auth: do not use cached credentials in lookup method when flag SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE is present

This is causing that a request with flag
SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE success if a previous request without
the flag stored the credentials. This patch also fixes another issues
with the test /auth/message-do-not-use-auth-cache, the case of providing
the credentials in the url was working because do_digest_nonce_test()
didn't disconnect the authenticate signal that was actually used. This
is because soup_uri_to_string removes the password from the uri. The
test needs to use a custom message created with
soup_message_new_from_uri() instead of using do_digest_nonce_test().

https://bugzilla.gnome.org/show_bug.cgi?id=778497

2 files changed, 31 insertions, 4 deletions

diff --git a/libsoup/soup-auth-manager.c b/libsoup/soup-auth-manager.c
index 9ff446cc..b32ba900 100644
--- a/libsoup/soup-auth-manager.c
+++ b/libsoup/soup-auth-manager.c
@@ -472,6 +472,9 @@ lookup_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg)
 	if (auth && soup_auth_is_ready (auth, msg))
 		return auth;
 
+	if (soup_message_get_flags (msg) & SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE)
+		return NULL;
+
 	host = get_auth_host_for_uri (priv, soup_message_get_uri (msg));
 	if (!host->auth_realms && !make_auto_ntlm_auth (priv, host))
 		return NULL;
@@ -496,6 +499,9 @@ lookup_proxy_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg)
 	if (auth && soup_auth_is_ready (auth, msg))
 		return auth;
 
+	if (soup_message_get_flags (msg) & SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE)
+		return NULL;
+
 	return priv->proxy_auth;
 }
 
diff --git a/tests/auth-test.c b/tests/auth-test.c
index 23e22133..2d66da9e 100644
--- a/tests/auth-test.c
+++ b/tests/auth-test.c
@@ -442,6 +442,12 @@ do_digest_nonce_test (SoupSession *session,
 			  got_401 ? "got" : "did not get");
 	soup_test_assert_message_status (msg, SOUP_STATUS_OK);
 
+	if (expect_signal) {
+		g_signal_handlers_disconnect_by_func (session,
+						      G_CALLBACK (digest_nonce_authenticate),
+						      NULL);
+	}
+
 	g_object_unref (msg);
 }
 
@@ -1297,9 +1303,10 @@ do_message_do_not_use_auth_cache_test (void)
 {
 	SoupSession *session;
 	SoupAuthManager *manager;
+	SoupMessage *msg;
+	SoupMessageFlags flags;
 	SoupURI *soup_uri;
 	char *uri;
-	char *uri_with_credentials;
 
 	SOUP_TEST_SKIP_IF_NO_APACHE;
 
@@ -1318,18 +1325,32 @@ do_message_do_not_use_auth_cache_test (void)
 	soup_uri = soup_uri_new (uri);
 	soup_uri_set_user (soup_uri, "user1");
 	soup_uri_set_password (soup_uri, "realm1");
-	uri_with_credentials = soup_uri_to_string (soup_uri, FALSE);
+	msg = soup_message_new_from_uri (SOUP_METHOD_GET, soup_uri);
+	flags = soup_message_get_flags (msg);
+	soup_message_set_flags (msg, flags | SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
+	soup_session_send_message (session, msg);
+	soup_test_assert_message_status (msg, SOUP_STATUS_OK);
+	g_object_unref (msg);
 	soup_uri_free (soup_uri);
-	do_digest_nonce_test (session, "Fourth", uri_with_credentials, FALSE, TRUE, FALSE);
-	g_free (uri_with_credentials);
 
 	manager = SOUP_AUTH_MANAGER (soup_session_get_feature (session, SOUP_TYPE_AUTH_MANAGER));
+
 	soup_auth_manager_clear_cached_credentials (manager);
 
 	/* Now check that credentials are not stored */
 	do_digest_nonce_test (session, "First", uri, FALSE, TRUE, TRUE);
 	do_digest_nonce_test (session, "Second", uri, TRUE, TRUE, TRUE);
 	do_digest_nonce_test (session, "Third", uri, TRUE, FALSE, FALSE);
+
+	/* Credentials were stored for uri, but if we set SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE flag,
+	 * and we don't have the authenticate signal, it should respond with 401
+	 */
+	msg = soup_message_new (SOUP_METHOD_GET, uri);
+	flags = soup_message_get_flags (msg);
+	soup_message_set_flags (msg, flags | SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
+	soup_session_send_message (session, msg);
+	soup_test_assert_message_status (msg, SOUP_STATUS_UNAUTHORIZED);
+	g_object_unref (msg);
 	g_free (uri);
 
 	soup_test_session_abort_unref (session);