From 9f30678a6772a544fc0c1d7c14bd329ba5c040cd Mon Sep 17 00:00:00 2001 From: stippi Date: Mon, 3 May 2010 16:56:54 +0000 Subject: [PATCH] Implemented a CredentialsStorage class with optional persistency. Two global objects are used for session and persistent storage of credentials with the appropriate locking. Passwords are stored on disk insecurely. If the user uses the checkmark in the authentication window to remember the credentials, the persistent storage will be used, otherwise the session storage. In another words, even if not asked to remember the credentials, the same user/pass never needs to be entered more than once per session, unlike before. WebCore already contains a CredentialStorage class, but we don't use it. It could be used via the CURL networking backend implementation, only the CF backend uses it at all. Since we don't have a "keyring" OS level service, this solution was more convenient for the time being. Note all this has nothing to do with storage of form data entered by the user. git-svn-id: http://svn.haiku-os.org/webpositive/webkit/trunk@478 94f232f2-1747-11df-bad5-a5bfde151594 --- src/apps/webpositive/BrowserWindow.cpp | 32 ++- src/apps/webpositive/BrowserWindow.h | 2 + src/apps/webpositive/CredentialsStorage.cpp | 275 ++++++++++++++++++++ src/apps/webpositive/CredentialsStorage.h | 98 +++++++ 4 files changed, 406 insertions(+), 1 deletion(-) create mode 100644 src/apps/webpositive/CredentialsStorage.cpp create mode 100644 src/apps/webpositive/CredentialsStorage.h diff --git a/src/apps/webpositive/BrowserWindow.cpp b/src/apps/webpositive/BrowserWindow.cpp index d1835a7544..e64906eaf7 100644 --- a/src/apps/webpositive/BrowserWindow.cpp +++ b/src/apps/webpositive/BrowserWindow.cpp @@ -37,6 +37,7 @@ #include "BaseURL.h" #include "BrowserApp.h" #include "BrowsingHistory.h" +#include "CredentialsStorage.h" #include "IconButton.h" #include "NavMenu.h" #include "SettingsKeys.h" @@ -1151,6 +1152,27 @@ BrowserWindow::AuthenticationChallenge(BString message, BString& inOutUser, BString& inOutPassword, bool& inOutRememberCredentials, uint32 failureCount, BWebView* view) { + CredentialsStorage* persistentStorage + = CredentialsStorage::PersistentInstance(); + CredentialsStorage* sessionStorage + = CredentialsStorage::SessionInstance(); + + // TODO: Using the message as key here is not so smart. + HashKeyString key(message); + + if (failureCount == 0) { + if (persistentStorage->Contains(key)) { + Credentials credentials = persistentStorage->GetCredentials(key); + inOutUser = credentials.Username(); + inOutPassword = credentials.Password(); + return true; + } else if (sessionStorage->Contains(key)) { + Credentials credentials = sessionStorage->GetCredentials(key); + inOutUser = credentials.Username(); + inOutPassword = credentials.Password(); + return true; + } + } // Switch to the page for which this authentication is required. if (view != CurrentWebView()) { int32 tabIndex = fTabManager->TabForView(view); @@ -1164,9 +1186,17 @@ BrowserWindow::AuthenticationChallenge(BString message, BString& inOutUser, } AuthenticationPanel* panel = new AuthenticationPanel(Frame()); // Panel auto-destructs. - return panel->getAuthentication(message, inOutUser, inOutPassword, + bool success = panel->getAuthentication(message, inOutUser, inOutPassword, inOutRememberCredentials, failureCount > 0, inOutUser, inOutPassword, &inOutRememberCredentials); + if (success) { + Credentials credentials(inOutUser, inOutPassword); + if (inOutRememberCredentials) + persistentStorage->PutCredentials(key, credentials); + else + sessionStorage->PutCredentials(key, credentials); + } + return success; } diff --git a/src/apps/webpositive/BrowserWindow.h b/src/apps/webpositive/BrowserWindow.h index 1dd2951410..0c78abd48a 100644 --- a/src/apps/webpositive/BrowserWindow.h +++ b/src/apps/webpositive/BrowserWindow.h @@ -30,6 +30,8 @@ #define BROWSER_WINDOW_H +#include "HashKeys.h" +#include "HashMap.h" #include "WebWindow.h" #include #include diff --git a/src/apps/webpositive/CredentialsStorage.cpp b/src/apps/webpositive/CredentialsStorage.cpp new file mode 100644 index 0000000000..ab5f8eae8d --- /dev/null +++ b/src/apps/webpositive/CredentialsStorage.cpp @@ -0,0 +1,275 @@ +/* + * Copyright (C) 2010 Stephan Aßmus + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "CredentialsStorage.h" + +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "BrowserApp.h" + + +Credentials::Credentials() + : + fUsername(), + fPassword() +{ +} + + +Credentials::Credentials(const BString& username, const BString& password) + : + fUsername(username), + fPassword(password) +{ +} + + +Credentials::Credentials(const Credentials& other) +{ + *this = other; +} + + +Credentials::Credentials(const BMessage* archive) +{ + if (archive == NULL) + return; + archive->FindString("username", &fUsername); + archive->FindString("password", &fPassword); +} + + +Credentials::~Credentials() +{ +} + + +status_t +Credentials::Archive(BMessage* archive) const +{ + if (archive == NULL) + return B_BAD_VALUE; + status_t status = archive->AddString("username", fUsername); + if (status == B_OK) + status = archive->AddString("password", fPassword); + return status; +} + + +Credentials& +Credentials::operator=(const Credentials& other) +{ + if (this == &other) + return *this; + + fUsername = other.fUsername; + fPassword = other.fPassword; + + return *this; +} + + +bool +Credentials::operator==(const Credentials& other) const +{ + if (this == &other) + return true; + + return fUsername == other.fUsername && fPassword == other.fPassword; +} + + +bool +Credentials::operator!=(const Credentials& other) const +{ + return !(*this == other); +} + + +const BString& +Credentials::Username() const +{ + return fUsername; +} + + +const BString& +Credentials::Password() const +{ + return fPassword; +} + + +// #pragma mark - CredentialsStorage + + +CredentialsStorage +CredentialsStorage::sPersistentInstance(true); + + +CredentialsStorage +CredentialsStorage::sSessionInstance(false); + + +CredentialsStorage::CredentialsStorage(bool persistent) + : + BLocker(persistent ? "persistent credential storage" + : "credential storage"), + fCredentialMap(), + fSettingsLoaded(false), + fPersistent(persistent) +{ +} + + +CredentialsStorage::~CredentialsStorage() +{ + _SaveSettings(); +} + + +/*static*/ CredentialsStorage* +CredentialsStorage::SessionInstance() +{ + return &sSessionInstance; +} + + +/*static*/ CredentialsStorage* +CredentialsStorage::PersistentInstance() +{ + if (sPersistentInstance.Lock()) { + sPersistentInstance._LoadSettings(); + sPersistentInstance.Unlock(); + } + return &sPersistentInstance; +} + + +bool +CredentialsStorage::Contains(const HashKeyString& key) +{ + BAutolock _(this); + + return fCredentialMap.ContainsKey(key); +} + + +status_t +CredentialsStorage::PutCredentials(const HashKeyString& key, + const Credentials& credentials) +{ + BAutolock _(this); + + return fCredentialMap.Put(key, credentials); +} + + +Credentials +CredentialsStorage::GetCredentials(const HashKeyString& key) +{ + BAutolock _(this); + + return fCredentialMap.Get(key); +} + + +// #pragma mark - private + + +void +CredentialsStorage::_LoadSettings() +{ + if (!fPersistent || fSettingsLoaded) + return; + + fSettingsLoaded = true; + + BFile settingsFile; + if (_OpenSettingsFile(settingsFile, B_READ_ONLY)) { + BMessage settingsArchive; + settingsArchive.Unflatten(&settingsFile); + BMessage credentialsArchive; + for (int32 i = 0; settingsArchive.FindMessage("credentials", i, + &credentialsArchive) == B_OK; i++) { + BString key; + if (credentialsArchive.FindString("key", &key) == B_OK) { + Credentials credentials(&credentialsArchive); + fCredentialMap.Put(key, credentials); + } + } + } +} + + +void +CredentialsStorage::_SaveSettings() const +{ + BFile settingsFile; + if (_OpenSettingsFile(settingsFile, + B_CREATE_FILE | B_ERASE_FILE | B_WRITE_ONLY)) { + BMessage settingsArchive; + BMessage credentialsArchive; + CredentialMap::Iterator iterator = fCredentialMap.GetIterator(); + while (iterator.HasNext()) { + const CredentialMap::Entry& entry = iterator.Next(); + if (entry.value.Archive(&credentialsArchive) != B_OK + || credentialsArchive.AddString("key", + entry.key.value) != B_OK) { + break; + } + if (settingsArchive.AddMessage("credentials", + &credentialsArchive) != B_OK) { + break; + } + credentialsArchive.MakeEmpty(); + } + settingsArchive.Flatten(&settingsFile); + } +} + + +bool +CredentialsStorage::_OpenSettingsFile(BFile& file, uint32 mode) const +{ + BPath path; + if (find_directory(B_USER_SETTINGS_DIRECTORY, &path) != B_OK + || path.Append(kApplicationName) != B_OK + || path.Append("CredentialsStorage") != B_OK) { + return false; + } + return file.SetTo(path.Path(), mode) == B_OK; +} + diff --git a/src/apps/webpositive/CredentialsStorage.h b/src/apps/webpositive/CredentialsStorage.h new file mode 100644 index 0000000000..214c36b371 --- /dev/null +++ b/src/apps/webpositive/CredentialsStorage.h @@ -0,0 +1,98 @@ +/* + * Copyright (C) 2010 Stephan Aßmus + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef CREDENTIAL_STORAGE_H +#define CREDENTIAL_STORAGE_H + +#include "HashKeys.h" +#include "HashMap.h" +#include +#include + + +class BFile; +class BMessage; +class BString; + + +class Credentials { +public: + Credentials(); + Credentials(const BString& username, + const BString& password); + Credentials( + const Credentials& other); + Credentials(const BMessage* archive); + ~Credentials(); + + status_t Archive(BMessage* archive) const; + + Credentials& operator=(const Credentials& other); + + bool operator==(const Credentials& other) const; + bool operator!=(const Credentials& other) const; + + const BString& Username() const; + const BString& Password() const; + +private: + BString fUsername; + BString fPassword; +}; + + +class CredentialsStorage : public BLocker { +public: + static CredentialsStorage* SessionInstance(); + static CredentialsStorage* PersistentInstance(); + + bool Contains(const HashKeyString& key); + status_t PutCredentials(const HashKeyString& key, + const Credentials& credentials); + Credentials GetCredentials(const HashKeyString& key); + +private: + CredentialsStorage(bool persistent); + virtual ~CredentialsStorage(); + + void _LoadSettings(); + void _SaveSettings() const; + bool _OpenSettingsFile(BFile& file, + uint32 mode) const; + +private: + typedef HashMap CredentialMap; + CredentialMap fCredentialMap; + + static CredentialsStorage sPersistentInstance; + static CredentialsStorage sSessionInstance; + bool fSettingsLoaded; + bool fPersistent; +}; + + +#endif // CREDENTIAL_STORAGE_H +