2
* Copyright (C) 2005 Apple Computer, Inc. All rights reserved.
4
* Redistribution and use in source and binary forms, with or without
5
* modification, are permitted provided that the following conditions
8
* 1. Redistributions of source code must retain the above copyright
9
* notice, this list of conditions and the following disclaimer.
10
* 2. Redistributions in binary form must reproduce the above copyright
11
* notice, this list of conditions and the following disclaimer in the
12
* documentation and/or other materials provided with the distribution.
13
* 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
14
* its contributors may be used to endorse or promote products derived
15
* from this software without specific prior written permission.
17
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
18
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20
* DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
21
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
#import <WebKit/WebAuthenticationPanel.h>
31
#import "WebLocalizableStringsInternal.h"
32
#import <Foundation/NSURLAuthenticationChallenge.h>
33
#import <Foundation/NSURLProtectionSpace.h>
34
#import <Foundation/NSURLCredential.h>
35
#import <WebKit/WebKitNSStringExtras.h>
36
#import <WebKit/WebNSURLExtras.h>
37
#import <wtf/Assertions.h>
39
#import <WebKit/WebNSControlExtras.h>
41
#define WebAuthenticationPanelNibName @"WebAuthenticationPanel"
43
@implementation WebAuthenticationPanel
45
-(id)initWithCallback:(id)cb selector:(SEL)sel
49
callback = [cb retain];
67
- (IBAction)cancel:(id)sender
69
// This is required because the body of this method is going to
70
// remove all of the panel's remaining refs, which can cause a
71
// crash later when finishing button hit tracking. So we make
72
// sure it lives on a bit longer.
73
[[panel retain] autorelease];
75
// This is required as a workaround for AppKit issue 4118422
76
[[self retain] autorelease];
80
[[NSApplication sharedApplication] endSheet:panel returnCode:1];
82
[[NSApplication sharedApplication] stopModalWithCode:1];
86
- (IBAction)logIn:(id)sender
88
// This is required because the body of this method is going to
89
// remove all of the panel's remaining refs, which can cause a
90
// crash later when finishing button hit tracking. So we make
91
// sure it lives on a bit longer.
92
[[panel retain] autorelease];
96
[[NSApplication sharedApplication] endSheet:panel returnCode:0];
98
[[NSApplication sharedApplication] stopModalWithCode:0];
105
#pragma clang diagnostic push
106
#pragma clang diagnostic ignored "-Wdeprecated-declarations"
107
if ([NSBundle loadNibNamed:WebAuthenticationPanelNibName owner:self]) {
108
#pragma clang diagnostic pop
110
[imageView setImage:[NSImage imageNamed:@"NSApplicationIcon"]];
112
LOG_ERROR("couldn't load nib named '%@'", WebAuthenticationPanelNibName);
119
// Methods related to displaying the panel
121
-(void)setUpForChallenge:(NSURLAuthenticationChallenge *)chall
125
NSURLProtectionSpace *space = [chall protectionSpace];
128
if ([space port] == 0) {
129
host = [[space host] _web_decodeHostName];
131
host = [NSString stringWithFormat:@"%@:%ld", [[space host] _web_decodeHostName], (long)[space port]];
134
NSString *realm = [space realm];
139
// Consider the realm name to be "simple" if it does not contain any whitespace or newline characters.
140
// If the realm name is determined to be complex, we will use a slightly different sheet layout, designed
141
// to keep a malicious realm name from spoofing the wording in the sheet text.
142
BOOL realmNameIsSimple = [realm rangeOfCharacterFromSet:[NSCharacterSet whitespaceAndNewlineCharacterSet]].location == NSNotFound;
144
if ([chall previousFailureCount] == 0) {
145
if ([space isProxy]) {
146
message = [NSString stringWithFormat:UI_STRING_INTERNAL("To view this page, you must log in to the %@ proxy server %@.",
147
"prompt string in authentication panel"),
148
[space proxyType], host];
150
if (realmNameIsSimple)
151
message = [NSString stringWithFormat:UI_STRING_INTERNAL("To view this page, you must log in to area “%@” on %@.",
152
"prompt string in authentication panel"), realm, host];
154
message = [NSString stringWithFormat:UI_STRING_INTERNAL("To view this page, you must log in to this area on %@:",
155
"prompt string in authentication panel"), host];
158
if ([space isProxy]) {
159
message = [NSString stringWithFormat:UI_STRING_INTERNAL("The user name or password you entered for the %@ proxy server %@ was incorrect. Make sure you’re entering them correctly, and then try again.",
160
"prompt string in authentication panel"),
161
[space proxyType], host];
163
if (realmNameIsSimple)
164
message = [NSString stringWithFormat:UI_STRING_INTERNAL("The user name or password you entered for area “%@” on %@ was incorrect. Make sure you’re entering them correctly, and then try again.",
165
"prompt string in authentication panel"), realm, host];
167
message = [NSString stringWithFormat:UI_STRING_INTERNAL("The user name or password you entered for this area on %@ was incorrect. Make sure you’re entering them correctly, and then try again.",
168
"prompt string in authentication panel"), host];
172
if (![space isProxy] && !realmNameIsSimple) {
173
[separateRealmLabel setHidden:NO];
174
[separateRealmLabel setStringValue:realm];
175
[separateRealmLabel setAutoresizingMask:NSViewMinYMargin];
176
[separateRealmLabel sizeToFitAndAdjustWindowHeight];
177
[separateRealmLabel setAutoresizingMask:NSViewMaxYMargin];
179
// In the proxy or "simple" realm name case, we need to hide the 'separateRealmLabel'
180
// and move the rest of the contents up appropriately to fill the space.
181
NSRect mainLabelFrame = [mainLabel frame];
182
NSRect realmFrame = [separateRealmLabel frame];
183
NSRect smallLabelFrame = [smallLabel frame];
185
// Find the distance between the 'smallLabel' and the label above it, initially the 'separateRealmLabel'.
186
// Then, find the current distance between 'smallLabel' and 'mainLabel'. The difference between
187
// these two is how much shorter the panel needs to be after hiding the 'separateRealmLabel'.
188
CGFloat smallLabelMargin = NSMinY(realmFrame) - NSMaxY(smallLabelFrame);
189
CGFloat smallLabelToMainLabel = NSMinY(mainLabelFrame) - NSMaxY(smallLabelFrame);
190
CGFloat deltaMargin = smallLabelToMainLabel - smallLabelMargin;
192
[separateRealmLabel setHidden:YES];
193
NSRect windowFrame = [panel frame];
194
windowFrame.size.height -= deltaMargin;
195
[panel setFrame:windowFrame display:NO];
198
[mainLabel setStringValue:message];
199
[mainLabel sizeToFitAndAdjustWindowHeight];
201
if ([space receivesCredentialSecurely] || [[space protocol] _webkit_isCaseInsensitiveEqualToString:@"https"]) {
202
[smallLabel setStringValue:
203
UI_STRING_INTERNAL("Your login information will be sent securely.",
204
"message in authentication panel")];
206
// Use this scary-sounding phrase only when using basic auth with non-https servers. In this case the password
207
// could be sniffed by intercepting the network traffic.
208
[smallLabel setStringValue:
209
UI_STRING_INTERNAL("Your password will be sent unencrypted.",
210
"message in authentication panel")];
213
if ([[chall proposedCredential] user] != nil) {
214
[username setStringValue:[[chall proposedCredential] user]];
215
[panel setInitialFirstResponder:password];
217
[username setStringValue:@""];
218
[password setStringValue:@""];
219
[panel setInitialFirstResponder:username];
223
- (void)runAsModalDialogWithChallenge:(NSURLAuthenticationChallenge *)chall
225
[self setUpForChallenge:chall];
229
NSURLCredential *credential = nil;
231
if ([[NSApplication sharedApplication] runModalForWindow:panel] == 0) {
232
credential = [[NSURLCredential alloc] initWithUser:[username stringValue] password:[password stringValue] persistence:([remember state] == NSOnState) ? NSURLCredentialPersistencePermanent : NSURLCredentialPersistenceForSession];
235
[callback performSelector:selector withObject:chall withObject:credential];
236
[credential release];
240
- (void)runAsSheetOnWindow:(NSWindow *)window withChallenge:(NSURLAuthenticationChallenge *)chall
244
[self setUpForChallenge:chall];
247
challenge = [chall retain];
249
[[NSApplication sharedApplication] beginSheet:panel modalForWindow:window modalDelegate:self didEndSelector:@selector(sheetDidEnd:returnCode:contextInfo:) contextInfo:NULL];
252
- (void)sheetDidEnd:(NSWindow *)sheet returnCode:(int)returnCode contextInfo:(void *)contextInfo
254
NSURLCredential *credential = nil;
255
NSURLAuthenticationChallenge *chall;
258
ASSERT(challenge != nil);
260
if (returnCode == 0) {
261
credential = [[NSURLCredential alloc] initWithUser:[username stringValue] password:[password stringValue] persistence:([remember state] == NSOnState) ? NSURLCredentialPersistencePermanent : NSURLCredentialPersistenceForSession];
264
// We take this tricky approach to nilling out and releasing the challenge
265
// because the callback below might remove our last ref.
268
[callback performSelector:selector withObject:chall withObject:credential];
269
[credential release];
275
@implementation WebNonBlockingPanel
277
- (BOOL)_blocksActionWhenModal:(SEL)theAction
279
// This override of a private AppKit method allows the user to quit when a login dialog
280
// is onscreen, which is nice in general but in particular prevents pathological cases
281
// like 3744583 from requiring a Force Quit.
283
// It would be nice to allow closing the individual window as well as quitting the app when
284
// a login sheet is up, but this _blocksActionWhenModal: mechanism doesn't support that.
285
// This override matches those in NSOpenPanel and NSToolbarConfigPanel.
286
if (theAction == @selector(terminate:)) {