[libsoup] soup-auth-manager: make URI username/password override cached info

[Dan Winship <danw src gnome org>]

commit f4fc1d02a57bd1332afbaa5267346aeafbc88506
Author: Dan Winship <danw gnome org>
Date:   Sun Nov 14 11:48:04 2010 -0500

    soup-auth-manager: make URI username/password override cached info
    
    This allows a page to, eg, force a logout by sending an XMLHttpRequest
    using a bad password.
    
    Based on a patch from Sergio Villar.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=631679

 libsoup/soup-auth-manager.c |   16 +++++++---------
 1 files changed, 7 insertions(+), 9 deletions(-)
---
diff --git a/libsoup/soup-auth-manager.c b/libsoup/soup-auth-manager.c
index 5d1d1bc..bb5ebb1 100644
--- a/libsoup/soup-auth-manager.c
+++ b/libsoup/soup-auth-manager.c
@@ -361,9 +361,6 @@ authenticate_auth (SoupAuthManager *manager, SoupAuth *auth,
 	SoupAuthManagerPrivate *priv = SOUP_AUTH_MANAGER_GET_PRIVATE (manager);
 	SoupURI *uri;
 
-	if (soup_auth_is_authenticated (auth))
-		return TRUE;
-
 	if (proxy) {
 		SoupMessageQueue *queue;
 		SoupMessageQueueItem *item;
@@ -381,12 +378,13 @@ authenticate_auth (SoupAuthManager *manager, SoupAuth *auth,
 	} else
 		uri = soup_message_get_uri (msg);
 
-	if (uri->password && !prior_auth_failed) {
-		soup_auth_authenticate (auth, uri->user, uri->password);
-		return TRUE;
-	}
-
-	if (can_interact) {
+	/* If a password is specified explicitly in the URI, use it
+	 * even if the auth had previously already been authenticated.
+	 */
+	if (uri->password) {
+		if (!prior_auth_failed)
+			soup_auth_authenticate (auth, uri->user, uri->password);
+	} else if (!soup_auth_is_authenticated (auth) && can_interact) {
 		soup_auth_manager_emit_authenticate (manager, msg, auth,
 						     prior_auth_failed);
 	}