Backout of changeset d2ad385bd84b
authorHonza Bambas <honzab.moz@firemni.cz>
Tue, 23 Oct 2012 17:33:11 +0200
changeset 111288 f191bbf51b6bb2fa6fb39f67f14afe1cfab0a0ac
parent 111287 d2ad385bd84bf4012cc09714939e0c953bf6b641
child 111290 0596b33d527d98e71fd52d65a8b93fa2672e17bd
push id93
push usernmatsakis@mozilla.com
push dateWed, 31 Oct 2012 21:26:57 +0000
milestone19.0a1
Backout of changeset d2ad385bd84b
content/base/src/nsXMLHttpRequest.cpp
netwerk/base/public/nsIChannel.idl
netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
toolkit/components/passwordmgr/test/Makefile.in
toolkit/components/passwordmgr/test/authenticate.sjs
toolkit/components/passwordmgr/test/test_bug_654348.html
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@@ -3005,19 +3005,16 @@ nsXMLHttpRequest::Send(nsIVariant* aVari
     // created a listener around 'this', do so now.
 
     listener = new nsStreamListenerWrapper(listener);
   }
 
   if (mIsAnon) {
     AddLoadFlags(mChannel, nsIRequest::LOAD_ANONYMOUS);
   }
-  else {
-    AddLoadFlags(mChannel, nsIChannel::LOAD_EXPLICIT_CREDENTIALS);
-  }
 
   NS_ASSERTION(listener != this,
                "Using an object as a listener that can't be exposed to JS");
 
   // Bypass the network cache in cases where it makes no sense:
   // 1) Multipart responses are very large and would likely be doomed by the
   //    cache once they grow too large, so they are not worth caching.
   // 2) POST responses are always unique, and we provide no API that would
--- a/netwerk/base/public/nsIChannel.idl
+++ b/netwerk/base/public/nsIChannel.idl
@@ -243,27 +243,16 @@ interface nsIChannel : nsIRequest
      * If this flag is set and a server's response is Content-Type
      * application/octet-steam, the server's Content-Type will be ignored and
      * the channel content will be sniffed as though no Content-Type had been
      * passed.
      */
     const unsigned long LOAD_TREAT_APPLICATION_OCTET_STREAM_AS_UNKNOWN = 1 << 23;
 
     /**
-     * Set to let explicitely provided credentials be used over credentials
-     * we have cached previously. In some situations like form login using HTTP
-     * auth via XMLHttpRequest we need to let consumers override the cached
-     * credentials explicitely. For form login 403 response instead of 401 is
-     * usually used to prevent an auth dialog. But any code other then 401/7
-     * will leave original credentials in the cache and there is then no way
-     * to override them for the same user name.
-     */
-    const unsigned long LOAD_EXPLICIT_CREDENTIALS = 1 << 24;
-
-    /**
      * Access to the type implied or stated by the Content-Disposition header
      * if available and if applicable. This allows determining inline versus
      * attachment.
      *
      * Setting contentDisposition provides a hint to the channel about the
      * disposition.  If a normal Content-Disposition header is present its
      * value will always be used.  If it is missing the hinted value will
      * be used if set.
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@@ -731,19 +731,17 @@ nsHttpChannelAuthProvider::GetCredential
                                               port, realm.get());
                     entry = nullptr;
                     ident->Clear();
                 }
             }
             else if (!identFromURI ||
                      (nsCRT::strcmp(ident->User(),
                                     entry->Identity().User()) == 0 &&
-                     !(loadFlags &&
-                       (nsIChannel::LOAD_ANONYMOUS |
-                        nsIChannel::LOAD_EXPLICIT_CREDENTIALS)))) {
+                     !(loadFlags && nsIChannel::LOAD_ANONYMOUS))) {
                 LOG(("  taking identity from auth cache\n"));
                 // the password from the auth cache is more likely to be
                 // correct than the one in the URL.  at least, we know that it
                 // works with the given username.  it is possible for a server
                 // to distinguish logons based on the supplied password alone,
                 // but that would be quite unusual... and i don't think we need
                 // to worry about such unorthodox cases.
                 ident->Set(entry->Identity());
@@ -1296,25 +1294,18 @@ nsHttpChannelAuthProvider::SetAuthorizat
         // based on the presence of an auth cache entry for this URL (which is
         // true since we are here).  but, if the username from the URL matches
         // the username from the cache, then we should prefer the password
         // stored in the cache since that is most likely to be valid.
         if (header == nsHttp::Authorization && entry->Domain()[0] == '\0') {
             GetIdentityFromURI(0, ident);
             // if the usernames match, then clear the ident so we will pick
             // up the one from the auth cache instead.
-            // when this is undesired, specify LOAD_EXPLICIT_CREDENTIALS load
-            // flag.
-            if (nsCRT::strcmp(ident.User(), entry->User()) == 0) {
-                uint32_t loadFlags;
-                if (NS_SUCCEEDED(mAuthChannel->GetLoadFlags(&loadFlags)) &&
-                    !(loadFlags && nsIChannel::LOAD_EXPLICIT_CREDENTIALS)) {
-                    ident.Clear();
-                }
-            }
+            if (nsCRT::strcmp(ident.User(), entry->User()) == 0)
+                ident.Clear();
         }
         bool identFromURI;
         if (ident.IsEmpty()) {
             ident.Set(entry->Identity());
             identFromURI = false;
         }
         else
             identFromURI = true;
--- a/toolkit/components/passwordmgr/test/Makefile.in
+++ b/toolkit/components/passwordmgr/test/Makefile.in
@@ -39,17 +39,16 @@ MOCHITEST_FILES = \
     test_bug_227640.html \
     test_bug_242956.html \
     test_bug_360493_1.html \
     test_bug_360493_2.html \
     test_bug_391514.html \
     test_bug_427033.html \
     test_bug_444968.html \
     test_bug_627616.html \
-    test_bug_654348.html \
     test_bug_776171.html \
     test_master_password.html \
     test_master_password_cleanup.html \
     test_maxforms_1.html \
     test_maxforms_2.html \
     test_maxforms_3.html \
     test_notifications.html \
     test_notifications_popup.html \
--- a/toolkit/components/passwordmgr/test/authenticate.sjs
+++ b/toolkit/components/passwordmgr/test/authenticate.sjs
@@ -16,17 +16,17 @@ function reallyHandleRequest(request, re
   // Allow the caller to drive how authentication is processed via the query.
   // Eg, http://localhost:8888/authenticate.sjs?user=foo&realm=bar
   // The extra ? allows the user/pass/realm checks to succeed if the name is
   // at the beginning of the query string.
   var query = "?" + request.queryString;
 
   var expected_user = "", expected_pass = "", realm = "mochitest";
   var proxy_expected_user = "", proxy_expected_pass = "", proxy_realm = "mochi-proxy";
-  var huge = false, plugin = false, anonymous = false, formauth = false;
+  var huge = false, plugin = false, anonymous = false;
   var authHeaderCount = 1;
   // user=xxx
   match = /[^_]user=([^&]*)/.exec(query);
   if (match)
     expected_user = match[1];
 
   // pass=xxx
   match = /[^_]pass=([^&]*)/.exec(query);
@@ -68,21 +68,16 @@ function reallyHandleRequest(request, re
   if (match)
     authHeaderCount = match[1]+0;
 
   // anonymous=1
   match = /anonymous=1/.exec(query);
   if (match)
     anonymous = true;
 
-  // formauth=1
-  match = /formauth=1/.exec(query);
-  if (match)
-    formauth = true;
-
   // Look for an authentication header, if any, in the request.
   //
   // EG: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
   // 
   // This test only supports Basic auth. The value sent by the client is
   // "username:password", obscured with base64 encoding.
 
   var actual_user = "", actual_pass = "", authHeader, authPresent = false;
@@ -134,20 +129,17 @@ function reallyHandleRequest(request, re
       response.setStatusLine("1.0", 200, "Authorization header not found");
     }
   } else {
     if (requestProxyAuth) {
       response.setStatusLine("1.0", 407, "Proxy authentication required");
       for (i = 0; i < authHeaderCount; ++i)
         response.setHeader("Proxy-Authenticate", "basic realm=\"" + proxy_realm + "\"", true);
     } else if (requestAuth) {
-      if (formauth && authPresent)
-        response.setStatusLine("1.0", 403, "Form authentication required");
-      else
-        response.setStatusLine("1.0", 401, "Authentication required");
+      response.setStatusLine("1.0", 401, "Authentication required");
       for (i = 0; i < authHeaderCount; ++i)
         response.setHeader("WWW-Authenticate", "basic realm=\"" + realm + "\"", true);
     } else {
       response.setStatusLine("1.0", 200, "OK");
     }
   }
 
   response.setHeader("Content-Type", "application/xhtml+xml", false);
deleted file mode 100644
--- a/toolkit/components/passwordmgr/test/test_bug_654348.html
+++ /dev/null
@@ -1,70 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-https://bugzilla.mozilla.org/show_bug.cgi?id=654348
--->
-<head>
-  <title>Test for Bug 654348</title>
-  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-</head>
-<body onload="startTest()">
-<script class="testbody" type="text/javascript">
-
-/**
- * This test checks we correctly ignore authentication entry
- * for a subpath and use creds from the URL when provided when XHR
- * is used with filled user name and password.
- *
- * 1. connect authenticate.sjs that excepts user1:pass1 password
- * 2. connect authenticate.sjs that this time expects differentuser2:pass2 password
- *    we must use the creds that are provided to the xhr witch are different and expected
- */
-
-SimpleTest.waitForExplicitFinish();
-
-function clearAuthCache()
-{
-  var authMgr = SpecialPowers.Cc['@mozilla.org/network/http-auth-manager;1']
-                             .getService(Components.interfaces.nsIHttpAuthManager);
-  authMgr.clearAll();
-}
-
-function doxhr(URL, user, pass, code, next)
-{
-  var xhr = new XMLHttpRequest();
-  if (user && pass)
-    xhr.open("POST", URL, true, user, pass);
-  else
-    xhr.open("POST", URL, true);
-  xhr.onload = function()
-  {
-    is(xhr.status, code, "expected response code " + code);
-    next();
-  }
-  xhr.onerror = function()
-  {
-    ok(false, "request passed");
-    finishTest();
-  }
-  xhr.send();
-}
-
-function startTest()
-{
-  clearAuthCache();
-  doxhr("authenticate.sjs?user=dummy&pass=pass1&realm=realm1&formauth=1", "dummy", "dummy", 403, function() {
-    doxhr("authenticate.sjs?user=dummy&pass=pass1&realm=realm1&formauth=1", "dummy", "pass1", 200, finishTest);
-  });
-}
-
-function finishTest()
-{
-  clearAuthCache();
-  SimpleTest.finish();
-}
-
-</script>
-</body>
-</html>
-