From 2e207e29436cbe953df99783a9577a9776a200bb Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@digia.com>
Date: Wed, 22 Oct 2014 13:25:29 +0200
Subject: Update credentials on cached http-connections

When sending a second request with implied credentials the connection
used may be cached as a connection without credentials, and thereby
incorrectly reused later for other connections with different implied
credentials.

This patch updates the credentials a cached http-connection is using
before sending a request on it.

Task-number: QTBUG-39456
Change-Id: I1609234136a89c32e00432a67720cd62a73a488a
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
---
 src/network/access/qhttpthreaddelegate.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src/network/access/qhttpthreaddelegate.cpp')

diff --git a/src/network/access/qhttpthreaddelegate.cpp b/src/network/access/qhttpthreaddelegate.cpp
index 524042add6..b13c21d624 100644
--- a/src/network/access/qhttpthreaddelegate.cpp
+++ b/src/network/access/qhttpthreaddelegate.cpp
@@ -328,6 +328,16 @@ void QHttpThreadDelegate::startRequest()
 
         // cache the QHttpNetworkConnection corresponding to this cache key
         connections.localData()->addEntry(cacheKey, httpConnection);
+    } else {
+        if (httpRequest.withCredentials()) {
+            QNetworkAuthenticationCredential credential = authenticationManager->fetchCachedCredentials(httpRequest.url(), 0);
+            if (!credential.user.isEmpty() && !credential.password.isEmpty()) {
+                QAuthenticator auth;
+                auth.setUser(credential.user);
+                auth.setPassword(credential.password);
+                httpConnection->d_func()->copyCredentials(-1, &auth, false);
+            }
+        }
     }
 
 
-- 
cgit v1.2.3