diff options
author | Dan Winship <danw@gnome.org> | 2010-11-14 11:48:04 -0500 |
---|---|---|
committer | Dan Winship <danw@gnome.org> | 2010-11-14 11:51:56 -0500 |
commit | f4fc1d02a57bd1332afbaa5267346aeafbc88506 (patch) | |
tree | 71a2fc01d433104291c1d5474a95bba56d95290c | |
parent | 8fb9245b23bec2b0b5b17af583eabd65060083f3 (diff) | |
download | libsoup-f4fc1d02a57bd1332afbaa5267346aeafbc88506.tar.gz |
soup-auth-manager: make URI username/password override cached info
This allows a page to, eg, force a logout by sending an XMLHttpRequest
using a bad password.
Based on a patch from Sergio Villar.
https://bugzilla.gnome.org/show_bug.cgi?id=631679
-rw-r--r-- | libsoup/soup-auth-manager.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/libsoup/soup-auth-manager.c b/libsoup/soup-auth-manager.c index 5d1d1bcd..bb5ebb1f 100644 --- a/libsoup/soup-auth-manager.c +++ b/libsoup/soup-auth-manager.c @@ -361,9 +361,6 @@ authenticate_auth (SoupAuthManager *manager, SoupAuth *auth, SoupAuthManagerPrivate *priv = SOUP_AUTH_MANAGER_GET_PRIVATE (manager); SoupURI *uri; - if (soup_auth_is_authenticated (auth)) - return TRUE; - if (proxy) { SoupMessageQueue *queue; SoupMessageQueueItem *item; @@ -381,12 +378,13 @@ authenticate_auth (SoupAuthManager *manager, SoupAuth *auth, } else uri = soup_message_get_uri (msg); - if (uri->password && !prior_auth_failed) { - soup_auth_authenticate (auth, uri->user, uri->password); - return TRUE; - } - - if (can_interact) { + /* If a password is specified explicitly in the URI, use it + * even if the auth had previously already been authenticated. + */ + if (uri->password) { + if (!prior_auth_failed) + soup_auth_authenticate (auth, uri->user, uri->password); + } else if (!soup_auth_is_authenticated (auth) && can_interact) { soup_auth_manager_emit_authenticate (manager, msg, auth, prior_auth_failed); } |