platform/network/soup/UriSoup.cpp:42
> > +    gchar* url = soup_uri_to_string(soupUri, FALSE);
> > +
> > +    if (!soupUri->password)
> > +        return url;
> > +
> > +    GString* stringUrl = g_string_sized_new(strlen(url) + strlen(soupUri->password) + 1);
> > +    const gchar* at = strchr(url, '@');
> > +
> > +    stringUrl = g_string_append(stringUrl, url);
> > +    stringUrl = g_string_insert_c(stringUrl, at - url, ':');
> > +    stringUrl = g_string_insert(stringUrl, at - url + 1, soupUri->password);
> > +    g_free(url);
> > +
> > +    return g_string_free(stringUrl, FALSE);
> 
> Perhaps this method should just return a KURL. That might future-proof it in case soup ever starts including the password. It could just be something like this:
> 
> GOwnPtr<gchar> urlString(soup_uri_toString(soupURI));
> KURL url(KURL(), String::fromUTF8(urlString.get()));
> if (!soupURI->password)
>     return url;
> url->setPass(String::fromUTF8(soupURI->password);
> return url;

I like your approach.
 
> You should also put a comment here with a link to the bug and a little text describing the issue.
> 
> > WebCore/platform/network/soup/UriSoup.h:3
> > + * Copyright (C) 2008 Xan Lopez <xan@gnome.org>
> > + * Copyright (C) 2008 Apple Inc. All rights reserved.
> 
> There should just be an Igalia line here and 2010. :)

Ups, copy&paste badness I guess :)
 
> > WebCore/platform/network/soup/UriSoup.h:30
> > +#include <libsoup/soup.h>
> 
> I'd prefer a forward declaration here instead of a libsoup include.

Ok
Comment 4 Sergio Villar Senin 2010-10-26 11:47:39 PDT
Created attachment 71921 [details]
Fix basic authentication in WebKitGtk+
Comment 5 WebKit Review Bot 2010-10-26 11:51:42 PDT
Attachment 71921 [details] did not pass style-queue:

Failed to run "['WebKitTools/Scripts/check-webkit-style']" exit_code: 1
WebCore/platform/network/soup/SoupURIUtils.h:26:  #ifndef header guard has wrong style, please use: SoupURIUtils_h  [build/header_guard] [5]
Total errors found: 1 in 8 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 6 Martin Robinson 2010-10-26 11:54:50 PDT
Comment on attachment 71921 [details]
Fix basic authentication in WebKitGtk+

View in context: https://bugs.webkit.org/attachment.cgi?id=71921&action=review

This looks great! There are just a couple small issues.

> WebCore/ChangeLog:11
> +        Added a new utility function that turns SoupURI's into
> +        KURL's. That addresses some issues with SoupURI's like for example
> +        soup_uri_to_string ignoring the URI password. Basic authentication
> +        using URL credentials should work now.

I think all the SoupURI's and KURL's should be SoupURIs and KURLs.

> WebCore/platform/network/soup/ResourceHandleSoup.cpp:759
> +    ResourceHandleInternal* d = handle->getInternal();
> +
> +    d->m_context = context;
>      handle->start(context);

How does this relate to the rest of the patch? It's very unclear to me. Perhaps a note in the ChangeLog at line 16.

> WebCore/platform/network/soup/SoupURIUtils.h:27
> +#ifndef UriSoup_h
> +#define UriSoup_h

You should update the header guard.
Comment 7 Sergio Villar Senin 2010-10-27 02:08:01 PDT
Created attachment 71996 [details]
Fix basic authentication in WebKitGtk+
Comment 8 Martin Robinson 2010-10-27 08:52:09 PDT
Comment on attachment 71996 [details]
Fix basic authentication in WebKitGtk+

Thanks! I'll land this one.
Comment 9 Martin Robinson 2010-10-27 08:59:01 PDT
Committed r70651: <http://trac.webkit.org/changeset/70651>