[haiku-webkit-commits] r478 - in webkit/trunk/WebKit: . haiku/WebPositive

  • From: webkit@xxxxxxxxxxxxxxx
  • To: haiku-webkit-commits@xxxxxxxxxxxxx
  • Date: Mon, 03 May 2010 16:56:55 +0000

Author: stippi
Date: Mon May  3 16:56:54 2010
New Revision: 478
URL: http://mmlr.dyndns.org/changeset/478

Log:
Implemented a CredentialsStorage class with optional persistency. Two global
objects are used for session and persistent storage of credentials with the
appropriate locking. Passwords are stored on disk insecurely. If the user
uses the checkmark in the authentication window to remember the credentials,
the persistent storage will be used, otherwise the session storage. In another
words, even if not asked to remember the credentials, the same user/pass never
needs to be entered more than once per session, unlike before. WebCore already
contains a CredentialStorage class, but we don't use it. It could be used via
the CURL networking backend implementation, only the CF backend uses it at all.
Since we don't have a "keyring" OS level service, this solution was more
convenient for the time being.

Note all this has nothing to do with storage of form data entered by the user.

Added:
   webkit/trunk/WebKit/haiku/WebPositive/CredentialsStorage.cpp
   webkit/trunk/WebKit/haiku/WebPositive/CredentialsStorage.h
Modified:
   webkit/trunk/WebKit/Jamfile
   webkit/trunk/WebKit/haiku/WebPositive/BrowserWindow.cpp
   webkit/trunk/WebKit/haiku/WebPositive/BrowserWindow.h

Modified: webkit/trunk/WebKit/Jamfile
==============================================================================
--- webkit/trunk/WebKit/Jamfile Mon May  3 16:52:02 2010        (r477)
+++ webkit/trunk/WebKit/Jamfile Mon May  3 16:56:54 2010        (r478)
@@ -148,6 +148,7 @@
        BrowserApp.cpp
        BrowserWindow.cpp
     BrowsingHistory.cpp
+    CredentialsStorage.cpp
     DownloadProgressView.cpp
     DownloadWindow.cpp
     SettingsKeys.cpp

Modified: webkit/trunk/WebKit/haiku/WebPositive/BrowserWindow.cpp
==============================================================================
--- webkit/trunk/WebKit/haiku/WebPositive/BrowserWindow.cpp     Mon May  3 
16:52:02 2010        (r477)
+++ webkit/trunk/WebKit/haiku/WebPositive/BrowserWindow.cpp     Mon May  3 
16:56:54 2010        (r478)
@@ -37,6 +37,7 @@
 #include "BaseURL.h"
 #include "BrowserApp.h"
 #include "BrowsingHistory.h"
+#include "CredentialsStorage.h"
 #include "IconButton.h"
 #include "NavMenu.h"
 #include "SettingsKeys.h"
@@ -1151,6 +1152,27 @@
        BString& inOutPassword, bool& inOutRememberCredentials, uint32 
failureCount,
        BWebView* view)
 {
+       CredentialsStorage* persistentStorage
+               = CredentialsStorage::PersistentInstance();
+       CredentialsStorage* sessionStorage
+               = CredentialsStorage::SessionInstance();
+
+       // TODO: Using the message as key here is not so smart.
+       HashKeyString key(message);
+
+       if (failureCount == 0) {
+               if (persistentStorage->Contains(key)) {
+                       Credentials credentials = 
persistentStorage->GetCredentials(key);
+                       inOutUser = credentials.Username();
+                       inOutPassword = credentials.Password();
+                       return true;
+               } else if (sessionStorage->Contains(key)) {
+                       Credentials credentials = 
sessionStorage->GetCredentials(key);
+                       inOutUser = credentials.Username();
+                       inOutPassword = credentials.Password();
+                       return true;
+               }
+       }
        // Switch to the page for which this authentication is required.
        if (view != CurrentWebView()) {
                int32 tabIndex = fTabManager->TabForView(view);
@@ -1164,9 +1186,17 @@
        }
        AuthenticationPanel* panel = new AuthenticationPanel(Frame());
                // Panel auto-destructs.
-       return panel->getAuthentication(message, inOutUser, inOutPassword,
+       bool success = panel->getAuthentication(message, inOutUser, 
inOutPassword,
                inOutRememberCredentials, failureCount > 0, inOutUser, 
inOutPassword,
                &inOutRememberCredentials);
+       if (success) {
+               Credentials credentials(inOutUser, inOutPassword);
+               if (inOutRememberCredentials)
+                       persistentStorage->PutCredentials(key, credentials);
+               else
+                       sessionStorage->PutCredentials(key, credentials);
+       }
+       return success;
 }
 
 

Modified: webkit/trunk/WebKit/haiku/WebPositive/BrowserWindow.h
==============================================================================
--- webkit/trunk/WebKit/haiku/WebPositive/BrowserWindow.h       Mon May  3 
16:52:02 2010        (r477)
+++ webkit/trunk/WebKit/haiku/WebPositive/BrowserWindow.h       Mon May  3 
16:56:54 2010        (r478)
@@ -30,6 +30,8 @@
 #define BROWSER_WINDOW_H
 
 
+#include "HashKeys.h"
+#include "HashMap.h"
 #include "WebWindow.h"
 #include <Messenger.h>
 #include <String.h>

Added: webkit/trunk/WebKit/haiku/WebPositive/CredentialsStorage.cpp
==============================================================================
--- /dev/null   00:00:00 1970   (empty, because file is newly added)
+++ webkit/trunk/WebKit/haiku/WebPositive/CredentialsStorage.cpp        Mon May 
 3 16:56:54 2010        (r478)
@@ -0,0 +1,275 @@
+/*
+ * Copyright (C) 2010 Stephan Aßmus <superstippi@xxxxxx>
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "CredentialsStorage.h"
+
+#include <new>
+#include <stdio.h>
+
+#include <Autolock.h>
+#include <Entry.h>
+#include <File.h>
+#include <FindDirectory.h>
+#include <Message.h>
+#include <Path.h>
+
+#include "BrowserApp.h"
+
+
+Credentials::Credentials()
+       :
+       fUsername(),
+       fPassword()
+{
+}
+
+
+Credentials::Credentials(const BString& username, const BString& password)
+       :
+       fUsername(username),
+       fPassword(password)
+{
+}
+
+
+Credentials::Credentials(const Credentials& other)
+{
+       *this = other;
+}
+
+
+Credentials::Credentials(const BMessage* archive)
+{
+       if (archive == NULL)
+               return;
+       archive->FindString("username", &fUsername);
+       archive->FindString("password", &fPassword);
+}
+
+
+Credentials::~Credentials()
+{
+}
+
+
+status_t
+Credentials::Archive(BMessage* archive) const
+{
+       if (archive == NULL)
+               return B_BAD_VALUE;
+       status_t status = archive->AddString("username", fUsername);
+       if (status == B_OK)
+               status = archive->AddString("password", fPassword);
+       return status;
+}
+
+
+Credentials&
+Credentials::operator=(const Credentials& other)
+{
+       if (this == &other)
+               return *this;
+
+       fUsername = other.fUsername;
+       fPassword = other.fPassword;
+
+       return *this;
+}
+
+
+bool
+Credentials::operator==(const Credentials& other) const
+{
+       if (this == &other)
+               return true;
+
+       return fUsername == other.fUsername && fPassword == other.fPassword;
+}
+
+
+bool
+Credentials::operator!=(const Credentials& other) const
+{
+       return !(*this == other);
+}
+
+
+const BString&
+Credentials::Username() const
+{
+       return fUsername;
+}
+
+
+const BString&
+Credentials::Password() const
+{
+       return fPassword;
+}
+
+
+// #pragma mark - CredentialsStorage
+
+
+CredentialsStorage
+CredentialsStorage::sPersistentInstance(true);
+
+
+CredentialsStorage
+CredentialsStorage::sSessionInstance(false);
+
+
+CredentialsStorage::CredentialsStorage(bool persistent)
+       :
+       BLocker(persistent ? "persistent credential storage"
+               : "credential storage"),
+       fCredentialMap(),
+       fSettingsLoaded(false),
+       fPersistent(persistent)
+{
+}
+
+
+CredentialsStorage::~CredentialsStorage()
+{
+       _SaveSettings();
+}
+
+
+/*static*/ CredentialsStorage*
+CredentialsStorage::SessionInstance()
+{
+       return &sSessionInstance;
+}
+
+
+/*static*/ CredentialsStorage*
+CredentialsStorage::PersistentInstance()
+{
+       if (sPersistentInstance.Lock()) {
+               sPersistentInstance._LoadSettings();
+               sPersistentInstance.Unlock();
+       }
+       return &sPersistentInstance;
+}
+
+
+bool
+CredentialsStorage::Contains(const HashKeyString& key)
+{
+       BAutolock _(this);
+
+       return fCredentialMap.ContainsKey(key);
+}
+
+
+status_t
+CredentialsStorage::PutCredentials(const HashKeyString& key,
+       const Credentials& credentials)
+{
+       BAutolock _(this);
+
+       return fCredentialMap.Put(key, credentials);
+}
+
+
+Credentials
+CredentialsStorage::GetCredentials(const HashKeyString& key)
+{
+       BAutolock _(this);
+
+       return fCredentialMap.Get(key);
+}
+
+
+// #pragma mark - private
+
+
+void
+CredentialsStorage::_LoadSettings()
+{
+       if (!fPersistent || fSettingsLoaded)
+               return;
+
+       fSettingsLoaded = true;
+
+       BFile settingsFile;
+       if (_OpenSettingsFile(settingsFile, B_READ_ONLY)) {
+               BMessage settingsArchive;
+               settingsArchive.Unflatten(&settingsFile);
+               BMessage credentialsArchive;
+               for (int32 i = 0; settingsArchive.FindMessage("credentials", i,
+                               &credentialsArchive) == B_OK; i++) {
+                       BString key;
+                       if (credentialsArchive.FindString("key", &key) == B_OK) 
{
+                               Credentials credentials(&credentialsArchive);
+                               fCredentialMap.Put(key, credentials);
+                       }
+               }
+       }
+}
+
+
+void
+CredentialsStorage::_SaveSettings() const
+{
+       BFile settingsFile;
+       if (_OpenSettingsFile(settingsFile,
+                       B_CREATE_FILE | B_ERASE_FILE | B_WRITE_ONLY)) {
+               BMessage settingsArchive;
+               BMessage credentialsArchive;
+               CredentialMap::Iterator iterator = fCredentialMap.GetIterator();
+               while (iterator.HasNext()) {
+                       const CredentialMap::Entry& entry = iterator.Next();
+                       if (entry.value.Archive(&credentialsArchive) != B_OK
+                               || credentialsArchive.AddString("key",
+                                       entry.key.value) != B_OK) {
+                               break;
+                       }
+                       if (settingsArchive.AddMessage("credentials",
+                                       &credentialsArchive) != B_OK) {
+                               break;
+                       }
+                       credentialsArchive.MakeEmpty();
+               }
+               settingsArchive.Flatten(&settingsFile);
+       }
+}
+
+
+bool
+CredentialsStorage::_OpenSettingsFile(BFile& file, uint32 mode) const
+{
+       BPath path;
+       if (find_directory(B_USER_SETTINGS_DIRECTORY, &path) != B_OK
+               || path.Append(kApplicationName) != B_OK
+               || path.Append("CredentialsStorage") != B_OK) {
+               return false;
+       }
+       return file.SetTo(path.Path(), mode) == B_OK;
+}
+

Added: webkit/trunk/WebKit/haiku/WebPositive/CredentialsStorage.h
==============================================================================
--- /dev/null   00:00:00 1970   (empty, because file is newly added)
+++ webkit/trunk/WebKit/haiku/WebPositive/CredentialsStorage.h  Mon May  3 
16:56:54 2010        (r478)
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2010 Stephan Aßmus <superstippi@xxxxxx>
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef CREDENTIAL_STORAGE_H
+#define CREDENTIAL_STORAGE_H
+
+#include "HashKeys.h"
+#include "HashMap.h"
+#include <Locker.h>
+#include <String.h>
+
+
+class BFile;
+class BMessage;
+class BString;
+
+
+class Credentials {
+public:
+                                                               Credentials();
+                                                               
Credentials(const BString& username,
+                                                                       const 
BString& password);
+                                                               Credentials(
+                                                                       const 
Credentials& other);
+                                                               
Credentials(const BMessage* archive);
+                                                               ~Credentials();
+
+                       status_t                        Archive(BMessage* 
archive) const;
+
+                       Credentials&            operator=(const Credentials& 
other);
+
+                       bool                            operator==(const 
Credentials& other) const;
+                       bool                            operator!=(const 
Credentials& other) const;
+
+                       const BString&          Username() const;
+                       const BString&          Password() const;
+
+private:
+                       BString                         fUsername;
+                       BString                         fPassword;
+};
+
+
+class CredentialsStorage : public BLocker {
+public:
+       static  CredentialsStorage*     SessionInstance();
+       static  CredentialsStorage*     PersistentInstance();
+
+                       bool                            Contains(const 
HashKeyString& key);
+                       status_t                        PutCredentials(const 
HashKeyString& key,
+                                                                       const 
Credentials& credentials);
+                       Credentials                     GetCredentials(const 
HashKeyString& key);
+
+private:
+                                                               
CredentialsStorage(bool persistent);
+       virtual                                         ~CredentialsStorage();
+
+                       void                            _LoadSettings();
+                       void                            _SaveSettings() const;
+                       bool                            
_OpenSettingsFile(BFile& file,
+                                                                       uint32 
mode) const;
+
+private:
+                       typedef HashMap<HashKeyString, Credentials> 
CredentialMap;
+                       CredentialMap           fCredentialMap;
+
+       static  CredentialsStorage      sPersistentInstance;
+       static  CredentialsStorage      sSessionInstance;
+                       bool                            fSettingsLoaded;
+                       bool                            fPersistent;
+};
+
+
+#endif // CREDENTIAL_STORAGE_H
+

Other related posts:

  • » [haiku-webkit-commits] r478 - in webkit/trunk/WebKit: . haiku/WebPositive - webkit