RESOLVED FIXED 84697
[BlackBerry] Auth credentials set in private mode are reused in public mode. 
https://bugs.webkit.org/show_bug.cgi?id=84697
Summary [BlackBerry] Auth credentials set in private mode are reused in public mode.
Jason Liu
Reported 2012-04-24 03:23:04 PDT
1. Turn on private browsing mode 2. Go to a site that uses Basic, Digest, or NTLM auth 3. Log in 4. Close the tab and turn off private browsing mode 5. Go back to the same site Expected: 5. Will need to type username and password again Observed: 5. Logs into site automatically
Attachments
Patch (6.62 KB, patch)
2012-04-25 01:48 PDT, Jason Liu 		no flags
DetailsFormatted DiffDiff
Patch (6.80 KB, patch)
2012-05-06 22:37 PDT, Jason Liu 		no flags
DetailsFormatted DiffDiff
Patch (6.79 KB, patch)
2012-05-08 02:09 PDT, Jason Liu 		no flags
DetailsFormatted DiffDiff
Patch (6.78 KB, patch)
2012-05-08 19:17 PDT, Jason Liu 		no flags
DetailsFormatted DiffDiff
Patch (6.78 KB, patch)
2012-05-08 19:22 PDT, Jason Liu 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Jason Liu
Comment 1 2012-04-25 01:48:07 PDT
Created attachment 138761 [details] Patch
Joe Mason
Comment 2 2012-04-25 07:03:10 PDT
Looks good to me.
Jason Liu
Comment 3 2012-04-27 22:58:10 PDT
r?
Antonio Gomes
Comment 4 2012-04-28 06:39:33 PDT
Comment on attachment 138761 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=138761&action=review > Source/WebCore/ChangeLog:11 > + Add setPrivateMode function for CredentialStorage. > + > + We have to change Private Browsering to test, so have to write a manual test case. > + Test: ManualTests/blackberry/http-auth-private-mode-changed.html you could explain better why the change here > Source/WebCore/platform/network/CredentialStorage.cpp:166 > +void CredentialStorage::setPrivateMode(const bool mode) > +{ > + if (!mode) > + protectionSpaceToCredentialMap().clear(); > +} so here you delete all credentials you have, even the ones before entering private mode?
Antonio Gomes
Comment 5 2012-04-28 06:40:29 PDT
Comment on attachment 138761 [details] Patch Also, how do other browsers behavior? do they need this code? r- due to the poor changelog description, and the two open questions.
Jason Liu
Comment 6 2012-05-06 20:37:15 PDT
(In reply to comment #4) > (From update of attachment 138761 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=138761&action=review > > > Source/WebCore/ChangeLog:11 > > + Add setPrivateMode function for CredentialStorage. > > + > > + We have to change Private Browsering to test, so have to write a manual test case. > > + Test: ManualTests/blackberry/http-auth-private-mode-changed.html > > you could explain better why the change here > I will add comments. > > Source/WebCore/platform/network/CredentialStorage.cpp:166 > > +void CredentialStorage::setPrivateMode(const bool mode) > > +{ > > + if (!mode) > > + protectionSpaceToCredentialMap().clear(); > > +} > > so here you delete all credentials you have, even the ones before entering private mode? Yes. It is like cookies. And FireFox does like this, too. Can't find chrome's private mode.
Antonio Gomes
Comment 7 2012-05-06 21:07:02 PDT
> > > Source/WebCore/platform/network/CredentialStorage.cpp:166 > > > +void CredentialStorage::setPrivateMode(const bool mode) > > > +{ > > > + if (!mode) > > > + protectionSpaceToCredentialMap().clear(); > > > +} > > > > so here you delete all credentials you have, even the ones before entering private mode? > > Yes. It is like cookies. > And FireFox does like this, too. Can't find chrome's private mode. ctrl+shitf+n :)
Jason Liu
Comment 8 2012-05-06 21:12:34 PDT
(In reply to comment #7) > > > > Source/WebCore/platform/network/CredentialStorage.cpp:166 > > > > +void CredentialStorage::setPrivateMode(const bool mode) > > > > +{ > > > > + if (!mode) > > > > + protectionSpaceToCredentialMap().clear(); > > > > +} > > > > > > so here you delete all credentials you have, even the ones before entering private mode? > > > > Yes. It is like cookies. > > And FireFox does like this, too. Can't find chrome's private mode. > > ctrl+shitf+n :) I will try this. Thank you :)
Jason Liu
Comment 9 2012-05-06 22:24:39 PDT
(In reply to comment #8) > (In reply to comment #7) > > > > > Source/WebCore/platform/network/CredentialStorage.cpp:166 > > > > > +void CredentialStorage::setPrivateMode(const bool mode) > > > > > +{ > > > > > + if (!mode) > > > > > + protectionSpaceToCredentialMap().clear(); > > > > > +} > > > > > > > > so here you delete all credentials you have, even the ones before entering private mode? > > > > > > Yes. It is like cookies. > > > And FireFox does like this, too. Can't find chrome's private mode. > > > > ctrl+shitf+n :) > > I will try this. Thank you :) Google's Chrome pop a new window for private mode. It is different from our browser.
Jason Liu
Comment 10 2012-05-06 22:37:21 PDT
Created attachment 140478 [details] Patch
Rob Buis
Comment 11 2012-05-07 08:27:50 PDT
Comment on attachment 140478 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=140478&action=review Still some stuff to clean up. > Source/WebCore/ChangeLog:10 > + Now, we only save credentials in memery and CredentialBackingStore isn't enabled. Typo memery -> memory > Source/WebCore/ChangeLog:13 > + We have to change Private Browsering to test, so have to write a manual test case. Private Browsing. > Source/WebCore/platform/network/CredentialStorage.cpp:162 > +void CredentialStorage::setPrivateMode(const bool mode) No need for const bool.
Jason Liu
Comment 12 2012-05-08 02:09:08 PDT
Created attachment 140694 [details] Patch
Rob Buis
Comment 13 2012-05-08 06:53:32 PDT
Comment on attachment 140694 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=140694&action=review Looks good. > Source/WebKit/blackberry/ChangeLog:10 > + We have to change Private Browsering to test, so have to write a manual test case. Browsing :)
Jason Liu
Comment 14 2012-05-08 19:17:55 PDT
Created attachment 140852 [details] Patch
Jason Liu
Comment 15 2012-05-08 19:22:02 PDT
Created attachment 140853 [details] Patch
Rob Buis
Comment 16 2012-05-08 19:23:11 PDT
Comment on attachment 140853 [details] Patch Looks good.
Jason Liu
Comment 17 2012-05-08 19:25:59 PDT
(In reply to comment #16) > (From update of attachment 140853 [details]) > Looks good. Thank you. :)
WebKit Review Bot
Comment 18 2012-05-08 20:34:30 PDT
Comment on attachment 140853 [details] Patch Clearing flags on attachment: 140853 Committed r116488: <http://trac.webkit.org/changeset/116488>
WebKit Review Bot
Comment 19 2012-05-08 20:34:36 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.