Fix use of empty credentials for HTTP and proxy authentication

Empty user and password fields are valid for HTTP and proxy authentication. Thus it does not mean that the authentication is cancelled. For informing the engine about the cancellation of the authentication dialog make QAuthenticator instance null. Change-Id: Iba1ce9d375b9b37c23f7a91fb583606d75d04af5 Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>
author: Peter Varga <pvarga@inf.u-szeged.hu> 2015-08-11 17:02:17 +0200
committer: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> 2015-09-01 11:56:02 +0000
commit: f55163c647e622a47bb52d8f9e96833f2a640960 (patch)
tree: 970545a69cec7135435feeccd97c18baa407962e
parent: d75f57fc4290e769d3f159e7fc464a6c28b867b3 (diff)
6 files changed, 17 insertions, 6 deletions
diff --git a/examples/webenginewidgets/browser/webview.cpp b/examples/webenginewidgets/browser/webview.cpp
index 00ec40874..d56ab8025 100644
--- a/examples/webenginewidgets/browser/webview.cpp
+++ b/examples/webenginewidgets/browser/webview.cpp
@@ -273,6 +273,9 @@ void WebPage::authenticationRequired(const QUrl &requestUrl, QAuthenticator *aut
     if (dialog.exec() == QDialog::Accepted) {
         auth->setUser(passwordDialog.userNameLineEdit->text());
         auth->setPassword(passwordDialog.passwordLineEdit->text());
+    } else {
+        // Set authenticator null if dialog is cancelled
+        *auth = QAuthenticator();
     }
 }
 
@@ -298,6 +301,9 @@ void WebPage::proxyAuthenticationRequired(const QUrl &requestUrl, QAuthenticator
     if (dialog.exec() == QDialog::Accepted) {
         auth->setUser(proxyDialog.userNameLineEdit->text());
         auth->setPassword(proxyDialog.passwordLineEdit->text());
+    } else {
+        // Set authenticator null if dialog is cancelled
+        *auth = QAuthenticator();
     }
 }
 
diff --git a/src/core/resource_dispatcher_host_delegate_qt.cpp b/src/core/resource_dispatcher_host_delegate_qt.cpp
index faed58954..43d3d98ef 100644
--- a/src/core/resource_dispatcher_host_delegate_qt.cpp
+++ b/src/core/resource_dispatcher_host_delegate_qt.cpp
@@ -90,9 +90,8 @@ void ResourceDispatcherHostLoginDelegateQt::triggerDialog()
     // to avoid crashing in the OnRequestCancelled case if we want to allow the credentials to
     // come back asynchronously in the QtQuick API.
     QString user, password;
-    client->authenticationRequired(m_url , m_realm , m_isProxy , m_host, &user, &password);
+    bool success = client->authenticationRequired(m_url , m_realm , m_isProxy , m_host, &user, &password);
 
-    bool success = !user.isEmpty() || !password.isEmpty();
     content::BrowserThread::PostTask(
         content::BrowserThread::IO, FROM_HERE,
         base::Bind(&ResourceDispatcherHostLoginDelegateQt::sendAuthToRequester, this, success, user, password));
diff --git a/src/core/web_contents_adapter_client.h b/src/core/web_contents_adapter_client.h
index 86b5d1b79..7a99b6ad4 100644
--- a/src/core/web_contents_adapter_client.h
+++ b/src/core/web_contents_adapter_client.h
@@ -216,7 +216,7 @@ public:
     virtual QObject *accessibilityParentObject() = 0;
 #endif // QT_NO_ACCESSIBILITY
     virtual void javaScriptConsoleMessage(JavaScriptConsoleMessageLevel level, const QString& message, int lineNumber, const QString& sourceID) = 0;
-    virtual void authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword) = 0;
+    virtual bool authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword) = 0;
     virtual void runGeolocationPermissionRequest(const QUrl &securityOrigin) = 0;
     virtual void runMediaAccessPermissionRequest(const QUrl &securityOrigin, MediaRequestFlags requestFlags) = 0;
     virtual void runMouseLockPermissionRequest(const QUrl &securityOrigin) = 0;
diff --git a/src/webengine/api/qquickwebengineview_p_p.h b/src/webengine/api/qquickwebengineview_p_p.h
index dd03aaeb4..71528c020 100644
--- a/src/webengine/api/qquickwebengineview_p_p.h
+++ b/src/webengine/api/qquickwebengineview_p_p.h
@@ -155,7 +155,7 @@ public:
     virtual void didFindText(quint64, int) Q_DECL_OVERRIDE;
     virtual void passOnFocus(bool reverse) Q_DECL_OVERRIDE;
     virtual void javaScriptConsoleMessage(JavaScriptConsoleMessageLevel level, const QString& message, int lineNumber, const QString& sourceID) Q_DECL_OVERRIDE;
-    virtual void authenticationRequired(const QUrl&, const QString&, bool, const QString&, QString*, QString*) Q_DECL_OVERRIDE { }
+    virtual bool authenticationRequired(const QUrl&, const QString&, bool, const QString&, QString*, QString*) Q_DECL_OVERRIDE { return false; }
     virtual void runMediaAccessPermissionRequest(const QUrl &securityOrigin, MediaRequestFlags requestFlags) Q_DECL_OVERRIDE;
     virtual void runMouseLockPermissionRequest(const QUrl &securityOrigin) Q_DECL_OVERRIDE;
 #ifndef QT_NO_ACCESSIBILITY
diff --git a/src/webenginewidgets/api/qwebenginepage.cpp b/src/webenginewidgets/api/qwebenginepage.cpp
index 503ba87d4..a4cc0ac12 100644
--- a/src/webenginewidgets/api/qwebenginepage.cpp
+++ b/src/webenginewidgets/api/qwebenginepage.cpp
@@ -249,7 +249,7 @@ void QWebEnginePagePrivate::passOnFocus(bool reverse)
         view->focusNextPrevChild(!reverse);
 }
 
-void QWebEnginePagePrivate::authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword)
+bool QWebEnginePagePrivate::authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword)
 {
     Q_Q(QWebEnginePage);
     QAuthenticator networkAuth;
@@ -259,8 +259,14 @@ void QWebEnginePagePrivate::authenticationRequired(const QUrl &requestUrl, const
         Q_EMIT q->proxyAuthenticationRequired(requestUrl, &networkAuth, challengingHost);
     else
         Q_EMIT q->authenticationRequired(requestUrl, &networkAuth);
+
+    // Authentication has been cancelled
+    if (networkAuth.isNull())
+        return false;
+
     *outUser = networkAuth.user();
     *outPassword = networkAuth.password();
+    return true;
 }
 
 void QWebEnginePagePrivate::runMediaAccessPermissionRequest(const QUrl &securityOrigin, WebContentsAdapterClient::MediaRequestFlags requestFlags)
diff --git a/src/webenginewidgets/api/qwebenginepage_p.h b/src/webenginewidgets/api/qwebenginepage_p.h
index 84974d6a7..1d2bc0344 100644
--- a/src/webenginewidgets/api/qwebenginepage_p.h
+++ b/src/webenginewidgets/api/qwebenginepage_p.h
@@ -107,7 +107,7 @@ public:
     virtual void didFindText(quint64 requestId, int matchCount) Q_DECL_OVERRIDE;
     virtual void passOnFocus(bool reverse) Q_DECL_OVERRIDE;
     virtual void javaScriptConsoleMessage(JavaScriptConsoleMessageLevel level, const QString& message, int lineNumber, const QString& sourceID) Q_DECL_OVERRIDE;
-    virtual void authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword) Q_DECL_OVERRIDE;
+    virtual bool authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword) Q_DECL_OVERRIDE;
     virtual void runMediaAccessPermissionRequest(const QUrl &securityOrigin, MediaRequestFlags requestFlags) Q_DECL_OVERRIDE;
     virtual void runGeolocationPermissionRequest(const QUrl &securityOrigin) Q_DECL_OVERRIDE;
     virtual void runMouseLockPermissionRequest(const QUrl &securityOrigin) Q_DECL_OVERRIDE;
author	Peter Varga <pvarga@inf.u-szeged.hu>	2015-08-11 17:02:17 +0200
committer	Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>	2015-09-01 11:56:02 +0000
commit	f55163c647e622a47bb52d8f9e96833f2a640960 (patch)
tree	970545a69cec7135435feeccd97c18baa407962e
parent	d75f57fc4290e769d3f159e7fc464a6c28b867b3 (diff)