Implemented a CredentialsStorage class with optional persistency. Two global

objects are used for session and persistent storage of credentials with the
appropriate locking. Passwords are stored on disk insecurely. If the user
uses the checkmark in the authentication window to remember the credentials,
the persistent storage will be used, otherwise the session storage. In another
words, even if not asked to remember the credentials, the same user/pass never
needs to be entered more than once per session, unlike before. WebCore already
contains a CredentialStorage class, but we don't use it. It could be used via
the CURL networking backend implementation, only the CF backend uses it at all.
Since we don't have a "keyring" OS level service, this solution was more
convenient for the time being.

Note all this has nothing to do with storage of form data entered by the user.

git-svn-id: http://svn.haiku-os.org/webpositive/webkit/trunk@478 94f232f2-1747-11df-bad5-a5bfde151594

src/apps/webpositive/BrowserWindow.cpp

@@ -37,6 +37,7 @@
 #include "BaseURL.h"
 #include "BrowserApp.h"
 #include "BrowsingHistory.h"
+#include "CredentialsStorage.h"
 #include "IconButton.h"
 #include "NavMenu.h"
 #include "SettingsKeys.h"
@@ -1151,6 +1152,27 @@ BrowserWindow::AuthenticationChallenge(BString message, BString& inOutUser,
 	BString& inOutPassword, bool& inOutRememberCredentials, uint32 failureCount,
 	BWebView* view)
 {
+	CredentialsStorage* persistentStorage
+		= CredentialsStorage::PersistentInstance();
+	CredentialsStorage* sessionStorage
+		= CredentialsStorage::SessionInstance();
+
+	// TODO: Using the message as key here is not so smart.
+	HashKeyString key(message);
+
+	if (failureCount == 0) {
+		if (persistentStorage->Contains(key)) {
+			Credentials credentials = persistentStorage->GetCredentials(key);
+			inOutUser = credentials.Username();
+			inOutPassword = credentials.Password();
+			return true;
+		} else if (sessionStorage->Contains(key)) {
+			Credentials credentials = sessionStorage->GetCredentials(key);
+			inOutUser = credentials.Username();
+			inOutPassword = credentials.Password();
+			return true;
+		}
+	}
 	// Switch to the page for which this authentication is required.
 	if (view != CurrentWebView()) {
 		int32 tabIndex = fTabManager->TabForView(view);
@@ -1164,9 +1186,17 @@ BrowserWindow::AuthenticationChallenge(BString message, BString& inOutUser,
 	}
 	AuthenticationPanel* panel = new AuthenticationPanel(Frame());
 		// Panel auto-destructs.
-	return panel->getAuthentication(message, inOutUser, inOutPassword,
+	bool success = panel->getAuthentication(message, inOutUser, inOutPassword,
 		inOutRememberCredentials, failureCount > 0, inOutUser, inOutPassword,
 		&inOutRememberCredentials);
+	if (success) {
+		Credentials credentials(inOutUser, inOutPassword);
+		if (inOutRememberCredentials)
+			persistentStorage->PutCredentials(key, credentials);
+		else
+			sessionStorage->PutCredentials(key, credentials);
+	}
+	return success;
 }
 
 

src/apps/webpositive/BrowserWindow.h

@@ -30,6 +30,8 @@
 #define BROWSER_WINDOW_H
 
 
+#include "HashKeys.h"
+#include "HashMap.h"
 #include "WebWindow.h"
 #include <Messenger.h>
 #include <String.h>

src/apps/webpositive/CredentialsStorage.cpp

@@ -0,0 +1,275 @@
+/*
+ * Copyright (C) 2010 Stephan Aßmus <superstippi@gmx.de>
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "CredentialsStorage.h"
+
+#include <new>
+#include <stdio.h>
+
+#include <Autolock.h>
+#include <Entry.h>
+#include <File.h>
+#include <FindDirectory.h>
+#include <Message.h>
+#include <Path.h>
+
+#include "BrowserApp.h"
+
+
+Credentials::Credentials()
+	:
+	fUsername(),
+	fPassword()
+{
+}
+
+
+Credentials::Credentials(const BString& username, const BString& password)
+	:
+	fUsername(username),
+	fPassword(password)
+{
+}
+
+
+Credentials::Credentials(const Credentials& other)
+{
+	*this = other;
+}
+
+
+Credentials::Credentials(const BMessage* archive)
+{
+	if (archive == NULL)
+		return;
+	archive->FindString("username", &fUsername);
+	archive->FindString("password", &fPassword);
+}
+
+
+Credentials::~Credentials()
+{
+}
+
+
+status_t
+Credentials::Archive(BMessage* archive) const
+{
+	if (archive == NULL)
+		return B_BAD_VALUE;
+	status_t status = archive->AddString("username", fUsername);
+	if (status == B_OK)
+		status = archive->AddString("password", fPassword);
+	return status;
+}
+
+
+Credentials&
+Credentials::operator=(const Credentials& other)
+{
+	if (this == &other)
+		return *this;
+
+	fUsername = other.fUsername;
+	fPassword = other.fPassword;
+
+	return *this;
+}
+
+
+bool
+Credentials::operator==(const Credentials& other) const
+{
+	if (this == &other)
+		return true;
+
+	return fUsername == other.fUsername && fPassword == other.fPassword;
+}
+
+
+bool
+Credentials::operator!=(const Credentials& other) const
+{
+	return !(*this == other);
+}
+
+
+const BString&
+Credentials::Username() const
+{
+	return fUsername;
+}
+
+
+const BString&
+Credentials::Password() const
+{
+	return fPassword;
+}
+
+
+// #pragma mark - CredentialsStorage
+
+
+CredentialsStorage
+CredentialsStorage::sPersistentInstance(true);
+
+
+CredentialsStorage
+CredentialsStorage::sSessionInstance(false);
+
+
+CredentialsStorage::CredentialsStorage(bool persistent)
+	:
+	BLocker(persistent ? "persistent credential storage"
+		: "credential storage"),
+	fCredentialMap(),
+	fSettingsLoaded(false),
+	fPersistent(persistent)
+{
+}
+
+
+CredentialsStorage::~CredentialsStorage()
+{
+	_SaveSettings();
+}
+
+
+/*static*/ CredentialsStorage*
+CredentialsStorage::SessionInstance()
+{
+	return &sSessionInstance;
+}
+
+
+/*static*/ CredentialsStorage*
+CredentialsStorage::PersistentInstance()
+{
+	if (sPersistentInstance.Lock()) {
+		sPersistentInstance._LoadSettings();
+		sPersistentInstance.Unlock();
+	}
+	return &sPersistentInstance;
+}
+
+
+bool
+CredentialsStorage::Contains(const HashKeyString& key)
+{
+	BAutolock _(this);
+
+	return fCredentialMap.ContainsKey(key);
+}
+
+
+status_t
+CredentialsStorage::PutCredentials(const HashKeyString& key,
+	const Credentials& credentials)
+{
+	BAutolock _(this);
+
+	return fCredentialMap.Put(key, credentials);
+}
+
+
+Credentials
+CredentialsStorage::GetCredentials(const HashKeyString& key)
+{
+	BAutolock _(this);
+
+	return fCredentialMap.Get(key);
+}
+
+
+// #pragma mark - private
+
+
+void
+CredentialsStorage::_LoadSettings()
+{
+	if (!fPersistent || fSettingsLoaded)
+		return;
+
+	fSettingsLoaded = true;
+
+	BFile settingsFile;
+	if (_OpenSettingsFile(settingsFile, B_READ_ONLY)) {
+		BMessage settingsArchive;
+		settingsArchive.Unflatten(&settingsFile);
+		BMessage credentialsArchive;
+		for (int32 i = 0; settingsArchive.FindMessage("credentials", i,
+				&credentialsArchive) == B_OK; i++) {
+			BString key;
+			if (credentialsArchive.FindString("key", &key) == B_OK) {
+				Credentials credentials(&credentialsArchive);
+				fCredentialMap.Put(key, credentials);
+			}
+		}
+	}
+}
+
+
+void
+CredentialsStorage::_SaveSettings() const
+{
+	BFile settingsFile;
+	if (_OpenSettingsFile(settingsFile,
+			B_CREATE_FILE | B_ERASE_FILE | B_WRITE_ONLY)) {
+		BMessage settingsArchive;
+		BMessage credentialsArchive;
+		CredentialMap::Iterator iterator = fCredentialMap.GetIterator();
+		while (iterator.HasNext()) {
+			const CredentialMap::Entry& entry = iterator.Next();
+			if (entry.value.Archive(&credentialsArchive) != B_OK
+				|| credentialsArchive.AddString("key",
+					entry.key.value) != B_OK) {
+				break;
+			}
+			if (settingsArchive.AddMessage("credentials",
+					&credentialsArchive) != B_OK) {
+				break;
+			}
+			credentialsArchive.MakeEmpty();
+		}
+		settingsArchive.Flatten(&settingsFile);
+	}
+}
+
+
+bool
+CredentialsStorage::_OpenSettingsFile(BFile& file, uint32 mode) const
+{
+	BPath path;
+	if (find_directory(B_USER_SETTINGS_DIRECTORY, &path) != B_OK
+		|| path.Append(kApplicationName) != B_OK
+		|| path.Append("CredentialsStorage") != B_OK) {
+		return false;
+	}
+	return file.SetTo(path.Path(), mode) == B_OK;
+}
+

src/apps/webpositive/CredentialsStorage.h

@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2010 Stephan Aßmus <superstippi@gmx.de>
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef CREDENTIAL_STORAGE_H
+#define CREDENTIAL_STORAGE_H
+
+#include "HashKeys.h"
+#include "HashMap.h"
+#include <Locker.h>
+#include <String.h>
+
+
+class BFile;
+class BMessage;
+class BString;
+
+
+class Credentials {
+public:
+								Credentials();
+								Credentials(const BString& username,
+									const BString& password);
+								Credentials(
+									const Credentials& other);
+								Credentials(const BMessage* archive);
+								~Credentials();
+
+			status_t			Archive(BMessage* archive) const;
+
+			Credentials&		operator=(const Credentials& other);
+
+			bool				operator==(const Credentials& other) const;
+			bool				operator!=(const Credentials& other) const;
+
+			const BString&		Username() const;
+			const BString&		Password() const;
+
+private:
+			BString				fUsername;
+			BString				fPassword;
+};
+
+
+class CredentialsStorage : public BLocker {
+public:
+	static	CredentialsStorage*	SessionInstance();
+	static	CredentialsStorage*	PersistentInstance();
+
+			bool				Contains(const HashKeyString& key);
+			status_t			PutCredentials(const HashKeyString& key,
+									const Credentials& credentials);
+			Credentials			GetCredentials(const HashKeyString& key);
+
+private:
+								CredentialsStorage(bool persistent);
+	virtual						~CredentialsStorage();
+
+			void				_LoadSettings();
+			void				_SaveSettings() const;
+			bool				_OpenSettingsFile(BFile& file,
+									uint32 mode) const;
+
+private:
+			typedef HashMap<HashKeyString, Credentials> CredentialMap;
+			CredentialMap		fCredentialMap;
+
+	static	CredentialsStorage	sPersistentInstance;
+	static	CredentialsStorage	sSessionInstance;
+			bool				fSettingsLoaded;
+			bool				fPersistent;
+};
+
+
+#endif // CREDENTIAL_STORAGE_H
+