Update credentials on cached http-connections

When sending a second request with implied credentials the connection
used may be cached as a connection without credentials, and thereby
incorrectly reused later for other connections with different implied
credentials.

This patch updates the credentials a cached http-connection is using
before sending a request on it.

Task-number: QTBUG-39456
Change-Id: I1609234136a89c32e00432a67720cd62a73a488a
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>

1 files changed, 10 insertions, 0 deletions

diff --git a/src/network/access/qhttpthreaddelegate.cpp b/src/network/access/qhttpthreaddelegate.cpp
index 524042add6..b13c21d624 100644
--- a/src/network/access/qhttpthreaddelegate.cpp
+++ b/src/network/access/qhttpthreaddelegate.cpp
@@ -328,6 +328,16 @@ void QHttpThreadDelegate::startRequest()
 
         // cache the QHttpNetworkConnection corresponding to this cache key
         connections.localData()->addEntry(cacheKey, httpConnection);
+    } else {
+        if (httpRequest.withCredentials()) {
+            QNetworkAuthenticationCredential credential = authenticationManager->fetchCachedCredentials(httpRequest.url(), 0);
+            if (!credential.user.isEmpty() && !credential.password.isEmpty()) {
+                QAuthenticator auth;
+                auth.setUser(credential.user);
+                auth.setPassword(credential.password);
+                httpConnection->d_func()->copyCredentials(-1, &auth, false);
+            }
+        }
     }