QAuthenticator: Don't assume we haven't tried the URL credentials

It's problematic if we have already used these credentials and it
failed. Since then we emit authenticationRequired only for QNAM to
intercept it and "helpfully" suggest we use the same credentials again.

By moving on we can check the cache or ask the user about the necessary
credentials.

Pick-to: 5.15
Change-Id: Idaac5ae71167462369b66194ab6b1f77113d636a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>

1 files changed, 4 insertions, 3 deletions

diff --git a/src/network/access/qnetworkaccessmanager.cpp b/src/network/access/qnetworkaccessmanager.cpp
index 4d6bc58b00..bb90e89305 100644
--- a/src/network/access/qnetworkaccessmanager.cpp
+++ b/src/network/access/qnetworkaccessmanager.cpp
@@ -1508,9 +1508,10 @@ void QNetworkAccessManagerPrivate::authenticationRequired(QAuthenticator *authen
     // also called when last URL is empty, e.g. on first call
     if (allowAuthenticationReuse && (urlForLastAuthentication->isEmpty()
             || url != *urlForLastAuthentication)) {
-        // if credentials are included in the url, then use them
-        if (!url.userName().isEmpty()
-            && !url.password().isEmpty()) {
+        // if credentials are included in the url, then use them, unless they were already used
+        if (!url.userName().isEmpty() && !url.password().isEmpty()
+            && (url.userName() != authenticator->user()
+                || url.password() != authenticator->password())) {
             authenticator->setUser(url.userName(QUrl::FullyDecoded));
             authenticator->setPassword(url.password(QUrl::FullyDecoded));
             *urlForLastAuthentication = url;