[libsoup] auth: do not use cached credentials in lookup method when flag SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE is

From: Carlos Garcia Campos <carlosgc src gnome org>
To: commits-list gnome org
Cc:
Subject: [libsoup] auth: do not use cached credentials in lookup method when flag SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE is
Date: Wed, 22 Feb 2017 08:21:39 +0000 (UTC)
commit 5efaac686e5b6b50705603838b3afdda15e8310d
Author: Carlos Garcia Campos <cgarcia igalia com>
Date:   Sat Feb 11 17:44:46 2017 +0100

    auth: do not use cached credentials in lookup method when flag SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE is 
present
    
    This is causing that a request with flag
    SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE success if a previous request without
    the flag stored the credentials. This patch also fixes another issues
    with the test /auth/message-do-not-use-auth-cache, the case of providing
    the credentials in the url was working because do_digest_nonce_test()
    didn't disconnect the authenticate signal that was actually used. This
    is because soup_uri_to_string removes the password from the uri. The
    test needs to use a custom message created with
    soup_message_new_from_uri() instead of using do_digest_nonce_test().
    
    https://bugzilla.gnome.org/show_bug.cgi?id=778497

 libsoup/soup-auth-manager.c |    6 ++++++
 tests/auth-test.c           |   29 +++++++++++++++++++++++++----
 2 files changed, 31 insertions(+), 4 deletions(-)
---
diff --git a/libsoup/soup-auth-manager.c b/libsoup/soup-auth-manager.c
index 9ff446c..b32ba90 100644
--- a/libsoup/soup-auth-manager.c
+++ b/libsoup/soup-auth-manager.c
@@ -472,6 +472,9 @@ lookup_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg)
        if (auth && soup_auth_is_ready (auth, msg))
                return auth;
 
+       if (soup_message_get_flags (msg) & SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE)
+               return NULL;
+
        host = get_auth_host_for_uri (priv, soup_message_get_uri (msg));
        if (!host->auth_realms && !make_auto_ntlm_auth (priv, host))
                return NULL;
@@ -496,6 +499,9 @@ lookup_proxy_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg)
        if (auth && soup_auth_is_ready (auth, msg))
                return auth;
 
+       if (soup_message_get_flags (msg) & SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE)
+               return NULL;
+
        return priv->proxy_auth;
 }
 
diff --git a/tests/auth-test.c b/tests/auth-test.c
index 23e2213..2d66da9 100644
--- a/tests/auth-test.c
+++ b/tests/auth-test.c
@@ -442,6 +442,12 @@ do_digest_nonce_test (SoupSession *session,
                          got_401 ? "got" : "did not get");
        soup_test_assert_message_status (msg, SOUP_STATUS_OK);
 
+       if (expect_signal) {
+               g_signal_handlers_disconnect_by_func (session,
+                                                     G_CALLBACK (digest_nonce_authenticate),
+                                                     NULL);
+       }
+
        g_object_unref (msg);
 }
 
@@ -1297,9 +1303,10 @@ do_message_do_not_use_auth_cache_test (void)
 {
        SoupSession *session;
        SoupAuthManager *manager;
+       SoupMessage *msg;
+       SoupMessageFlags flags;
        SoupURI *soup_uri;
        char *uri;
-       char *uri_with_credentials;
 
        SOUP_TEST_SKIP_IF_NO_APACHE;
 
@@ -1318,18 +1325,32 @@ do_message_do_not_use_auth_cache_test (void)
        soup_uri = soup_uri_new (uri);
        soup_uri_set_user (soup_uri, "user1");
        soup_uri_set_password (soup_uri, "realm1");
-       uri_with_credentials = soup_uri_to_string (soup_uri, FALSE);
+       msg = soup_message_new_from_uri (SOUP_METHOD_GET, soup_uri);
+       flags = soup_message_get_flags (msg);
+       soup_message_set_flags (msg, flags | SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
+       soup_session_send_message (session, msg);
+       soup_test_assert_message_status (msg, SOUP_STATUS_OK);
+       g_object_unref (msg);
        soup_uri_free (soup_uri);
-       do_digest_nonce_test (session, "Fourth", uri_with_credentials, FALSE, TRUE, FALSE);
-       g_free (uri_with_credentials);
 
        manager = SOUP_AUTH_MANAGER (soup_session_get_feature (session, SOUP_TYPE_AUTH_MANAGER));
+
        soup_auth_manager_clear_cached_credentials (manager);
 
        /* Now check that credentials are not stored */
        do_digest_nonce_test (session, "First", uri, FALSE, TRUE, TRUE);
        do_digest_nonce_test (session, "Second", uri, TRUE, TRUE, TRUE);
        do_digest_nonce_test (session, "Third", uri, TRUE, FALSE, FALSE);
+
+       /* Credentials were stored for uri, but if we set SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE flag,
+        * and we don't have the authenticate signal, it should respond with 401
+        */
+       msg = soup_message_new (SOUP_METHOD_GET, uri);
+       flags = soup_message_get_flags (msg);
+       soup_message_set_flags (msg, flags | SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
+       soup_session_send_message (session, msg);
+       soup_test_assert_message_status (msg, SOUP_STATUS_UNAUTHORIZED);
+       g_object_unref (msg);
        g_free (uri);
 
        soup_test_session_abort_unref (session);
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]