From f55163c647e622a47bb52d8f9e96833f2a640960 Mon Sep 17 00:00:00 2001 From: Peter Varga Date: Tue, 11 Aug 2015 17:02:17 +0200 Subject: Fix use of empty credentials for HTTP and proxy authentication Empty user and password fields are valid for HTTP and proxy authentication. Thus it does not mean that the authentication is cancelled. For informing the engine about the cancellation of the authentication dialog make QAuthenticator instance null. Change-Id: Iba1ce9d375b9b37c23f7a91fb583606d75d04af5 Reviewed-by: Kai Koehne --- examples/webenginewidgets/browser/webview.cpp | 6 ++++++ src/core/resource_dispatcher_host_delegate_qt.cpp | 3 +-- src/core/web_contents_adapter_client.h | 2 +- src/webengine/api/qquickwebengineview_p_p.h | 2 +- src/webenginewidgets/api/qwebenginepage.cpp | 8 +++++++- src/webenginewidgets/api/qwebenginepage_p.h | 2 +- 6 files changed, 17 insertions(+), 6 deletions(-) diff --git a/examples/webenginewidgets/browser/webview.cpp b/examples/webenginewidgets/browser/webview.cpp index 00ec40874..d56ab8025 100644 --- a/examples/webenginewidgets/browser/webview.cpp +++ b/examples/webenginewidgets/browser/webview.cpp @@ -273,6 +273,9 @@ void WebPage::authenticationRequired(const QUrl &requestUrl, QAuthenticator *aut if (dialog.exec() == QDialog::Accepted) { auth->setUser(passwordDialog.userNameLineEdit->text()); auth->setPassword(passwordDialog.passwordLineEdit->text()); + } else { + // Set authenticator null if dialog is cancelled + *auth = QAuthenticator(); } } @@ -298,6 +301,9 @@ void WebPage::proxyAuthenticationRequired(const QUrl &requestUrl, QAuthenticator if (dialog.exec() == QDialog::Accepted) { auth->setUser(proxyDialog.userNameLineEdit->text()); auth->setPassword(proxyDialog.passwordLineEdit->text()); + } else { + // Set authenticator null if dialog is cancelled + *auth = QAuthenticator(); } } diff --git a/src/core/resource_dispatcher_host_delegate_qt.cpp b/src/core/resource_dispatcher_host_delegate_qt.cpp index faed58954..43d3d98ef 100644 --- a/src/core/resource_dispatcher_host_delegate_qt.cpp +++ b/src/core/resource_dispatcher_host_delegate_qt.cpp @@ -90,9 +90,8 @@ void ResourceDispatcherHostLoginDelegateQt::triggerDialog() // to avoid crashing in the OnRequestCancelled case if we want to allow the credentials to // come back asynchronously in the QtQuick API. QString user, password; - client->authenticationRequired(m_url , m_realm , m_isProxy , m_host, &user, &password); + bool success = client->authenticationRequired(m_url , m_realm , m_isProxy , m_host, &user, &password); - bool success = !user.isEmpty() || !password.isEmpty(); content::BrowserThread::PostTask( content::BrowserThread::IO, FROM_HERE, base::Bind(&ResourceDispatcherHostLoginDelegateQt::sendAuthToRequester, this, success, user, password)); diff --git a/src/core/web_contents_adapter_client.h b/src/core/web_contents_adapter_client.h index 86b5d1b79..7a99b6ad4 100644 --- a/src/core/web_contents_adapter_client.h +++ b/src/core/web_contents_adapter_client.h @@ -216,7 +216,7 @@ public: virtual QObject *accessibilityParentObject() = 0; #endif // QT_NO_ACCESSIBILITY virtual void javaScriptConsoleMessage(JavaScriptConsoleMessageLevel level, const QString& message, int lineNumber, const QString& sourceID) = 0; - virtual void authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword) = 0; + virtual bool authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword) = 0; virtual void runGeolocationPermissionRequest(const QUrl &securityOrigin) = 0; virtual void runMediaAccessPermissionRequest(const QUrl &securityOrigin, MediaRequestFlags requestFlags) = 0; virtual void runMouseLockPermissionRequest(const QUrl &securityOrigin) = 0; diff --git a/src/webengine/api/qquickwebengineview_p_p.h b/src/webengine/api/qquickwebengineview_p_p.h index dd03aaeb4..71528c020 100644 --- a/src/webengine/api/qquickwebengineview_p_p.h +++ b/src/webengine/api/qquickwebengineview_p_p.h @@ -155,7 +155,7 @@ public: virtual void didFindText(quint64, int) Q_DECL_OVERRIDE; virtual void passOnFocus(bool reverse) Q_DECL_OVERRIDE; virtual void javaScriptConsoleMessage(JavaScriptConsoleMessageLevel level, const QString& message, int lineNumber, const QString& sourceID) Q_DECL_OVERRIDE; - virtual void authenticationRequired(const QUrl&, const QString&, bool, const QString&, QString*, QString*) Q_DECL_OVERRIDE { } + virtual bool authenticationRequired(const QUrl&, const QString&, bool, const QString&, QString*, QString*) Q_DECL_OVERRIDE { return false; } virtual void runMediaAccessPermissionRequest(const QUrl &securityOrigin, MediaRequestFlags requestFlags) Q_DECL_OVERRIDE; virtual void runMouseLockPermissionRequest(const QUrl &securityOrigin) Q_DECL_OVERRIDE; #ifndef QT_NO_ACCESSIBILITY diff --git a/src/webenginewidgets/api/qwebenginepage.cpp b/src/webenginewidgets/api/qwebenginepage.cpp index 503ba87d4..a4cc0ac12 100644 --- a/src/webenginewidgets/api/qwebenginepage.cpp +++ b/src/webenginewidgets/api/qwebenginepage.cpp @@ -249,7 +249,7 @@ void QWebEnginePagePrivate::passOnFocus(bool reverse) view->focusNextPrevChild(!reverse); } -void QWebEnginePagePrivate::authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword) +bool QWebEnginePagePrivate::authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword) { Q_Q(QWebEnginePage); QAuthenticator networkAuth; @@ -259,8 +259,14 @@ void QWebEnginePagePrivate::authenticationRequired(const QUrl &requestUrl, const Q_EMIT q->proxyAuthenticationRequired(requestUrl, &networkAuth, challengingHost); else Q_EMIT q->authenticationRequired(requestUrl, &networkAuth); + + // Authentication has been cancelled + if (networkAuth.isNull()) + return false; + *outUser = networkAuth.user(); *outPassword = networkAuth.password(); + return true; } void QWebEnginePagePrivate::runMediaAccessPermissionRequest(const QUrl &securityOrigin, WebContentsAdapterClient::MediaRequestFlags requestFlags) diff --git a/src/webenginewidgets/api/qwebenginepage_p.h b/src/webenginewidgets/api/qwebenginepage_p.h index 84974d6a7..1d2bc0344 100644 --- a/src/webenginewidgets/api/qwebenginepage_p.h +++ b/src/webenginewidgets/api/qwebenginepage_p.h @@ -107,7 +107,7 @@ public: virtual void didFindText(quint64 requestId, int matchCount) Q_DECL_OVERRIDE; virtual void passOnFocus(bool reverse) Q_DECL_OVERRIDE; virtual void javaScriptConsoleMessage(JavaScriptConsoleMessageLevel level, const QString& message, int lineNumber, const QString& sourceID) Q_DECL_OVERRIDE; - virtual void authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword) Q_DECL_OVERRIDE; + virtual bool authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword) Q_DECL_OVERRIDE; virtual void runMediaAccessPermissionRequest(const QUrl &securityOrigin, MediaRequestFlags requestFlags) Q_DECL_OVERRIDE; virtual void runGeolocationPermissionRequest(const QUrl &securityOrigin) Q_DECL_OVERRIDE; virtual void runMouseLockPermissionRequest(const QUrl &securityOrigin) Q_DECL_OVERRIDE; -- cgit v1.2.3