void NetworkManager::proxyAuthentication(const QString &proxyHost, QAuthenticator *auth, QWidget *parent)
{
const QNetworkProxy proxy = QNetworkProxy::applicationProxy();
if (!proxy.user().isEmpty() && !proxy.password().isEmpty()) {
auth->setUser(proxy.user());
auth->setPassword(proxy.password());
return;
}
QDialog* dialog = new QDialog(parent);
dialog->setWindowTitle(tr("Proxy authorisation required"));
QFormLayout* formLa = new QFormLayout(dialog);
QLabel* label = new QLabel(dialog);
QLabel* userLab = new QLabel(dialog);
QLabel* passLab = new QLabel(dialog);
userLab->setText(tr("Username: "******"Password: "******"A username and password are being requested by proxy %1. ").arg(proxyHost));
formLa->addRow(label);
formLa->addRow(userLab, user);
formLa->addRow(passLab, pass);
formLa->addWidget(box);
if (dialog->exec() != QDialog::Accepted) {
*auth = QAuthenticator();
delete dialog;
return;
}
auth->setUser(user->text());
auth->setPassword(pass->text());
delete dialog;
}
void QHttpSocketEngine::slotSocketReadNotification()
{
Q_D(QHttpSocketEngine);
if (d->state != Connected && d->socket->bytesAvailable() == 0)
return;
if (d->state == Connected) {
// Forward as a read notification.
if (d->readNotificationEnabled)
emitReadNotification();
return;
}
readResponseContent:
if (d->state == ReadResponseContent) {
char dummybuffer[4096];
while (d->pendingResponseData) {
int read = d->socket->read(dummybuffer, qMin(sizeof(dummybuffer), (size_t)d->pendingResponseData));
if (read >= 0)
dummybuffer[read] = 0;
if (read == 0)
return;
if (read == -1) {
d->socket->disconnectFromHost();
emitWriteNotification();
return;
}
d->pendingResponseData -= read;
}
if (d->pendingResponseData > 0)
return;
d->state = SendAuthentication;
slotSocketConnected();
return;
}
// Still in handshake mode. Wait until we've got a full response.
bool done = false;
do {
d->readBuffer += d->socket->readLine();
} while (!(done = d->readBuffer.endsWith("\r\n\r\n")) && d->socket->canReadLine());
if (!done) {
// Wait for more.
return;
}
if (!d->readBuffer.startsWith("HTTP/1.")) {
// protocol error, this isn't HTTP
d->readBuffer.clear();
d->socket->close();
setState(QAbstractSocket::UnconnectedState);
setError(QAbstractSocket::ProxyProtocolError, tr("Did not receive HTTP response from proxy"));
emitConnectionNotification();
return;
}
QHttpResponseHeader responseHeader(QString::fromLatin1(d->readBuffer));
d->readBuffer.clear(); // we parsed the proxy protocol response. from now on direct socket reading will be done
int statusCode = responseHeader.statusCode();
QAuthenticatorPrivate *priv = 0;
if (statusCode == 200) {
d->state = Connected;
setLocalAddress(d->socket->localAddress());
setLocalPort(d->socket->localPort());
setState(QAbstractSocket::ConnectedState);
d->authenticator.detach();
priv = QAuthenticatorPrivate::getPrivate(d->authenticator);
priv->hasFailed = false;
} else if (statusCode == 407) {
if (d->credentialsSent) {
//407 response again means the provided username/password were invalid.
d->authenticator = QAuthenticator(); //this is needed otherwise parseHttpResponse won't set the state, and then signal isn't emitted.
d->authenticator.detach();
priv = QAuthenticatorPrivate::getPrivate(d->authenticator);
priv->hasFailed = true;
}
else if (d->authenticator.isNull())
d->authenticator.detach();
priv = QAuthenticatorPrivate::getPrivate(d->authenticator);
priv->parseHttpResponse(responseHeader, true);
if (priv->phase == QAuthenticatorPrivate::Invalid) {
// problem parsing the reply
d->socket->close();
setState(QAbstractSocket::UnconnectedState);
setError(QAbstractSocket::ProxyProtocolError, tr("Error parsing authentication request from proxy"));
emitConnectionNotification();
return;
}
bool willClose;
QString proxyConnectionHeader = responseHeader.value(QLatin1String("Proxy-Connection"));
// Although most proxies use the unofficial Proxy-Connection header, the Connection header
// from http spec is also allowed.
if (proxyConnectionHeader.isEmpty())
proxyConnectionHeader = responseHeader.value(QLatin1String("Connection"));
proxyConnectionHeader = proxyConnectionHeader.toLower();
if (proxyConnectionHeader == QLatin1String("close")) {
willClose = true;
} else if (proxyConnectionHeader == QLatin1String("keep-alive")) {
willClose = false;
} else {
// no Proxy-Connection header, so use the default
// HTTP 1.1's default behaviour is to keep persistent connections
// HTTP 1.0 or earlier, so we expect the server to close
willClose = (responseHeader.majorVersion() * 0x100 + responseHeader.minorVersion()) <= 0x0100;
}
if (willClose) {
// the server will disconnect, so let's avoid receiving an error
// especially since the signal below may trigger a new event loop
d->socket->disconnectFromHost();
d->socket->readAll();
}
if (priv->phase == QAuthenticatorPrivate::Done)
emit proxyAuthenticationRequired(d->proxy, &d->authenticator);
// priv->phase will get reset to QAuthenticatorPrivate::Start if the authenticator got modified in the signal above.
if (priv->phase == QAuthenticatorPrivate::Done) {
setError(QAbstractSocket::ProxyAuthenticationRequiredError, tr("Authentication required"));
d->socket->disconnectFromHost();
} else {
// close the connection if it isn't already and reconnect using the chosen authentication method
d->state = SendAuthentication;
if (willClose) {
d->socket->connectToHost(d->proxy.hostName(), d->proxy.port());
} else {
bool ok;
int contentLength = responseHeader.value(QLatin1String("Content-Length")).toInt(&ok);
if (ok && contentLength > 0) {
d->state = ReadResponseContent;
d->pendingResponseData = contentLength;
goto readResponseContent;
} else {
d->state = SendAuthentication;
slotSocketConnected();
}
}
return;
}
} else {
d->socket->close();
setState(QAbstractSocket::UnconnectedState);
if (statusCode == 403 || statusCode == 405) {
// 403 Forbidden
// 405 Method Not Allowed
setError(QAbstractSocket::SocketAccessError, tr("Proxy denied connection"));
} else if (statusCode == 404) {
// 404 Not Found: host lookup error
setError(QAbstractSocket::HostNotFoundError, QAbstractSocket::tr("Host not found"));
} else if (statusCode == 503) {
// 503 Service Unavailable: Connection Refused
setError(QAbstractSocket::ConnectionRefusedError, QAbstractSocket::tr("Connection refused"));
} else {
// Some other reply
//qWarning("UNEXPECTED RESPONSE: [%s]", responseHeader.toString().toLatin1().data());
setError(QAbstractSocket::ProxyProtocolError, tr("Error communicating with HTTP proxy"));
}
}
// The handshake is done; notify that we're connected (or failed to connect)
emitConnectionNotification();
}
// handles the authentication for one channel and eventually re-starts the other channels
bool QHttpNetworkConnectionPrivate::handleAuthenticateChallenge(QAbstractSocket *socket, QHttpNetworkReply *reply,
bool isProxy, bool &resend)
{
Q_ASSERT(socket);
Q_ASSERT(reply);
resend = false;
//create the response header to be used with QAuthenticatorPrivate.
QList<QPair<QByteArray, QByteArray> > fields = reply->header();
//find out the type of authentication protocol requested.
QAuthenticatorPrivate::Method authMethod = reply->d_func()->authenticationMethod(isProxy);
if (authMethod != QAuthenticatorPrivate::None) {
int i = indexOf(socket);
//Use a single authenticator for all domains. ### change later to use domain/realm
QAuthenticator* auth = 0;
if (isProxy) {
auth = &channels[i].proxyAuthenticator;
channels[i].proxyAuthMethod = authMethod;
} else {
auth = &channels[i].authenticator;
channels[i].authMethod = authMethod;
}
//proceed with the authentication.
if (auth->isNull())
auth->detach();
QAuthenticatorPrivate *priv = QAuthenticatorPrivate::getPrivate(*auth);
priv->parseHttpResponse(fields, isProxy);
if (priv->phase == QAuthenticatorPrivate::Done) {
pauseConnection();
if (!isProxy) {
if (channels[i].authenticationCredentialsSent) {
auth->detach();
priv = QAuthenticatorPrivate::getPrivate(*auth);
priv->hasFailed = true;
priv->phase = QAuthenticatorPrivate::Done;
channels[i].authenticationCredentialsSent = false;
}
emit reply->authenticationRequired(reply->request(), auth);
#ifndef QT_NO_NETWORKPROXY
} else {
if (channels[i].proxyCredentialsSent) {
auth->detach();
priv = QAuthenticatorPrivate::getPrivate(*auth);
priv->hasFailed = true;
priv->phase = QAuthenticatorPrivate::Done;
channels[i].proxyCredentialsSent = false;
}
emit reply->proxyAuthenticationRequired(networkProxy, auth);
#endif
}
resumeConnection();
if (priv->phase != QAuthenticatorPrivate::Done) {
// send any pending requests
copyCredentials(i, auth, isProxy);
}
} else if (priv->phase == QAuthenticatorPrivate::Start) {
// If the url's authenticator has a 'user' set we will end up here (phase is only set to 'Done' by
// parseHttpResponse above if 'user' is empty). So if credentials were supplied with the request,
// such as in the case of an XMLHttpRequest, this is our only opportunity to cache them.
emit reply->cacheCredentials(reply->request(), auth);
}
// - Changing values in QAuthenticator will reset the 'phase'. Therefore if it is still "Done"
// then nothing was filled in by the user or the cache
// - If withCredentials has been set to false (e.g. by QtWebKit for a cross-origin XMLHttpRequest) then
// we need to bail out if authentication is required.
if (priv->phase == QAuthenticatorPrivate::Done || !reply->request().withCredentials()) {
// Reset authenticator so the next request on that channel does not get messed up
auth = 0;
if (isProxy)
channels[i].proxyAuthenticator = QAuthenticator();
else
channels[i].authenticator = QAuthenticator();
// authentication is cancelled, send the current contents to the user.
emit channels[i].reply->headerChanged();
emit channels[i].reply->readyRead();
QNetworkReply::NetworkError errorCode =
isProxy
? QNetworkReply::ProxyAuthenticationRequiredError
: QNetworkReply::AuthenticationRequiredError;
reply->d_func()->errorString = errorDetail(errorCode, socket);
emit reply->finishedWithError(errorCode, reply->d_func()->errorString);
// ### at this point the reply could be deleted
return true;
}
//resend the request
resend = true;
return true;
}
return false;
}
void NetworkManager::authentication(const QUrl &url, QAuthenticator *auth, QWidget *parent)
{
QDialog* dialog = new QDialog(parent);
dialog->setWindowTitle(tr("Authorisation required"));
QFormLayout* formLa = new QFormLayout(dialog);
QLabel* label = new QLabel(dialog);
QLabel* userLab = new QLabel(dialog);
QLabel* passLab = new QLabel(dialog);
userLab->setText(tr("Username: "******"Password: "******"Save username and password for this site"));
QDialogButtonBox* box = new QDialogButtonBox(dialog);
box->addButton(QDialogButtonBox::Ok);
box->addButton(QDialogButtonBox::Cancel);
connect(box, SIGNAL(rejected()), dialog, SLOT(reject()));
connect(box, SIGNAL(accepted()), dialog, SLOT(accept()));
label->setText(tr("A username and password are being requested by %1. "
"The site says: \"%2\"").arg(url.host(), auth->realm().toHtmlEscaped()));
formLa->addRow(label);
formLa->addRow(userLab, user);
formLa->addRow(passLab, pass);
formLa->addRow(save);
formLa->addWidget(box);
AutoFill* fill = mApp->autoFill();
QString storedUser;
QString storedPassword;
bool shouldUpdateEntry = false;
if (fill->isStored(url)) {
const QVector<PasswordEntry> &data = fill->getFormData(url);
if (!data.isEmpty()) {
save->setChecked(true);
shouldUpdateEntry = true;
storedUser = data.at(0).username;
storedPassword = data.at(0).password;
user->setText(storedUser);
pass->setText(storedPassword);
}
}
// Do not save when private browsing is enabled
if (mApp->isPrivate()) {
save->setVisible(false);
}
if (dialog->exec() != QDialog::Accepted) {
*auth = QAuthenticator();
delete dialog;
return;
}
auth->setUser(user->text());
auth->setPassword(pass->text());
if (save->isChecked()) {
if (shouldUpdateEntry) {
if (storedUser != user->text() || storedPassword != pass->text()) {
fill->updateEntry(url, user->text(), pass->text());
}
}
else {
fill->addEntry(url, user->text(), pass->text());
}
}
delete dialog;
}
void QHttpSocketEngine::slotSocketReadNotification()
{
Q_D(QHttpSocketEngine);
if (d->state != Connected && d->socket->bytesAvailable() == 0)
return;
if (d->state == Connected) {
// Forward as a read notification.
if (d->readNotificationEnabled)
emitReadNotification();
return;
}
if (d->state == ConnectSent) {
d->reply->d_func()->state = QHttpNetworkReplyPrivate::NothingDoneState;
d->state = ReadResponseHeader;
}
if (d->state == ReadResponseHeader) {
bool ok = readHttpHeader();
if (!ok) {
// protocol error, this isn't HTTP
d->socket->close();
setState(QAbstractSocket::UnconnectedState);
setError(QAbstractSocket::ProxyProtocolError, tr("Did not receive HTTP response from proxy"));
emitConnectionNotification();
return;
}
if (d->state == ReadResponseHeader)
return; // readHttpHeader() was not done yet, need to wait for more header data
}
if (d->state == ReadResponseContent) {
char dummybuffer[4096];
while (d->pendingResponseData) {
int read = d->socket->read(dummybuffer, qMin(sizeof(dummybuffer), (size_t)d->pendingResponseData));
if (read == 0)
return;
if (read == -1) {
d->socket->disconnectFromHost();
emitWriteNotification();
return;
}
d->pendingResponseData -= read;
}
if (d->pendingResponseData > 0)
return;
if (d->reply->d_func()->statusCode == 407)
d->state = SendAuthentication;
}
int statusCode = d->reply->statusCode();
QAuthenticatorPrivate *priv = 0;
if (statusCode == 200) {
d->state = Connected;
setLocalAddress(d->socket->localAddress());
setLocalPort(d->socket->localPort());
setState(QAbstractSocket::ConnectedState);
d->authenticator.detach();
priv = QAuthenticatorPrivate::getPrivate(d->authenticator);
priv->hasFailed = false;
} else if (statusCode == 407) {
if (d->authenticator.isNull())
d->authenticator.detach();
priv = QAuthenticatorPrivate::getPrivate(d->authenticator);
if (d->credentialsSent && priv->phase != QAuthenticatorPrivate::Phase2) {
// Remember that (e.g.) NTLM is two-phase, so only reset when the authentication is not currently in progress.
//407 response again means the provided username/password were invalid.
d->authenticator = QAuthenticator(); //this is needed otherwise parseHttpResponse won't set the state, and then signal isn't emitted.
d->authenticator.detach();
priv = QAuthenticatorPrivate::getPrivate(d->authenticator);
priv->hasFailed = true;
}
priv->parseHttpResponse(d->reply->header(), true);
if (priv->phase == QAuthenticatorPrivate::Invalid) {
// problem parsing the reply
d->socket->close();
setState(QAbstractSocket::UnconnectedState);
setError(QAbstractSocket::ProxyProtocolError, tr("Error parsing authentication request from proxy"));
emitConnectionNotification();
return;
}
bool willClose;
QByteArray proxyConnectionHeader = d->reply->headerField("Proxy-Connection");
// Although most proxies use the unofficial Proxy-Connection header, the Connection header
// from http spec is also allowed.
if (proxyConnectionHeader.isEmpty())
proxyConnectionHeader = d->reply->headerField("Connection");
proxyConnectionHeader = proxyConnectionHeader.toLower();
if (proxyConnectionHeader == "close") {
willClose = true;
} else if (proxyConnectionHeader == "keep-alive") {
willClose = false;
} else {
// no Proxy-Connection header, so use the default
// HTTP 1.1's default behaviour is to keep persistent connections
// HTTP 1.0 or earlier, so we expect the server to close
willClose = (d->reply->majorVersion() * 0x100 + d->reply->minorVersion()) <= 0x0100;
}
if (willClose) {
// the server will disconnect, so let's avoid receiving an error
// especially since the signal below may trigger a new event loop
d->socket->disconnectFromHost();
d->socket->readAll();
//We're done with the reply and need to reset it for the next connection
delete d->reply;
d->reply = new QHttpNetworkReply;
}
if (priv->phase == QAuthenticatorPrivate::Done)
emit proxyAuthenticationRequired(d->proxy, &d->authenticator);
// priv->phase will get reset to QAuthenticatorPrivate::Start if the authenticator got modified in the signal above.
if (priv->phase == QAuthenticatorPrivate::Done) {
setError(QAbstractSocket::ProxyAuthenticationRequiredError, tr("Authentication required"));
d->socket->disconnectFromHost();
} else {
// close the connection if it isn't already and reconnect using the chosen authentication method
d->state = SendAuthentication;
if (willClose) {
d->socket->connectToHost(d->proxy.hostName(), d->proxy.port());
} else {
// send the HTTP CONNECT again
slotSocketConnected();
}
return;
}
} else {
d->socket->close();
setState(QAbstractSocket::UnconnectedState);
if (statusCode == 403 || statusCode == 405) {
// 403 Forbidden
// 405 Method Not Allowed
setError(QAbstractSocket::SocketAccessError, tr("Proxy denied connection"));
} else if (statusCode == 404) {
// 404 Not Found: host lookup error
setError(QAbstractSocket::HostNotFoundError, QAbstractSocket::tr("Host not found"));
} else if (statusCode == 503) {
// 503 Service Unavailable: Connection Refused
setError(QAbstractSocket::ConnectionRefusedError, QAbstractSocket::tr("Connection refused"));
} else {
// Some other reply
//qWarning("UNEXPECTED RESPONSE: [%s]", responseHeader.toString().toLatin1().data());
setError(QAbstractSocket::ProxyProtocolError, tr("Error communicating with HTTP proxy"));
}
}
// The handshake is done; notify that we're connected (or failed to connect)
emitConnectionNotification();
}
