From f971a0d65cc4bc64dc61bdd2a4b659b382eb996f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Cabessa?= <ccabessa@genymobile.com>
Date: Tue, 10 May 2016 12:10:32 +0200
Subject: Fix proxy when changing only the password

QHttpThreadDelegate doesn't take into account the password to compute the
key of the networkconnection hash. So if only the password for a proxy has
changed, the wrong data gets used for the connection.

This patch simply adds proxy->password() to the key.

Here are the steps to reproduce the bug:
 * Use an authentified proxy and provide the correct username but a wrong
password

```
 QNetworkAccessManager networkAccessManager;
 QNetworkProxy proxy(QNetworkProxy::HttpProxy, PROXY_HOST, PROXY_PORT,
                     "goodusername", "badpassword");
 networkAccessManager.setProxy(proxy);
``

 * As expected, the reply returns ProxyAuthenticationRequiredError

 * Using the same QNetworkAccessManager, setup a new proxy with the
correct credential:

```
 QNetworkProxy proxy(QNetworkProxy::HttpProxy, PROXY_HOST, PROXY_PORT,
                     "goodusername", "goodpassword");
 networkAccessManager.setProxy(proxy);
```

 * The reply still returns ProxyAuthenticationRequiredError

[ChangeLog][QtNetwork] Fix proxy-authentication issue, after a wrong password
has been used, when supplying the right password.

Change-Id: Id3b5a2ce71fda81780f3ef2568a73d0022b38815
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
---
 src/network/access/qhttpthreaddelegate.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/network/access/qhttpthreaddelegate.cpp')

diff --git a/src/network/access/qhttpthreaddelegate.cpp b/src/network/access/qhttpthreaddelegate.cpp
index 6e5e29d7bf..e9b3760ce5 100644
--- a/src/network/access/qhttpthreaddelegate.cpp
+++ b/src/network/access/qhttpthreaddelegate.cpp
@@ -44,6 +44,7 @@
 #include <QTimer>
 #include <QAuthenticator>
 #include <QEventLoop>
+#include <QCryptographicHash>
 
 #include "private/qhttpnetworkreply_p.h"
 #include "private/qnetworkaccesscache_p.h"
@@ -158,7 +159,10 @@ static QByteArray makeCacheKey(QUrl &url, QNetworkProxy *proxy)
         }
 
         if (!key.scheme().isEmpty()) {
+            const QByteArray obfuscatedPassword = QCryptographicHash::hash(proxy->password().toUtf8(),
+                                                                           QCryptographicHash::Sha1).toHex();
             key.setUserName(proxy->user());
+            key.setPassword(QString::fromUtf8(obfuscatedPassword));
             key.setHost(proxy->hostName());
             key.setPort(proxy->port());
             key.setQuery(result);
-- 
cgit v1.2.3