QNAM: Reset authenticator state properly between requests

Reset authenticator and fix operator=(...) of QAuthenticator.

Task-number: QTBUG-6792
Reviewed-by: ogoffart

2 files changed, 14 insertions, 3 deletions

diff --git a/src/network/access/qhttpnetworkconnection.cpp b/src/network/access/qhttpnetworkconnection.cpp
index 89f9b03..4d27531 100644
--- a/src/network/access/qhttpnetworkconnection.cpp
+++ b/src/network/access/qhttpnetworkconnection.cpp
@@ -373,6 +373,13 @@ bool QHttpNetworkConnectionPrivate::handleAuthenticateChallenge(QAbstractSocket
         // - If withCredentials has been set to false (e.g. by QtWebKit for a cross-origin XMLHttpRequest) then
         //   we need to bail out if authentication is required.
         if (priv->phase == QAuthenticatorPrivate::Done || !reply->request().withCredentials()) {
+            // Reset authenticator so the next request on that channel does not get messed up
+            auth = 0;
+            if (isProxy)
+                channels[i].proxyAuthenticator = QAuthenticator();
+            else
+                channels[i].authenticator = QAuthenticator();
+
             // authentication is cancelled, send the current contents to the user.
             emit channels[i].reply->headerChanged();
             emit channels[i].reply->readyRead();
diff --git a/src/network/kernel/qauthenticator.cpp b/src/network/kernel/qauthenticator.cpp
index 220f7da..73f6b94 100644
--- a/src/network/kernel/qauthenticator.cpp
+++ b/src/network/kernel/qauthenticator.cpp
@@ -164,9 +164,13 @@ QAuthenticator &QAuthenticator::operator=(const QAuthenticator &other)
 {
     if (d == other.d)
         return *this;
-    detach();
-    d->user = other.d->user;
-    d->password = other.d->password;
+
+    if (d && !d->ref.deref())
+        delete d;
+
+    d = other.d;
+    if (d)
+        d->ref.ref();
     return *this;
 }