[libsoup] Do not remove Authorization header unconditionally

From: Dan Winship <danw src gnome org>
To: commits-list gnome org
Cc:
Subject: [libsoup] Do not remove Authorization header unconditionally
Date: Mon, 12 Dec 2016 15:53:44 +0000 (UTC)
commit a8982b0376885b5007b5c6bbbfedfde7bb941a54
Author: Carlos Garcia Campos <cgarcia igalia com>
Date:   Sat Dec 10 11:22:48 2016 +0100

    Do not remove Authorization header unconditionally
    
    This is a regression introduced in efcb377,
    update_authorization_header() is always removing the Authorization, so
    if the user added its own header it's ignored and authentication will
    fail if we don't have cached credentials. This patch ensures the
    behavior is the same as before efcb377 when flag
    SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE is not present, by only removing the
    Authorization header if the message has a SoupAuth when
    update_authorization_header() is called.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=775882

 libsoup/soup-auth-manager.c |    6 ++-
 tests/auth-test.c           |   74 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+), 2 deletions(-)
---
diff --git a/libsoup/soup-auth-manager.c b/libsoup/soup-auth-manager.c
index 6998191..704661b 100644
--- a/libsoup/soup-auth-manager.c
+++ b/libsoup/soup-auth-manager.c
@@ -446,7 +446,9 @@ update_authorization_header (SoupMessage *msg, SoupAuth *auth, gboolean is_proxy
        const char *authorization_header = is_proxy ? "Proxy-Authorization" : "Authorization";
        char *token;
 
-       soup_message_headers_remove (msg->request_headers, authorization_header);
+       if (soup_message_get_auth (msg))
+               soup_message_headers_remove (msg->request_headers, authorization_header);
+
        if (!auth)
                return;
 
@@ -454,7 +456,7 @@ update_authorization_header (SoupMessage *msg, SoupAuth *auth, gboolean is_proxy
        if (!token)
                return;
 
-       soup_message_headers_append (msg->request_headers, authorization_header, token);
+       soup_message_headers_replace (msg->request_headers, authorization_header, token);
        g_free (token);
 }
 
diff --git a/tests/auth-test.c b/tests/auth-test.c
index b64af07..b674c61 100644
--- a/tests/auth-test.c
+++ b/tests/auth-test.c
@@ -1335,6 +1335,79 @@ do_message_do_not_use_auth_cache_test (void)
        soup_test_session_abort_unref (session);
 }
 
+static void
+has_authorization_header_authenticate (SoupSession *session, SoupMessage *msg,
+                                      SoupAuth *auth, gboolean retrying, gpointer data)
+{
+       SoupAuth **saved_auth = data;
+
+       soup_auth_authenticate (auth, "user1", "realm1");
+       *saved_auth = g_object_ref (auth);
+}
+
+static void
+has_authorization_header_authenticate_assert (SoupSession *session, SoupMessage *msg,
+                                             SoupAuth *auth, gboolean retrying, gpointer data)
+{
+       soup_test_assert (FALSE, "authenticate emitted unexpectedly");
+}
+
+static void
+do_message_has_authorization_header_test (void)
+{
+       SoupSession *session;
+       SoupMessage *msg;
+       SoupAuthManager *manager;
+       SoupAuth *auth = NULL;
+       char *token;
+       guint auth_id;
+       char *uri;
+
+       g_test_bug ("775882");
+
+       SOUP_TEST_SKIP_IF_NO_APACHE;
+
+       session = soup_test_session_new (SOUP_TYPE_SESSION, NULL);
+       uri = g_strconcat (base_uri, "Digest/realm1/", NULL);
+
+       msg = soup_message_new ("GET", uri);
+       auth_id = g_signal_connect (session, "authenticate",
+                         G_CALLBACK (has_authorization_header_authenticate), &auth);
+       soup_session_send_message (session, msg);
+       soup_test_assert_message_status (msg, SOUP_STATUS_OK);
+       soup_test_assert (SOUP_IS_AUTH (auth), "Expected a SoupAuth");
+       token = soup_auth_get_authorization (auth, msg);
+       g_object_unref (auth);
+       g_object_unref (msg);
+       g_signal_handler_disconnect (session, auth_id);
+
+       manager = SOUP_AUTH_MANAGER (soup_session_get_feature (session, SOUP_TYPE_AUTH_MANAGER));
+       soup_auth_manager_clear_cached_credentials (manager);
+
+       msg = soup_message_new ("GET", uri);
+       soup_message_headers_replace (msg->request_headers, "Authorization", token);
+       auth_id = g_signal_connect (session, "authenticate",
+                                   G_CALLBACK (has_authorization_header_authenticate_assert),
+                                   NULL);
+       soup_session_send_message (session, msg);
+       soup_test_assert_message_status (msg, SOUP_STATUS_OK);
+       g_object_unref (msg);
+
+       /* Check that we can also provide our own Authorization header when not using credentials cache. */
+       soup_auth_manager_clear_cached_credentials (manager);
+       msg = soup_message_new ("GET", uri);
+       soup_message_headers_replace (msg->request_headers, "Authorization", token);
+       soup_message_set_flags (msg, soup_message_get_flags (msg) | SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
+       soup_session_send_message (session, msg);
+       soup_test_assert_message_status (msg, SOUP_STATUS_OK);
+       g_object_unref (msg);
+       g_free (token);
+       g_signal_handler_disconnect (session, auth_id);
+
+       g_free (uri);
+       soup_test_session_abort_unref (session);
+}
+
 int
 main (int argc, char **argv)
 {
@@ -1359,6 +1432,7 @@ main (int argc, char **argv)
        g_test_add_func ("/auth/disappearing-auth", do_disappearing_auth_test);
        g_test_add_func ("/auth/clear-credentials", do_clear_credentials_test);
        g_test_add_func ("/auth/message-do-not-use-auth-cache", do_message_do_not_use_auth_cache_test);
+       g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test);
 
        ret = g_test_run ();
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]