[WFS provider] Fix auth config extra expansion and auth prioritization

dakcarto · dakcarto · commit e3164e9ef93c · 2016-10-12T14:47:30.000-06:00
diff --git a/src/providers/wfs/qgswfsdatasourceuri.cpp b/src/providers/wfs/qgswfsdatasourceuri.cpp
@@ -41,14 +41,19 @@ QgsWFSDataSourceURI::QgsWFSDataSourceURI( const QString& uri )
     QString typeName = url.queryItemValue( QgsWFSConstants::URI_PARAM_TYPENAME );
     QString version = url.queryItemValue( QgsWFSConstants::URI_PARAM_VERSION );
     QString filter = url.queryItemValue( QgsWFSConstants::URI_PARAM_FILTER );
-    mAuth.mUserName = url.queryItemValue( QgsWFSConstants::URI_PARAM_USERNAME );
-    // In QgsDataSourceURI, the "username" param is named "user", check it
-    if ( mAuth.mUserName.isEmpty() )
+    mAuth.mAuthCfg = url.queryItemValue( QgsWFSConstants::URI_PARAM_AUTHCFG );
+    // NOTE: A defined authcfg overrides any older username/password auth
+    //       Only check for older auth if it is undefined
+    if ( mAuth.mAuthCfg.isEmpty() )
     {
-      mAuth.mUserName = url.queryItemValue( QgsWFSConstants::URI_PARAM_USER );
+      mAuth.mUserName = url.queryItemValue( QgsWFSConstants::URI_PARAM_USERNAME );
+      // In QgsDataSourceURI, the "username" param is named "user", check it
+      if ( mAuth.mUserName.isEmpty() )
+      {
+        mAuth.mUserName = url.queryItemValue( QgsWFSConstants::URI_PARAM_USER );
+      }
+      mAuth.mPassword = url.queryItemValue( QgsWFSConstants::URI_PARAM_PASSWORD );
     }
-    mAuth.mPassword = url.queryItemValue( QgsWFSConstants::URI_PARAM_PASSWORD );
-    mAuth.mAuthCfg = url.queryItemValue( QgsWFSConstants::URI_PARAM_AUTHCFG );
 
     // Now remove all stuff that is not the core URL
     url.removeQueryItem( "SERVICE" );
@@ -90,19 +95,24 @@ QgsWFSDataSourceURI::QgsWFSDataSourceURI( const QString& uri )
 const QString QgsWFSDataSourceURI::uri( bool expandAuthConfig ) const
 {
   QgsDataSourceURI theURI( mURI );
-  // Add auth params back into the uri
+  // Add authcfg param back into the uri (must be non-empty value)
   if ( ! mAuth.mAuthCfg.isEmpty() )
   {
     theURI.setAuthConfigId( mAuth.mAuthCfg );
   }
-  if ( ! mAuth.mUserName.isEmpty() )
-  {
-    theURI.setUsername( mAuth.mUserName );
-  }
-  if ( ! mAuth.mPassword.isEmpty() )
+  else
   {
-    theURI.setPassword( mAuth.mPassword );
+    // Add any older username/password auth params back in (allow empty values)
+    if ( ! mAuth.mUserName.isNull() )
+    {
+      theURI.setUsername( mAuth.mUserName );
+    }
+    if ( ! mAuth.mPassword.isNull() )
+    {
+      theURI.setPassword( mAuth.mPassword );
+    }
   }
+  // NOTE: avoid expanding authcfg here; it is handled during network access
   return theURI.uri( expandAuthConfig );
 }
 
diff --git a/src/providers/wfs/qgswfsdatasourceuri.h b/src/providers/wfs/qgswfsdatasourceuri.h
@@ -35,11 +35,11 @@ struct QgsWFSAuthorization
   //! set authorization header
   bool setAuthorization( QNetworkRequest &request ) const
   {
-    if ( !mAuthCfg.isEmpty() )
+    if ( !mAuthCfg.isEmpty() ) // must be non-empty value
     {
       return QgsAuthManager::instance()->updateNetworkRequest( request, mAuthCfg );
     }
-    else if ( !mUserName.isNull() || !mPassword.isNull() )
+    else if ( !mUserName.isNull() || !mPassword.isNull() ) // allow empty values
     {
       request.setRawHeader( "Authorization", "Basic " + QString( "%1:%2" ).arg( mUserName, mPassword ).toAscii().toBase64() );
     }
@@ -65,8 +65,8 @@ class QgsWFSDataSourceURI
 
     explicit QgsWFSDataSourceURI( const QString& uri );
 
-    /** Return the URI */
-    const QString uri( bool expandAuthConfig = true ) const;
+    /** Return the URI, avoiding expansion of authentication configuration, which is handled during network access */
+    const QString uri( bool expandAuthConfig = false ) const;
 
     /** Return base URL (with SERVICE=WFS parameter if bIncludeServiceWFS=true) */
     QUrl baseURL( bool bIncludeServiceWFS = true ) const;
diff --git a/src/providers/wfs/qgswfsprovider.cpp b/src/providers/wfs/qgswfsprovider.cpp
@@ -1101,7 +1101,7 @@ bool QgsWFSProvider::describeFeatureType( QString& geometryAttribute, QgsFields&
 {
   fields.clear();
 
-  QgsWFSDescribeFeatureType describeFeatureType( mShared->mURI.uri( false ) );
+  QgsWFSDescribeFeatureType describeFeatureType( mShared->mURI.uri() );
   if ( !describeFeatureType.requestFeatureType( mShared->mWFSVersion,
        mShared->mURI.typeName() ) )
   {
@@ -1337,7 +1337,7 @@ bool QgsWFSProvider::sendTransactionDocument( const QDomDocument& doc, QDomDocum
     return false;
   }
 
-  QgsWFSTransactionRequest request( mShared->mURI.uri( false ) );
+  QgsWFSTransactionRequest request( mShared->mURI.uri() );
   return request.send( doc, serverResponse );
 }
 
@@ -1440,7 +1440,7 @@ bool QgsWFSProvider::getCapabilities()
 
   if ( mShared->mCaps.version.isEmpty() )
   {
-    QgsWFSCapabilities getCapabilities( mShared->mURI.uri( false ) );
+    QgsWFSCapabilities getCapabilities( mShared->mURI.uri() );
     const bool synchronous = true;
     const bool forceRefresh = false;
     if ( !getCapabilities.requestCapabilities( synchronous, forceRefresh ) )

Original file line number	Diff line number	Diff line change
`@@ -35,11 +35,11 @@ struct QgsWFSAuthorization`
`35`	`35`	`//! set authorization header`
`36`	`36`	`bool setAuthorization( QNetworkRequest &request ) const`
`37`	`37`	`{`
`38`		`- if ( !mAuthCfg.isEmpty() )`
	`38`	`+ if ( !mAuthCfg.isEmpty() ) // must be non-empty value`
`39`	`39`	`{`
`40`	`40`	`return QgsAuthManager::instance()->updateNetworkRequest( request, mAuthCfg );`
`41`	`41`	`}`
`42`		`- else if ( !mUserName.isNull() \|\| !mPassword.isNull() )`
	`42`	`+ else if ( !mUserName.isNull() \|\| !mPassword.isNull() ) // allow empty values`
`43`	`43`	`{`
`44`	`44`	`request.setRawHeader( "Authorization", "Basic " + QString( "%1:%2" ).arg( mUserName, mPassword ).toAscii().toBase64() );`
`45`	`45`	`}`
`@@ -65,8 +65,8 @@ class QgsWFSDataSourceURI`
`65`	`65`
`66`	`66`	`explicit QgsWFSDataSourceURI( const QString& uri );`
`67`	`67`
`68`		`- /** Return the URI */`
`69`		`- const QString uri( bool expandAuthConfig = true ) const;`
	`68`	`+ /** Return the URI, avoiding expansion of authentication configuration, which is handled during network access */`
	`69`	`+ const QString uri( bool expandAuthConfig = false ) const;`
`70`	`70`
`71`	`71`	`/** Return base URL (with SERVICE=WFS parameter if bIncludeServiceWFS=true) */`
`72`	`72`	`QUrl baseURL( bool bIncludeServiceWFS = true ) const;`
Original file line number	Diff line number	Diff line change
`@@ -1101,7 +1101,7 @@ bool QgsWFSProvider::describeFeatureType( QString& geometryAttribute, QgsFields&`
`1101`	`1101`	`{`
`1102`	`1102`	`fields.clear();`
`1103`	`1103`
`1104`		`- QgsWFSDescribeFeatureType describeFeatureType( mShared->mURI.uri( false ) );`
	`1104`	`+ QgsWFSDescribeFeatureType describeFeatureType( mShared->mURI.uri() );`
`1105`	`1105`	`if ( !describeFeatureType.requestFeatureType( mShared->mWFSVersion,`
`1106`	`1106`	`mShared->mURI.typeName() ) )`
`1107`	`1107`	`{`
`@@ -1337,7 +1337,7 @@ bool QgsWFSProvider::sendTransactionDocument( const QDomDocument& doc, QDomDocum`
`1337`	`1337`	`return false;`
`1338`	`1338`	`}`
`1339`	`1339`
`1340`		`- QgsWFSTransactionRequest request( mShared->mURI.uri( false ) );`
	`1340`	`+ QgsWFSTransactionRequest request( mShared->mURI.uri() );`
`1341`	`1341`	`return request.send( doc, serverResponse );`
`1342`	`1342`	`}`
`1343`	`1343`
`@@ -1440,7 +1440,7 @@ bool QgsWFSProvider::getCapabilities()`
`1440`	`1440`
`1441`	`1441`	`if ( mShared->mCaps.version.isEmpty() )`
`1442`	`1442`	`{`
`1443`		`- QgsWFSCapabilities getCapabilities( mShared->mURI.uri( false ) );`
	`1443`	`+ QgsWFSCapabilities getCapabilities( mShared->mURI.uri() );`
`1444`	`1444`	`const bool synchronous = true;`
`1445`	`1445`	`const bool forceRefresh = false;`
`1446`	`1446`	`if ( !getCapabilities.requestCapabilities( synchronous, forceRefresh ) )`