Tools/gtk/patches/libsoup-auth-do-not-use-cached-credentials-in-lookup-method-.patch - WebKit - Git at Google

 From c8401c372adc9a9cb11fc870c390affb10379cfa Mon Sep 17 00:00:00 2001
 From: Carlos Garcia Campos <cgarcia@igalia.com>
 Date: Sat, 11 Feb 2017 17:44:46 +0100
 Subject: [PATCH 2/2] auth: do not use cached credentials in lookup method when
  flag SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE is present

 This is causing that a request with flag
 SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE success if a previous request without
 the flag stored the credentials. This patch also fixes another issues
 with the test /auth/message-do-not-use-auth-cache, the case of providing
 the credentials in the url was working because do_digest_nonce_test()
 didn't disconnect the authenticate signal that was actually used. This
 is because soup_uri_to_string removes the password from the uri. The
 test needs to use a custom message created with
 soup_message_new_from_uri() instead of using do_digest_nonce_test().

 https://bugzilla.gnome.org/show_bug.cgi?id=778497
 ---
  libsoup/soup-auth-manager.c |  6 ++++++
  tests/auth-test.c           | 29 +++++++++++++++++++++++++----
  2 files changed, 31 insertions(+), 4 deletions(-)

 diff --git a/libsoup/soup-auth-manager.c b/libsoup/soup-auth-manager.c
 index 9ff446cc..b32ba900 100644
 --- a/libsoup/soup-auth-manager.c
 +++ b/libsoup/soup-auth-manager.c
 @@ -472,6 +472,9 @@ lookup_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg)
  	if (auth && soup_auth_is_ready (auth, msg))
  		return auth;

 +	if (soup_message_get_flags (msg) & SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE)
 +		return NULL;
 +
  	host = get_auth_host_for_uri (priv, soup_message_get_uri (msg));
  	if (!host->auth_realms && !make_auto_ntlm_auth (priv, host))
  		return NULL;
 @@ -496,6 +499,9 @@ lookup_proxy_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg)
  	if (auth && soup_auth_is_ready (auth, msg))
  		return auth;

 +	if (soup_message_get_flags (msg) & SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE)
 +		return NULL;
 +
  	return priv->proxy_auth;
  }

 diff --git a/tests/auth-test.c b/tests/auth-test.c
 index 23e22133..2d66da9e 100644
 --- a/tests/auth-test.c
 +++ b/tests/auth-test.c
 @@ -442,6 +442,12 @@ do_digest_nonce_test (SoupSession *session,
  			  got_401 ? "got" : "did not get");
  	soup_test_assert_message_status (msg, SOUP_STATUS_OK);

 +	if (expect_signal) {
 +		g_signal_handlers_disconnect_by_func (session,
 +						      G_CALLBACK (digest_nonce_authenticate),
 +						      NULL);
 +	}
 +
  	g_object_unref (msg);
  }

 @@ -1297,9 +1303,10 @@ do_message_do_not_use_auth_cache_test (void)
  {
  	SoupSession *session;
  	SoupAuthManager *manager;
 +	SoupMessage *msg;
 +	SoupMessageFlags flags;
  	SoupURI *soup_uri;
  	char *uri;
 -	char *uri_with_credentials;

  	SOUP_TEST_SKIP_IF_NO_APACHE;

 @@ -1318,18 +1325,32 @@ do_message_do_not_use_auth_cache_test (void)
  	soup_uri = soup_uri_new (uri);
  	soup_uri_set_user (soup_uri, "user1");
  	soup_uri_set_password (soup_uri, "realm1");
 -	uri_with_credentials = soup_uri_to_string (soup_uri, FALSE);
 +	msg = soup_message_new_from_uri (SOUP_METHOD_GET, soup_uri);
 +	flags = soup_message_get_flags (msg);
 +	soup_message_set_flags (msg, flags | SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
 +	soup_session_send_message (session, msg);
 +	soup_test_assert_message_status (msg, SOUP_STATUS_OK);
 +	g_object_unref (msg);
  	soup_uri_free (soup_uri);
 -	do_digest_nonce_test (session, "Fourth", uri_with_credentials, FALSE, TRUE, FALSE);
 -	g_free (uri_with_credentials);

  	manager = SOUP_AUTH_MANAGER (soup_session_get_feature (session, SOUP_TYPE_AUTH_MANAGER));
 +
  	soup_auth_manager_clear_cached_credentials (manager);

  	/* Now check that credentials are not stored */
  	do_digest_nonce_test (session, "First", uri, FALSE, TRUE, TRUE);
  	do_digest_nonce_test (session, "Second", uri, TRUE, TRUE, TRUE);
  	do_digest_nonce_test (session, "Third", uri, TRUE, FALSE, FALSE);
 +
 +	/* Credentials were stored for uri, but if we set SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE flag,
 +	 * and we don't have the authenticate signal, it should respond with 401
 +	 */
 +	msg = soup_message_new (SOUP_METHOD_GET, uri);
 +	flags = soup_message_get_flags (msg);
 +	soup_message_set_flags (msg, flags | SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
 +	soup_session_send_message (session, msg);
 +	soup_test_assert_message_status (msg, SOUP_STATUS_UNAUTHORIZED);
 +	g_object_unref (msg);
  	g_free (uri);

  	soup_test_session_abort_unref (session);
 --
 2.11.0
	From c8401c372adc9a9cb11fc870c390affb10379cfa Mon Sep 17 00:00:00 2001
	From: Carlos Garcia Campos <cgarcia@igalia.com>
	Date: Sat, 11 Feb 2017 17:44:46 +0100
	Subject: [PATCH 2/2] auth: do not use cached credentials in lookup method when
	flag SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE is present

	This is causing that a request with flag
	SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE success if a previous request without
	the flag stored the credentials. This patch also fixes another issues
	with the test /auth/message-do-not-use-auth-cache, the case of providing
	the credentials in the url was working because do_digest_nonce_test()
	didn't disconnect the authenticate signal that was actually used. This
	is because soup_uri_to_string removes the password from the uri. The
	test needs to use a custom message created with
	soup_message_new_from_uri() instead of using do_digest_nonce_test().

	https://bugzilla.gnome.org/show_bug.cgi?id=778497
	---
	libsoup/soup-auth-manager.c \| 6 ++++++
	tests/auth-test.c \| 29 +++++++++++++++++++++++++----
	2 files changed, 31 insertions(+), 4 deletions(-)

	diff --git a/libsoup/soup-auth-manager.c b/libsoup/soup-auth-manager.c
	index 9ff446cc..b32ba900 100644
	--- a/libsoup/soup-auth-manager.c
	+++ b/libsoup/soup-auth-manager.c
	@@ -472,6 +472,9 @@ lookup_auth (SoupAuthManagerPrivate priv, SoupMessage msg)
	if (auth && soup_auth_is_ready (auth, msg))
	return auth;

	+ if (soup_message_get_flags (msg) & SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE)
	+ return NULL;
	+
	host = get_auth_host_for_uri (priv, soup_message_get_uri (msg));
	if (!host->auth_realms && !make_auto_ntlm_auth (priv, host))
	return NULL;
	@@ -496,6 +499,9 @@ lookup_proxy_auth (SoupAuthManagerPrivate priv, SoupMessage msg)
	if (auth && soup_auth_is_ready (auth, msg))
	return auth;

	+ if (soup_message_get_flags (msg) & SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE)
	+ return NULL;
	+
	return priv->proxy_auth;
	}

	diff --git a/tests/auth-test.c b/tests/auth-test.c
	index 23e22133..2d66da9e 100644
	--- a/tests/auth-test.c
	+++ b/tests/auth-test.c
	@@ -442,6 +442,12 @@ do_digest_nonce_test (SoupSession *session,
	got_401 ? "got" : "did not get");
	soup_test_assert_message_status (msg, SOUP_STATUS_OK);

	+ if (expect_signal) {
	+ g_signal_handlers_disconnect_by_func (session,
	+ G_CALLBACK (digest_nonce_authenticate),
	+ NULL);
	+ }
	+
	g_object_unref (msg);
	}

	@@ -1297,9 +1303,10 @@ do_message_do_not_use_auth_cache_test (void)
	{
	SoupSession *session;
	SoupAuthManager *manager;
	+ SoupMessage *msg;
	+ SoupMessageFlags flags;
	SoupURI *soup_uri;
	char *uri;
	- char *uri_with_credentials;

	SOUP_TEST_SKIP_IF_NO_APACHE;

	@@ -1318,18 +1325,32 @@ do_message_do_not_use_auth_cache_test (void)
	soup_uri = soup_uri_new (uri);
	soup_uri_set_user (soup_uri, "user1");
	soup_uri_set_password (soup_uri, "realm1");
	- uri_with_credentials = soup_uri_to_string (soup_uri, FALSE);
	+ msg = soup_message_new_from_uri (SOUP_METHOD_GET, soup_uri);
	+ flags = soup_message_get_flags (msg);
	+ soup_message_set_flags (msg, flags \| SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
	+ soup_session_send_message (session, msg);
	+ soup_test_assert_message_status (msg, SOUP_STATUS_OK);
	+ g_object_unref (msg);
	soup_uri_free (soup_uri);
	- do_digest_nonce_test (session, "Fourth", uri_with_credentials, FALSE, TRUE, FALSE);
	- g_free (uri_with_credentials);

	manager = SOUP_AUTH_MANAGER (soup_session_get_feature (session, SOUP_TYPE_AUTH_MANAGER));
	+
	soup_auth_manager_clear_cached_credentials (manager);

	/* Now check that credentials are not stored */
	do_digest_nonce_test (session, "First", uri, FALSE, TRUE, TRUE);
	do_digest_nonce_test (session, "Second", uri, TRUE, TRUE, TRUE);
	do_digest_nonce_test (session, "Third", uri, TRUE, FALSE, FALSE);
	+
	+ /* Credentials were stored for uri, but if we set SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE flag,
	+ * and we don't have the authenticate signal, it should respond with 401
	+ */
	+ msg = soup_message_new (SOUP_METHOD_GET, uri);
	+ flags = soup_message_get_flags (msg);
	+ soup_message_set_flags (msg, flags \| SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE);
	+ soup_session_send_message (session, msg);
	+ soup_test_assert_message_status (msg, SOUP_STATUS_UNAUTHORIZED);
	+ g_object_unref (msg);
	g_free (uri);

	soup_test_session_abort_unref (session);
	--
	2.11.0