[gvfs/wip/oholy/dav-403] dav: Try authenticate again even if 403 was returned

[Ondrej Holy <oholy src gnome org>]

commit 8ebc33fe2cb82979824de4c43179b4eef9266bd6
Author: Ondrej Holy <oholy redhat com>
Date:   Thu Dec 20 13:44:00 2018 +0100

    dav: Try authenticate again even if 403 was returned
    
    Some servers e.g. davs://webdav.mc.gmx.net returns 403 status code in
    case if invalid credentials instead of 401. This causes that libsoup
    fails immediately after the first login attempt, which is especially
    problem in case of the wrong credentials stored in the keyring. A user
    doesn't have any chance to manually specify correct credentials. Clear
    the credentials cache and force libsoup to call the authentication
    callback again...
    
    Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/351

 daemon/gvfsbackenddav.c | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)
---
diff --git a/daemon/gvfsbackenddav.c b/daemon/gvfsbackenddav.c
index 203363d7..86bfb6fe 100644
--- a/daemon/gvfsbackenddav.c
+++ b/daemon/gvfsbackenddav.c
@@ -94,6 +94,7 @@ struct _MountAuthData {
 
   SoupSession  *session;
   GMountSource *mount_source;
+  gboolean fallback;
 
   AuthInfo server_auth;
   AuthInfo proxy_auth;
@@ -1528,7 +1529,7 @@ soup_authenticate_interactive (SoupSession *session,
 
   have_auth = info->username && info->password;
 
-  if (have_auth == FALSE && g_vfs_keyring_is_available ())
+  if (have_auth == FALSE && data->fallback == FALSE && g_vfs_keyring_is_available ())
     {
       SoupURI *uri; 
       SoupURI *uri_free = NULL;
@@ -1567,7 +1568,7 @@ soup_authenticate_interactive (SoupSession *session,
         soup_uri_free (uri_free);
     }
 
-  if (retrying == FALSE && have_auth)
+  if (retrying == FALSE && data->fallback == FALSE && have_auth)
     {
       soup_auth_authenticate (auth, info->username, info->password);
       return;
@@ -1913,6 +1914,30 @@ do_mount (GVfsBackend  *backend,
     is_success = SOUP_STATUS_IS_SUCCESSFUL (status);
     is_webdav = sm_has_header (msg_opts, "DAV");
 
+    /* Workaround for servers which response with 403 instead of 401 in case of
+     * wrong credentials to let the user specify its credentials again. */
+    if (status == SOUP_STATUS_FORBIDDEN &&
+        (data->server_auth.password != NULL ||
+         data->proxy_auth.password != NULL))
+      {
+        SoupSessionFeature *auth_manager;
+
+        data->fallback = TRUE;
+
+        g_clear_pointer (&data->server_auth.username, g_free);
+        data->server_auth.username = g_strdup (mount_base->user);
+        g_clear_pointer (&data->server_auth.password, g_free);
+        g_clear_pointer (&data->proxy_auth.password, g_free);
+
+        auth_manager = soup_session_get_feature (session, SOUP_TYPE_AUTH_MANAGER);
+        soup_auth_manager_clear_cached_credentials (SOUP_AUTH_MANAGER (auth_manager));
+
+        g_object_unref (msg_opts);
+        msg_opts = soup_message_new_from_uri (SOUP_METHOD_OPTIONS, mount_base);
+
+        continue;
+      }
+
     /* If SSL is used and the certificate verifies OK, then ssl-strict remains
      * on for all further connections.
      * If SSL is used and the certificate does not verify OK, then the user