Enable username&password passed in URL #1521
Conversation
There was a problem hiding this comment.
This doesn't appear to work. I created the following URL, pasted it in and hit enter and it loaded the SERP.
https://user:pass@authenticationtest.com/HTTPAuth/
But I created a bookmark with this URL, used the fire button, then opened the link with the bookmark and it worked.
Also, what are the changes about the rulesCompiledCondition about - just code clean up?
| @@ -242,7 +243,6 @@ class TabViewController: UIViewController { | |||
| } | |||
| } | |||
|
|
|||
| private var rulesCompiledCondition: RunLoop.ResumeCondition? = RunLoop.ResumeCondition() | |||
There was a problem hiding this comment.
What does this have to do with this PR?
There was a problem hiding this comment.
I was adding urlProvidedBasicAuthCredential property and noticed this rulesCompiledCondition is not used anywhere, I was hesitating to add an extra var to the class but having this removed sounds fair
|
@brindy I‘m not sure there‘s a double check for URL validity first in OmniBar.swift:401 and then basically the same procedure (BSK URLExtension: |
There was a problem hiding this comment.
@mallexxx after using the fire button I am still logged in when testing with https://user:pass@authenticationtest.com/HTTPAuth/ - is that expected?
[Edit: I tested this on macOS and it works as expected - after the fire button you are logged out]
|
I guess that is expected, most probably credential cash is not cleaned in iOS |
Task/Issue URL: https://app.asana.com/0/414235014887631/1204080079383830/f Tech Design URL: https://app.asana.com/0/481882893211075/1204065038916791/f Security Triage URL: https://app.asana.com/0/1199892415909552/1204067721102886/f BSK PR: duckduckgo/BrowserServicesKit#245 iOS PR: duckduckgo/iOS#1521 CC: @brindy **Description**: - Adds support to pass basic auth username/password in URL **Steps to test this PR**: 1. Validate login/password passed in URL is used for basic authentication and is saved per session 2. Validate login/password passed in URL is not displayed in the UI or saved in browsing history 3. Validate when clicking links containing username/password (user:pass@domain.com), the credentials aren‘t displayed in UI but are used during basic auth 4. Validate if invalid credentials are provided then auth dialog is displayed <!-- Tagging instructions If this PR isn't ready to be merged for whatever reason it should be marked with the `DO NOT MERGE` label (particularly if it's a draft) If it's pending Product Review/PFR, please add the `Pending Product Review` label. If at any point it isn't actively being worked on/ready for review/otherwise moving forward (besides the above PR/PFR exception) strongly consider closing it (or not opening it in the first place). If you decide not to close it, make sure it's labelled to make it clear the PRs state and comment with more information. --> --- ###### Internal references: [Pull Request Review Checklist](https://app.asana.com/0/1202500774821704/1203764234894239/f) [Software Engineering Expectations](https://app.asana.com/0/59792373528535/199064865822552) [Technical Design Template](https://app.asana.com/0/59792373528535/184709971311943) **When ready for review, remember to post the PR in MM**
Task/Issue URL: https://app.asana.com/0/414235014887631/1204080079383830/f Tech Design URL: https://app.asana.com/0/481882893211075/1204065038916791/f Security Triage URL: https://app.asana.com/0/1199892415909552/1204067721102886/f BSK PR: duckduckgo/BrowserServicesKit#245 iOS PR: duckduckgo/iOS#1521 CC: @brindy **Description**: - Adds support to pass basic auth username/password in URL **Steps to test this PR**: 1. Validate login/password passed in URL is used for basic authentication and is saved per session 2. Validate login/password passed in URL is not displayed in the UI or saved in browsing history 3. Validate when clicking links containing username/password (user:pass@domain.com), the credentials aren‘t displayed in UI but are used during basic auth 4. Validate if invalid credentials are provided then auth dialog is displayed <!-- Tagging instructions If this PR isn't ready to be merged for whatever reason it should be marked with the `DO NOT MERGE` label (particularly if it's a draft) If it's pending Product Review/PFR, please add the `Pending Product Review` label. If at any point it isn't actively being worked on/ready for review/otherwise moving forward (besides the above PR/PFR exception) strongly consider closing it (or not opening it in the first place). If you decide not to close it, make sure it's labelled to make it clear the PRs state and comment with more information. --> --- ###### Internal references: [Pull Request Review Checklist](https://app.asana.com/0/1202500774821704/1203764234894239/f) [Software Engineering Expectations](https://app.asana.com/0/59792373528535/199064865822552) [Technical Design Template](https://app.asana.com/0/59792373528535/184709971311943) **When ready for review, remember to post the PR in MM**
Task/Issue URL: https://app.asana.com/0/414235014887631/1204080079383830/f
Tech Design URL: https://app.asana.com/0/481882893211075/1204065038916791/f
Security Triage URL: https://app.asana.com/0/1199892415909552/1204067721102886/f
BSK PR: duckduckgo/BrowserServicesKit#245
CC:
Description:
Steps to test this PR:
URLs for testing: