[libsoup/carlosgc/auth-no-password] auth: Allow to authenticate using URI user info with no password

From: Carlos Garcia Campos <carlosgc src gnome org>
To: commits-list gnome org
Cc:
Subject: [libsoup/carlosgc/auth-no-password] auth: Allow to authenticate using URI user info with no password
Date: Thu, 4 Feb 2021 15:33:07 +0000 (UTC)

commit 881ef353747abb69a7a86c86ec7e9d0a72a057fb
Author: Carlos Garcia Campos <cgarcia igalia com>
Date:   Thu Feb 4 16:27:28 2021 +0100

    auth: Allow to authenticate using URI user info with no password
    
    We currently require the URI to have both user and password to try to
    authenticate with URI credentials. For users with no password the URI
    scheme://user@host will fail, it's required to provide an empty password
    as scheme://user:@host. Both should just work.

 libsoup/auth/soup-auth-manager.c |  6 ++++--
 tests/auth-test.c                | 38 ++++++++++++++++++++++++++++++++++++++
 tests/htdigest                   |  1 +
 3 files changed, 43 insertions(+), 2 deletions(-)
---
diff --git a/libsoup/auth/soup-auth-manager.c b/libsoup/auth/soup-auth-manager.c
index 8c02c0ca..22dd56b2 100644
--- a/libsoup/auth/soup-auth-manager.c
+++ b/libsoup/auth/soup-auth-manager.c
@@ -554,8 +554,10 @@ authenticate_auth (SoupAuthManager *manager, SoupAuth *auth,
        /* If a password is specified explicitly in the URI, use it
         * even if the auth had previously already been authenticated.
         */
-       if (g_uri_get_password (uri) && g_uri_get_user (uri)) {
-               soup_auth_authenticate (auth, g_uri_get_user (uri), g_uri_get_password (uri));
+       if (g_uri_get_user (uri)) {
+               const char *password = g_uri_get_password (uri);
+               soup_auth_authenticate (auth, g_uri_get_user (uri), password ? password : "");
+
                 GUri *new_uri = soup_uri_copy (uri, SOUP_URI_USER, NULL, SOUP_URI_PASSWORD, NULL, 
SOUP_URI_NONE);
                 soup_message_set_uri (msg, new_uri); // QUESTION: This didn't emit a signal previously
                 g_uri_unref (new_uri);
diff --git a/tests/auth-test.c b/tests/auth-test.c
index 271e8aa6..e70a804a 100644
--- a/tests/auth-test.c
+++ b/tests/auth-test.c
@@ -1681,6 +1681,43 @@ do_cancel_on_authenticate (void)
         g_main_loop_unref (loop);
 }
 
+static const struct {
+       const char *url;
+       guint status;
+} uri_tests[] = {
+       { "http://user1:realm1@127.0.0.1:47524/Digest/realm1/";, SOUP_STATUS_OK },
+       { "http://user1:wrong@127.0.0.1:47524/Digest/realm1/";, SOUP_STATUS_UNAUTHORIZED },
+       { "http://user1@127.0.0.1:47524/Digest/realm1/";, SOUP_STATUS_UNAUTHORIZED },
+       { "http://user5:realm1@127.0.0.1:47524/Digest/realm1/";, SOUP_STATUS_UNAUTHORIZED },
+       { "http://127.0.0.1:47524/Digest/realm1/";, SOUP_STATUS_UNAUTHORIZED },
+       { "http://user4@127.0.0.1:47524/Digest/realm1/";, SOUP_STATUS_OK },
+       { "http://user4:@127.0.0.1:47524/Digest/realm1/";, SOUP_STATUS_OK },
+       { "http://user4:wrong@127.0.0.1:47524/Digest/realm1/";, SOUP_STATUS_UNAUTHORIZED },
+};
+
+static void
+do_auth_uri_test (void)
+{
+       SoupSession *session;
+       int i;
+
+       SOUP_TEST_SKIP_IF_NO_APACHE;
+
+       session = soup_test_session_new (NULL);
+
+       for (i = 0; i < G_N_ELEMENTS (uri_tests); i++) {
+               SoupMessage *msg;
+
+               msg = soup_message_new (SOUP_METHOD_GET, uri_tests[i].url);
+               soup_message_add_flags (msg, SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
+               soup_test_session_send_message (session, msg);
+               soup_test_assert_message_status (msg, uri_tests[i].status);
+               g_object_unref (msg);
+       }
+
+       soup_test_session_abort_unref (session);
+}
+
 int
 main (int argc, char **argv)
 {
@@ -1710,6 +1747,7 @@ main (int argc, char **argv)
        g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test);
        g_test_add_func ("/auth/cancel-after-retry", do_cancel_after_retry_test);
        g_test_add_func ("/auth/cancel-on-authenticate", do_cancel_on_authenticate);
+       g_test_add_func ("/auth/auth-uri", do_auth_uri_test);
 
        ret = g_test_run ();
 
diff --git a/tests/htdigest b/tests/htdigest
index 352520f4..a9b55035 100644
--- a/tests/htdigest
+++ b/tests/htdigest
@@ -1,3 +1,4 @@
 user1:realm1:69cb1fa0285304a71f8975aecd027008
 user2:realm2:b67d8ee3c2e271abba78f71d12fe472e
 user3:realm3:601c319693279abbc07d332bd7637239
+user4:realm1:59bf3b04eb917e317110f0c57b6fa8e3
\ No newline at end of file
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]