auth: Allow to authenticate using URI user info with no passwordcarlosgc/auth-no-password

We currently require the URI to have both user and password to try to
authenticate with URI credentials. For users with no password the URI
scheme://user@host will fail, it's required to provide an empty password
as scheme://user:@host. Both should just work.

3 files changed, 43 insertions, 2 deletions

diff --git a/libsoup/auth/soup-auth-manager.c b/libsoup/auth/soup-auth-manager.c
index 8c02c0ca..22dd56b2 100644
--- a/libsoup/auth/soup-auth-manager.c
+++ b/libsoup/auth/soup-auth-manager.c
@@ -554,8 +554,10 @@ authenticate_auth (SoupAuthManager *manager, SoupAuth *auth,
 	/* If a password is specified explicitly in the URI, use it
 	 * even if the auth had previously already been authenticated.
 	 */
-	if (g_uri_get_password (uri) && g_uri_get_user (uri)) {
-		soup_auth_authenticate (auth, g_uri_get_user (uri), g_uri_get_password (uri));
+	if (g_uri_get_user (uri)) {
+		const char *password = g_uri_get_password (uri);
+		soup_auth_authenticate (auth, g_uri_get_user (uri), password ? password : "");
+
                 GUri *new_uri = soup_uri_copy (uri, SOUP_URI_USER, NULL, SOUP_URI_PASSWORD, NULL, SOUP_URI_NONE);
                 soup_message_set_uri (msg, new_uri); // QUESTION: This didn't emit a signal previously
                 g_uri_unref (new_uri);
diff --git a/tests/auth-test.c b/tests/auth-test.c
index 271e8aa6..e70a804a 100644
--- a/tests/auth-test.c
+++ b/tests/auth-test.c
@@ -1681,6 +1681,43 @@ do_cancel_on_authenticate (void)
         g_main_loop_unref (loop);
 }
 
+static const struct {
+	const char *url;
+	guint status;
+} uri_tests[] = {
+	{ "http://user1:realm1@127.0.0.1:47524/Digest/realm1/", SOUP_STATUS_OK },
+	{ "http://user1:wrong@127.0.0.1:47524/Digest/realm1/", SOUP_STATUS_UNAUTHORIZED },
+	{ "http://user1@127.0.0.1:47524/Digest/realm1/", SOUP_STATUS_UNAUTHORIZED },
+	{ "http://user5:realm1@127.0.0.1:47524/Digest/realm1/", SOUP_STATUS_UNAUTHORIZED },
+	{ "http://127.0.0.1:47524/Digest/realm1/", SOUP_STATUS_UNAUTHORIZED },
+	{ "http://user4@127.0.0.1:47524/Digest/realm1/", SOUP_STATUS_OK },
+	{ "http://user4:@127.0.0.1:47524/Digest/realm1/", SOUP_STATUS_OK },
+	{ "http://user4:wrong@127.0.0.1:47524/Digest/realm1/", SOUP_STATUS_UNAUTHORIZED },
+};
+
+static void
+do_auth_uri_test (void)
+{
+	SoupSession *session;
+	int i;
+
+	SOUP_TEST_SKIP_IF_NO_APACHE;
+
+	session = soup_test_session_new (NULL);
+
+	for (i = 0; i < G_N_ELEMENTS (uri_tests); i++) {
+		SoupMessage *msg;
+
+		msg = soup_message_new (SOUP_METHOD_GET, uri_tests[i].url);
+		soup_message_add_flags (msg, SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
+		soup_test_session_send_message (session, msg);
+		soup_test_assert_message_status (msg, uri_tests[i].status);
+		g_object_unref (msg);
+	}
+
+	soup_test_session_abort_unref (session);
+}
+
 int
 main (int argc, char **argv)
 {
@@ -1710,6 +1747,7 @@ main (int argc, char **argv)
 	g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test);
 	g_test_add_func ("/auth/cancel-after-retry", do_cancel_after_retry_test);
 	g_test_add_func ("/auth/cancel-on-authenticate", do_cancel_on_authenticate);
+	g_test_add_func ("/auth/auth-uri", do_auth_uri_test);
 
 	ret = g_test_run ();
 
diff --git a/tests/htdigest b/tests/htdigest
index 352520f4..a9b55035 100644
--- a/tests/htdigest
+++ b/tests/htdigest
@@ -1,3 +1,4 @@
 user1:realm1:69cb1fa0285304a71f8975aecd027008
 user2:realm2:b67d8ee3c2e271abba78f71d12fe472e
 user3:realm3:601c319693279abbc07d332bd7637239
+user4:realm1:59bf3b04eb917e317110f0c57b6fa8e3
\ No newline at end of file