1 | // Copyright (C) 2016 The Qt Company Ltd. |
2 | // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only |
3 | |
4 | #include "qnetworkaccessauthenticationmanager_p.h" |
5 | #include "qnetworkaccessmanager.h" |
6 | #include "qnetworkaccessmanager_p.h" |
7 | |
8 | #include "QtCore/qbuffer.h" |
9 | #include "QtCore/qlist.h" |
10 | #include "QtCore/qurl.h" |
11 | #include "QtCore/QMutexLocker" |
12 | #include "QtNetwork/qauthenticator.h" |
13 | |
14 | #include <algorithm> |
15 | |
16 | QT_BEGIN_NAMESPACE |
17 | |
18 | using namespace Qt::StringLiterals; |
19 | |
20 | class QNetworkAuthenticationCache : private QList<QNetworkAuthenticationCredential>, |
21 | public QNetworkAccessCache::CacheableObject |
22 | { |
23 | public: |
24 | QNetworkAuthenticationCache() |
25 | : CacheableObject(Option::Shareable) |
26 | { |
27 | reserve(asize: 1); |
28 | } |
29 | |
30 | using QList<QNetworkAuthenticationCredential>::begin; |
31 | using QList<QNetworkAuthenticationCredential>::end; |
32 | |
33 | iterator findClosestMatch(const QString &domain) |
34 | { |
35 | iterator it = std::lower_bound(first: begin(), last: end(), val: domain); |
36 | if (it == end() && !isEmpty()) |
37 | --it; |
38 | if (it == end() || !domain.startsWith(s: it->domain)) |
39 | return end(); |
40 | return it; |
41 | } |
42 | |
43 | void insert(const QString &domain, const QString &user, const QString &password) |
44 | { |
45 | iterator closestMatch = findClosestMatch(domain); |
46 | if (closestMatch != end() && closestMatch->domain == domain) { |
47 | // we're overriding the current credentials |
48 | closestMatch->user = user; |
49 | closestMatch->password = password; |
50 | } else { |
51 | QNetworkAuthenticationCredential newCredential; |
52 | newCredential.domain = domain; |
53 | newCredential.user = user; |
54 | newCredential.password = password; |
55 | |
56 | if (closestMatch != end()) |
57 | QList<QNetworkAuthenticationCredential>::insert(before: ++closestMatch, t: newCredential); |
58 | else |
59 | QList<QNetworkAuthenticationCredential>::insert(before: end(), t: newCredential); |
60 | } |
61 | } |
62 | |
63 | virtual void dispose() override { delete this; } |
64 | }; |
65 | |
66 | #ifndef QT_NO_NETWORKPROXY |
67 | static QByteArray proxyAuthenticationKey(const QNetworkProxy &proxy, const QString &realm) |
68 | { |
69 | QUrl key; |
70 | |
71 | switch (proxy.type()) { |
72 | case QNetworkProxy::Socks5Proxy: |
73 | key.setScheme("proxy-socks5"_L1 ); |
74 | break; |
75 | |
76 | case QNetworkProxy::HttpProxy: |
77 | case QNetworkProxy::HttpCachingProxy: |
78 | key.setScheme("proxy-http"_L1 ); |
79 | break; |
80 | |
81 | case QNetworkProxy::FtpCachingProxy: |
82 | key.setScheme("proxy-ftp"_L1 ); |
83 | break; |
84 | |
85 | case QNetworkProxy::DefaultProxy: |
86 | case QNetworkProxy::NoProxy: |
87 | // shouldn't happen |
88 | return QByteArray(); |
89 | |
90 | // no default: |
91 | // let there be errors if a new proxy type is added in the future |
92 | } |
93 | |
94 | if (key.scheme().isEmpty()) |
95 | // proxy type not handled |
96 | return QByteArray(); |
97 | |
98 | key.setUserName(userName: proxy.user()); |
99 | key.setHost(host: proxy.hostName()); |
100 | key.setPort(proxy.port()); |
101 | key.setFragment(fragment: realm); |
102 | return "auth:" + key.toEncoded(); |
103 | } |
104 | #endif |
105 | |
106 | static inline QByteArray authenticationKey(const QUrl &url, const QString &realm) |
107 | { |
108 | QUrl copy = url; |
109 | copy.setFragment(fragment: realm); |
110 | return "auth:" + copy.toEncoded(options: QUrl::RemovePassword | QUrl::RemovePath | QUrl::RemoveQuery); |
111 | } |
112 | |
113 | |
114 | #ifndef QT_NO_NETWORKPROXY |
115 | void QNetworkAccessAuthenticationManager::cacheProxyCredentials(const QNetworkProxy &p, |
116 | const QAuthenticator *authenticator) |
117 | { |
118 | Q_ASSERT(authenticator); |
119 | Q_ASSERT(p.type() != QNetworkProxy::DefaultProxy); |
120 | Q_ASSERT(p.type() != QNetworkProxy::NoProxy); |
121 | |
122 | QMutexLocker mutexLocker(&mutex); |
123 | |
124 | QString realm = authenticator->realm(); |
125 | QNetworkProxy proxy = p; |
126 | proxy.setUser(authenticator->user()); |
127 | |
128 | // don't cache null passwords, empty password may be valid though |
129 | if (authenticator->password().isNull()) |
130 | return; |
131 | |
132 | // Set two credentials: one with the username and one without |
133 | do { |
134 | // Set two credentials actually: one with and one without the realm |
135 | do { |
136 | QByteArray cacheKey = proxyAuthenticationKey(proxy, realm); |
137 | if (cacheKey.isEmpty()) |
138 | return; // should not happen |
139 | |
140 | QNetworkAuthenticationCache *auth = new QNetworkAuthenticationCache; |
141 | auth->insert(domain: QString(), user: authenticator->user(), password: authenticator->password()); |
142 | authenticationCache.addEntry(key: cacheKey, entry: auth); // replace the existing one, if there's any |
143 | |
144 | if (realm.isEmpty()) { |
145 | break; |
146 | } else { |
147 | realm.clear(); |
148 | } |
149 | } while (true); |
150 | |
151 | if (proxy.user().isEmpty()) |
152 | break; |
153 | else |
154 | proxy.setUser(QString()); |
155 | } while (true); |
156 | } |
157 | |
158 | QNetworkAuthenticationCredential |
159 | QNetworkAccessAuthenticationManager::fetchCachedProxyCredentials(const QNetworkProxy &p, |
160 | const QAuthenticator *authenticator) |
161 | { |
162 | QNetworkProxy proxy = p; |
163 | if (proxy.type() == QNetworkProxy::DefaultProxy) { |
164 | proxy = QNetworkProxy::applicationProxy(); |
165 | } |
166 | if (!proxy.password().isEmpty()) |
167 | return QNetworkAuthenticationCredential(); // no need to set credentials if it already has them |
168 | |
169 | QString realm; |
170 | if (authenticator) |
171 | realm = authenticator->realm(); |
172 | |
173 | QMutexLocker mutexLocker(&mutex); |
174 | QByteArray cacheKey = proxyAuthenticationKey(proxy, realm); |
175 | if (cacheKey.isEmpty()) |
176 | return QNetworkAuthenticationCredential(); |
177 | if (!authenticationCache.hasEntry(key: cacheKey)) |
178 | return QNetworkAuthenticationCredential(); |
179 | |
180 | QNetworkAuthenticationCache *auth = |
181 | static_cast<QNetworkAuthenticationCache *>(authenticationCache.requestEntryNow(key: cacheKey)); |
182 | QNetworkAuthenticationCredential cred = *auth->findClosestMatch(domain: QString()); |
183 | authenticationCache.releaseEntry(key: cacheKey); |
184 | |
185 | // proxy cache credentials always have exactly one item |
186 | Q_ASSERT_X(!cred.isNull(), "QNetworkAccessManager" , |
187 | "Internal inconsistency: found a cache key for a proxy, but it's empty" ); |
188 | return cred; |
189 | } |
190 | |
191 | #endif |
192 | |
193 | void QNetworkAccessAuthenticationManager::cacheCredentials(const QUrl &url, |
194 | const QAuthenticator *authenticator) |
195 | { |
196 | Q_ASSERT(authenticator); |
197 | if (authenticator->isNull()) |
198 | return; |
199 | QString domain = QString::fromLatin1(ba: "/" ); // FIXME: make QAuthenticator return the domain |
200 | QString realm = authenticator->realm(); |
201 | |
202 | QMutexLocker mutexLocker(&mutex); |
203 | |
204 | // Set two credentials actually: one with and one without the username in the URL |
205 | QUrl copy = url; |
206 | copy.setUserName(userName: authenticator->user()); |
207 | do { |
208 | QByteArray cacheKey = authenticationKey(url: copy, realm); |
209 | if (authenticationCache.hasEntry(key: cacheKey)) { |
210 | QNetworkAuthenticationCache *auth = |
211 | static_cast<QNetworkAuthenticationCache *>(authenticationCache.requestEntryNow(key: cacheKey)); |
212 | auth->insert(domain, user: authenticator->user(), password: authenticator->password()); |
213 | authenticationCache.releaseEntry(key: cacheKey); |
214 | } else { |
215 | QNetworkAuthenticationCache *auth = new QNetworkAuthenticationCache; |
216 | auth->insert(domain, user: authenticator->user(), password: authenticator->password()); |
217 | authenticationCache.addEntry(key: cacheKey, entry: auth); |
218 | } |
219 | |
220 | if (copy.userName().isEmpty()) { |
221 | break; |
222 | } else { |
223 | copy.setUserName(userName: QString()); |
224 | } |
225 | } while (true); |
226 | } |
227 | |
228 | /*! |
229 | Fetch the credential data from the credential cache. |
230 | |
231 | If auth is 0 (as it is when called from createRequest()), this will try to |
232 | look up with an empty realm. That fails in most cases for HTTP (because the |
233 | realm is seldom empty for HTTP challenges). In any case, QHttpNetworkConnection |
234 | never sends the credentials on the first attempt: it needs to find out what |
235 | authentication methods the server supports. |
236 | |
237 | For FTP, realm is always empty. |
238 | */ |
239 | QNetworkAuthenticationCredential |
240 | QNetworkAccessAuthenticationManager::fetchCachedCredentials(const QUrl &url, |
241 | const QAuthenticator *authentication) |
242 | { |
243 | if (!url.password().isEmpty()) |
244 | return QNetworkAuthenticationCredential(); // no need to set credentials if it already has them |
245 | |
246 | QString realm; |
247 | if (authentication) |
248 | realm = authentication->realm(); |
249 | |
250 | QByteArray cacheKey = authenticationKey(url, realm); |
251 | |
252 | QMutexLocker mutexLocker(&mutex); |
253 | if (!authenticationCache.hasEntry(key: cacheKey)) |
254 | return QNetworkAuthenticationCredential(); |
255 | |
256 | QNetworkAuthenticationCache *auth = |
257 | static_cast<QNetworkAuthenticationCache *>(authenticationCache.requestEntryNow(key: cacheKey)); |
258 | auto cred = auth->findClosestMatch(domain: url.path()); |
259 | QNetworkAuthenticationCredential ret; |
260 | if (cred != auth->end()) |
261 | ret = *cred; |
262 | authenticationCache.releaseEntry(key: cacheKey); |
263 | return ret; |
264 | } |
265 | |
266 | void QNetworkAccessAuthenticationManager::clearCache() |
267 | { |
268 | authenticationCache.clear(); |
269 | } |
270 | |
271 | QT_END_NAMESPACE |
272 | |
273 | |