1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
From c8401c372adc9a9cb11fc870c390affb10379cfa Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <cgarcia@igalia.com>
Date: Sat, 11 Feb 2017 17:44:46 +0100
Subject: [PATCH 2/2] auth: do not use cached credentials in lookup method when
flag SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE is present
This is causing that a request with flag
SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE success if a previous request without
the flag stored the credentials. This patch also fixes another issues
with the test /auth/message-do-not-use-auth-cache, the case of providing
the credentials in the url was working because do_digest_nonce_test()
didn't disconnect the authenticate signal that was actually used. This
is because soup_uri_to_string removes the password from the uri. The
test needs to use a custom message created with
soup_message_new_from_uri() instead of using do_digest_nonce_test().
https://bugzilla.gnome.org/show_bug.cgi?id=778497
---
libsoup/soup-auth-manager.c | 6 ++++++
tests/auth-test.c | 29 +++++++++++++++++++++++++----
2 files changed, 31 insertions(+), 4 deletions(-)
diff --git a/libsoup/soup-auth-manager.c b/libsoup/soup-auth-manager.c
index 9ff446cc..b32ba900 100644
--- a/libsoup/soup-auth-manager.c
+++ b/libsoup/soup-auth-manager.c
@@ -472,6 +472,9 @@ lookup_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg)
if (auth && soup_auth_is_ready (auth, msg))
return auth;
+ if (soup_message_get_flags (msg) & SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE)
+ return NULL;
+
host = get_auth_host_for_uri (priv, soup_message_get_uri (msg));
if (!host->auth_realms && !make_auto_ntlm_auth (priv, host))
return NULL;
@@ -496,6 +499,9 @@ lookup_proxy_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg)
if (auth && soup_auth_is_ready (auth, msg))
return auth;
+ if (soup_message_get_flags (msg) & SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE)
+ return NULL;
+
return priv->proxy_auth;
}
diff --git a/tests/auth-test.c b/tests/auth-test.c
index 23e22133..2d66da9e 100644
--- a/tests/auth-test.c
+++ b/tests/auth-test.c
@@ -442,6 +442,12 @@ do_digest_nonce_test (SoupSession *session,
got_401 ? "got" : "did not get");
soup_test_assert_message_status (msg, SOUP_STATUS_OK);
+ if (expect_signal) {
+ g_signal_handlers_disconnect_by_func (session,
+ G_CALLBACK (digest_nonce_authenticate),
+ NULL);
+ }
+
g_object_unref (msg);
}
@@ -1297,9 +1303,10 @@ do_message_do_not_use_auth_cache_test (void)
{
SoupSession *session;
SoupAuthManager *manager;
+ SoupMessage *msg;
+ SoupMessageFlags flags;
SoupURI *soup_uri;
char *uri;
- char *uri_with_credentials;
SOUP_TEST_SKIP_IF_NO_APACHE;
@@ -1318,18 +1325,32 @@ do_message_do_not_use_auth_cache_test (void)
soup_uri = soup_uri_new (uri);
soup_uri_set_user (soup_uri, "user1");
soup_uri_set_password (soup_uri, "realm1");
- uri_with_credentials = soup_uri_to_string (soup_uri, FALSE);
+ msg = soup_message_new_from_uri (SOUP_METHOD_GET, soup_uri);
+ flags = soup_message_get_flags (msg);
+ soup_message_set_flags (msg, flags | SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
+ soup_session_send_message (session, msg);
+ soup_test_assert_message_status (msg, SOUP_STATUS_OK);
+ g_object_unref (msg);
soup_uri_free (soup_uri);
- do_digest_nonce_test (session, "Fourth", uri_with_credentials, FALSE, TRUE, FALSE);
- g_free (uri_with_credentials);
manager = SOUP_AUTH_MANAGER (soup_session_get_feature (session, SOUP_TYPE_AUTH_MANAGER));
+
soup_auth_manager_clear_cached_credentials (manager);
/* Now check that credentials are not stored */
do_digest_nonce_test (session, "First", uri, FALSE, TRUE, TRUE);
do_digest_nonce_test (session, "Second", uri, TRUE, TRUE, TRUE);
do_digest_nonce_test (session, "Third", uri, TRUE, FALSE, FALSE);
+
+ /* Credentials were stored for uri, but if we set SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE flag,
+ * and we don't have the authenticate signal, it should respond with 401
+ */
+ msg = soup_message_new (SOUP_METHOD_GET, uri);
+ flags = soup_message_get_flags (msg);
+ soup_message_set_flags (msg, flags | SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
+ soup_session_send_message (session, msg);
+ soup_test_assert_message_status (msg, SOUP_STATUS_UNAUTHORIZED);
+ g_object_unref (msg);
g_free (uri);
soup_test_session_abort_unref (session);
--
2.11.0
|
