Fix hang when WMS credentials requested

nyalldawson · nyalldawson · commit c9e761649820 · 2019-02-03T13:02:18.000+11:00
Remove responsibility for credentials mutex locking from external callers and handle appropriate locks internally. This allows the mutex lock to be much "tighter" and avoids deadlocks when credentials are requested while an existing credentials dialog is being shown. (No mutex is required protecting the credentials dialog itself as this is ALWAYS shown in the main thread) Fixes #20826
diff --git a/python/core/auto_generated/qgscredentials.sip.in b/python/core/auto_generated/qgscredentials.sip.in
@@ -41,27 +41,27 @@ signal destroyed() to be notified of the deletion
 retrieves instance
 %End
 
-    void lock();
+ void lock() /Deprecated/;
 %Docstring
 Lock the instance against access from multiple threads. This does not really lock access to get/put methds,
 it will just prevent other threads to lock the instance and continue the execution. When the class is used
 from non-GUI threads, they should call lock() before the get/put calls to avoid race conditions.
 
-.. versionadded:: 2.4
+.. deprecated:: since QGIS 3.4 - mutex locking is automatically handled
 %End
 
-    void unlock();
+ void unlock() /Deprecated/;
 %Docstring
 Unlock the instance after being locked.
 
-.. versionadded:: 2.4
+.. deprecated:: since QGIS 3.4 - mutex locking is automatically handled
 %End
 
-    QMutex *mutex();
+ QMutex *mutex() /Deprecated/;
 %Docstring
 Returns pointer to mutex
 
-.. versionadded:: 2.4
+.. deprecated:: since QGIS 3.4 - mutex locking is automatically handled
 %End
 
   protected:
diff --git a/src/app/qgisapp.cpp b/src/app/qgisapp.cpp
@@ -1589,10 +1589,6 @@ QgisApp::~QgisApp()
   qDeleteAll( mCustomDropHandlers );
   qDeleteAll( mCustomLayoutDropHandlers );
 
-  // replace gui based network access managers with failing only ones
-  QgsNetworkAccessManager::instance()->setSslErrorHandler( qgis::make_unique< QgsSslErrorHandler >() );
-  QgsNetworkAccessManager::instance()->setAuthHandler( qgis::make_unique< QgsNetworkAuthenticationHandler >() );
-
   const QList<QgsMapCanvas *> canvases = mapCanvases();
   for ( QgsMapCanvas *canvas : canvases )
   {
@@ -13978,7 +13974,6 @@ void QgisApp::namProxyAuthenticationRequired( const QNetworkProxy &proxy, QAuthe
     bool ok;
 
     {
-      QMutexLocker lock( QgsCredentials::instance()->mutex() );
       ok = QgsCredentials::instance()->get(
              QStringLiteral( "proxy %1:%2 [%3]" ).arg( proxy.hostName() ).arg( proxy.port() ).arg( auth->realm() ),
              username, password,
@@ -13992,15 +13987,13 @@ void QgisApp::namProxyAuthenticationRequired( const QNetworkProxy &proxy, QAuthe
 
     // credentials didn't change - stored ones probably wrong? clear password and retry
     {
-      QMutexLocker lock( QgsCredentials::instance()->mutex() );
       QgsCredentials::instance()->put(
         QStringLiteral( "proxy %1:%2 [%3]" ).arg( proxy.hostName() ).arg( proxy.port() ).arg( auth->realm() ),
         username, QString() );
     }
   }
 
   {
-    QMutexLocker lock( QgsCredentials::instance()->mutex() );
     QgsCredentials::instance()->put(
       QStringLiteral( "proxy %1:%2 [%3]" ).arg( proxy.hostName() ).arg( proxy.port() ).arg( auth->realm() ),
       username, password
diff --git a/src/app/qgsappauthrequesthandler.cpp b/src/app/qgsappauthrequesthandler.cpp
@@ -44,39 +44,28 @@ void QgsAppAuthRequestHandler::handleAuthRequest( QNetworkReply *reply, QAuthent
 
   for ( ;; )
   {
-    bool ok;
-
-    {
-      QMutexLocker lock( QgsCredentials::instance()->mutex() );
-      ok = QgsCredentials::instance()->get(
-             QStringLiteral( "%1 at %2" ).arg( auth->realm(), reply->url().host() ),
-             username, password,
-             QObject::tr( "Authentication required" ) );
-    }
+    bool ok = QgsCredentials::instance()->get(
+                QStringLiteral( "%1 at %2" ).arg( auth->realm(), reply->url().host() ),
+                username, password,
+                QObject::tr( "Authentication required" ) );
     if ( !ok )
       return;
 
     if ( auth->user() != username || ( password != auth->password() && !password.isNull() ) )
       break;
 
     // credentials didn't change - stored ones probably wrong? clear password and retry
-    {
-      QMutexLocker lock( QgsCredentials::instance()->mutex() );
-      QgsCredentials::instance()->put(
-        QStringLiteral( "%1 at %2" ).arg( auth->realm(), reply->url().host() ),
-        username, QString() );
-    }
-  }
-
-  // save credentials
-  {
-    QMutexLocker lock( QgsCredentials::instance()->mutex() );
     QgsCredentials::instance()->put(
       QStringLiteral( "%1 at %2" ).arg( auth->realm(), reply->url().host() ),
-      username, password
-    );
+      username, QString() );
   }
 
+  // save credentials
+  QgsCredentials::instance()->put(
+    QStringLiteral( "%1 at %2" ).arg( auth->realm(), reply->url().host() ),
+    username, password
+  );
+
   auth->setUser( username );
   auth->setPassword( password );
 }
diff --git a/src/core/auth/qgsauthmanager.cpp b/src/core/auth/qgsauthmanager.cpp
@@ -3193,10 +3193,8 @@ bool QgsAuthManager::masterPasswordInput()
   if ( ! ok )
   {
     QgsCredentials *creds = QgsCredentials::instance();
-    creds->lock();
     pass.clear();
     ok = creds->getMasterPassword( pass, masterPasswordHashInDatabase() );
-    creds->unlock();
   }
 
   if ( ok && !pass.isEmpty() && mMasterPass != pass )
diff --git a/src/core/qgscredentials.cpp b/src/core/qgscredentials.cpp
@@ -40,16 +40,19 @@ QgsCredentials *QgsCredentials::instance()
 
 bool QgsCredentials::get( const QString &realm, QString &username, QString &password, const QString &message )
 {
+  QMutexLocker locker( &mMutex );
   if ( mCredentialCache.contains( realm ) )
   {
     QPair<QString, QString> credentials = mCredentialCache.take( realm );
+    locker.unlock();
     username = credentials.first;
     password = credentials.second;
     QgsDebugMsg( QStringLiteral( "retrieved realm:%1 username:%2 password:%3" ).arg( realm, username, password ) );
 
     if ( !password.isNull() )
       return true;
   }
+  locker.unlock();
 
   if ( request( realm, username, password, message ) )
   {
@@ -66,6 +69,7 @@ bool QgsCredentials::get( const QString &realm, QString &username, QString &pass
 void QgsCredentials::put( const QString &realm, const QString &username, const QString &password )
 {
   QgsDebugMsg( QStringLiteral( "inserting realm:%1 username:%2 password:%3" ).arg( realm, username, password ) );
+  QMutexLocker locker( &mMutex );
   mCredentialCache.insert( realm, QPair<QString, QString>( username, password ) );
 }
 
diff --git a/src/core/qgscredentials.h b/src/core/qgscredentials.h
@@ -59,21 +59,25 @@ class CORE_EXPORT QgsCredentials
      * Lock the instance against access from multiple threads. This does not really lock access to get/put methds,
      * it will just prevent other threads to lock the instance and continue the execution. When the class is used
      * from non-GUI threads, they should call lock() before the get/put calls to avoid race conditions.
-     * \since QGIS 2.4
+     *
+     * \deprecated since QGIS 3.4 - mutex locking is automatically handled
      */
-    void lock();
+    Q_DECL_DEPRECATED void lock() SIP_DEPRECATED;
 
     /**
      * Unlock the instance after being locked.
-     * \since QGIS 2.4
+     * \deprecated since QGIS 3.4 - mutex locking is automatically handled
      */
-    void unlock();
+    Q_DECL_DEPRECATED void unlock() SIP_DEPRECATED;
 
     /**
      * Returns pointer to mutex
-     * \since QGIS 2.4
+     * \deprecated since QGIS 3.4 - mutex locking is automatically handled
      */
-    QMutex *mutex() { return &mMutex; }
+    Q_DECL_DEPRECATED QMutex *mutex() SIP_DEPRECATED
+    {
+      return &mMutex;
+    }
 
   protected:
 
diff --git a/src/providers/db2/qgsdb2provider.cpp b/src/providers/db2/qgsdb2provider.cpp
@@ -235,7 +235,6 @@ QSqlDatabase QgsDb2Provider::getDatabase( const QString &connInfo, QString &errM
   db.setPort( port.toInt() );
   bool connected = false;
   int i = 0;
-  QgsCredentials::instance()->lock();
   while ( !connected && i < 3 )
   {
     i++;
@@ -249,7 +248,6 @@ QSqlDatabase QgsDb2Provider::getDatabase( const QString &connInfo, QString &errM
       {
         errMsg = QStringLiteral( "Cancel clicked" );
         QgsDebugMsg( errMsg );
-        QgsCredentials::instance()->unlock();
         break;
       }
     }
@@ -291,7 +289,6 @@ QSqlDatabase QgsDb2Provider::getDatabase( const QString &connInfo, QString &errM
   {
     QgsCredentials::instance()->put( databaseName, userName, password );
   }
-  QgsCredentials::instance()->unlock();
 
   return db;
 }
diff --git a/src/providers/oracle/qgsoracleconn.cpp b/src/providers/oracle/qgsoracleconn.cpp
@@ -96,8 +96,6 @@ QgsOracleConn::QgsOracleConn( QgsDataSourceUri uri )
   QgsDebugMsg( QStringLiteral( "Connecting with options: " ) + options );
   if ( !mDatabase.open() )
   {
-    QgsCredentials::instance()->lock();
-
     while ( !mDatabase.open() )
     {
       bool ok = QgsCredentials::instance()->get( realm, username, password, mDatabase.lastError().text() );
@@ -127,8 +125,6 @@ QgsOracleConn::QgsOracleConn( QgsDataSourceUri uri )
 
     if ( mDatabase.isOpen() )
       QgsCredentials::instance()->put( realm, username, password );
-
-    QgsCredentials::instance()->unlock();
   }
 
   if ( !mDatabase.isOpen() )
diff --git a/src/providers/postgres/qgspostgresconn.cpp b/src/providers/postgres/qgspostgresconn.cpp
@@ -272,8 +272,6 @@ QgsPostgresConn::QgsPostgresConn( const QString &conninfo, bool readOnly, bool s
     QString username = uri.username();
     QString password = uri.password();
 
-    QgsCredentials::instance()->lock();
-
     int i = 0;
     while ( PQstatus() != CONNECTION_OK && i < 5 )
     {
@@ -298,8 +296,6 @@ QgsPostgresConn::QgsPostgresConn( const QString &conninfo, bool readOnly, bool s
 
     if ( PQstatus() == CONNECTION_OK )
       QgsCredentials::instance()->put( conninfo, username, password );
-
-    QgsCredentials::instance()->unlock();
   }
 
   if ( PQstatus() != CONNECTION_OK )

Original file line number	Diff line number	Diff line change
`@@ -1589,10 +1589,6 @@ QgisApp::~QgisApp()`
`1589`	`1589`	`qDeleteAll( mCustomDropHandlers );`
`1590`	`1590`	`qDeleteAll( mCustomLayoutDropHandlers );`
`1591`	`1591`
`1592`		`- // replace gui based network access managers with failing only ones`
`1593`		`- QgsNetworkAccessManager::instance()->setSslErrorHandler( qgis::make_unique< QgsSslErrorHandler >() );`
`1594`		`- QgsNetworkAccessManager::instance()->setAuthHandler( qgis::make_unique< QgsNetworkAuthenticationHandler >() );`
`1595`		`-`
`1596`	`1592`	`const QList<QgsMapCanvas *> canvases = mapCanvases();`
`1597`	`1593`	`for ( QgsMapCanvas *canvas : canvases )`
`1598`	`1594`	`{`
`@@ -13978,7 +13974,6 @@ void QgisApp::namProxyAuthenticationRequired( const QNetworkProxy &proxy, QAuthe`
`13978`	`13974`	`bool ok;`
`13979`	`13975`
`13980`	`13976`	`{`
`13981`		`- QMutexLocker lock( QgsCredentials::instance()->mutex() );`
`13982`	`13977`	`ok = QgsCredentials::instance()->get(`
`13983`	`13978`	`QStringLiteral( "proxy %1:%2 [%3]" ).arg( proxy.hostName() ).arg( proxy.port() ).arg( auth->realm() ),`
`13984`	`13979`	`username, password,`
`@@ -13992,15 +13987,13 @@ void QgisApp::namProxyAuthenticationRequired( const QNetworkProxy &proxy, QAuthe`
`13992`	`13987`
`13993`	`13988`	`// credentials didn't change - stored ones probably wrong? clear password and retry`
`13994`	`13989`	`{`
`13995`		`- QMutexLocker lock( QgsCredentials::instance()->mutex() );`
`13996`	`13990`	`QgsCredentials::instance()->put(`
`13997`	`13991`	`QStringLiteral( "proxy %1:%2 [%3]" ).arg( proxy.hostName() ).arg( proxy.port() ).arg( auth->realm() ),`
`13998`	`13992`	`username, QString() );`
`13999`	`13993`	`}`
`14000`	`13994`	`}`
`14001`	`13995`
`14002`	`13996`	`{`
`14003`		`- QMutexLocker lock( QgsCredentials::instance()->mutex() );`
`14004`	`13997`	`QgsCredentials::instance()->put(`
`14005`	`13998`	`QStringLiteral( "proxy %1:%2 [%3]" ).arg( proxy.hostName() ).arg( proxy.port() ).arg( auth->realm() ),`
`14006`	`13999`	`username, password`
Original file line number	Diff line number	Diff line change
`@@ -3193,10 +3193,8 @@ bool QgsAuthManager::masterPasswordInput()`
`3193`	`3193`	`if ( ! ok )`
`3194`	`3194`	`{`
`3195`	`3195`	`QgsCredentials *creds = QgsCredentials::instance();`
`3196`		`- creds->lock();`
`3197`	`3196`	`pass.clear();`
`3198`	`3197`	`ok = creds->getMasterPassword( pass, masterPasswordHashInDatabase() );`
`3199`		`- creds->unlock();`
`3200`	`3198`	`}`
`3201`	`3199`
`3202`	`3200`	`if ( ok && !pass.isEmpty() && mMasterPass != pass )`
Original file line number	Diff line number	Diff line change
`@@ -40,16 +40,19 @@ QgsCredentials *QgsCredentials::instance()`
`40`	`40`
`41`	`41`	`bool QgsCredentials::get( const QString &realm, QString &username, QString &password, const QString &message )`
`42`	`42`	`{`
	`43`	`+ QMutexLocker locker( &mMutex );`
`43`	`44`	`if ( mCredentialCache.contains( realm ) )`
`44`	`45`	`{`
`45`	`46`	`QPair<QString, QString> credentials = mCredentialCache.take( realm );`
	`47`	`+ locker.unlock();`
`46`	`48`	`username = credentials.first;`
`47`	`49`	`password = credentials.second;`
`48`	`50`	`QgsDebugMsg( QStringLiteral( "retrieved realm:%1 username:%2 password:%3" ).arg( realm, username, password ) );`
`49`	`51`
`50`	`52`	`if ( !password.isNull() )`
`51`	`53`	`return true;`
`52`	`54`	`}`
	`55`	`+ locker.unlock();`
`53`	`56`
`54`	`57`	`if ( request( realm, username, password, message ) )`
`55`	`58`	`{`
`@@ -66,6 +69,7 @@ bool QgsCredentials::get( const QString &realm, QString &username, QString &pass`
`66`	`69`	`void QgsCredentials::put( const QString &realm, const QString &username, const QString &password )`
`67`	`70`	`{`
`68`	`71`	`QgsDebugMsg( QStringLiteral( "inserting realm:%1 username:%2 password:%3" ).arg( realm, username, password ) );`
	`72`	`+ QMutexLocker locker( &mMutex );`
`69`	`73`	`mCredentialCache.insert( realm, QPair<QString, QString>( username, password ) );`
`70`	`74`	`}`
`71`	`75`
Original file line number	Diff line number	Diff line change
`@@ -235,7 +235,6 @@ QSqlDatabase QgsDb2Provider::getDatabase( const QString &connInfo, QString &errM`
`235`	`235`	`db.setPort( port.toInt() );`
`236`	`236`	`bool connected = false;`
`237`	`237`	`int i = 0;`
`238`		`- QgsCredentials::instance()->lock();`
`239`	`238`	`while ( !connected && i < 3 )`
`240`	`239`	`{`
`241`	`240`	`i++;`
`@@ -249,7 +248,6 @@ QSqlDatabase QgsDb2Provider::getDatabase( const QString &connInfo, QString &errM`
`249`	`248`	`{`
`250`	`249`	`errMsg = QStringLiteral( "Cancel clicked" );`
`251`	`250`	`QgsDebugMsg( errMsg );`
`252`		`- QgsCredentials::instance()->unlock();`
`253`	`251`	`break;`
`254`	`252`	`}`
`255`	`253`	`}`
`@@ -291,7 +289,6 @@ QSqlDatabase QgsDb2Provider::getDatabase( const QString &connInfo, QString &errM`
`291`	`289`	`{`
`292`	`290`	`QgsCredentials::instance()->put( databaseName, userName, password );`
`293`	`291`	`}`
`294`		`- QgsCredentials::instance()->unlock();`
`295`	`292`
`296`	`293`	`return db;`
`297`	`294`	`}`
Original file line number	Diff line number	Diff line change
`@@ -96,8 +96,6 @@ QgsOracleConn::QgsOracleConn( QgsDataSourceUri uri )`
`96`	`96`	`QgsDebugMsg( QStringLiteral( "Connecting with options: " ) + options );`
`97`	`97`	`if ( !mDatabase.open() )`
`98`	`98`	`{`
`99`		`- QgsCredentials::instance()->lock();`
`100`		`-`
`101`	`99`	`while ( !mDatabase.open() )`
`102`	`100`	`{`
`103`	`101`	`bool ok = QgsCredentials::instance()->get( realm, username, password, mDatabase.lastError().text() );`
`@@ -127,8 +125,6 @@ QgsOracleConn::QgsOracleConn( QgsDataSourceUri uri )`
`127`	`125`
`128`	`126`	`if ( mDatabase.isOpen() )`
`129`	`127`	`QgsCredentials::instance()->put( realm, username, password );`
`130`		`-`
`131`		`- QgsCredentials::instance()->unlock();`
`132`	`128`	`}`
`133`	`129`
`134`	`130`	`if ( !mDatabase.isOpen() )`
Original file line number	Diff line number	Diff line change
`@@ -272,8 +272,6 @@ QgsPostgresConn::QgsPostgresConn( const QString &conninfo, bool readOnly, bool s`
`272`	`272`	`QString username = uri.username();`
`273`	`273`	`QString password = uri.password();`
`274`	`274`
`275`		`- QgsCredentials::instance()->lock();`
`276`		`-`
`277`	`275`	`int i = 0;`
`278`	`276`	`while ( PQstatus() != CONNECTION_OK && i < 5 )`
`279`	`277`	`{`
`@@ -298,8 +296,6 @@ QgsPostgresConn::QgsPostgresConn( const QString &conninfo, bool readOnly, bool s`
`298`	`296`
`299`	`297`	`if ( PQstatus() == CONNECTION_OK )`
`300`	`298`	`QgsCredentials::instance()->put( conninfo, username, password );`
`301`		`-`
`302`		`- QgsCredentials::instance()->unlock();`
`303`	`299`	`}`
`304`	`300`
`305`	`301`	`if ( PQstatus() != CONNECTION_OK )`