Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-123891

HTTP2: finished and errorOccurred signals never emitted when auth fails with code 401

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P2: Important
    • 6.5.7, 6.7.1, 6.8.0 FF
    • 6.6.3
    • Network
    • None
    • 4f9387f2a (dev), 8c2518bee (6.7), c732fd9c7 (tqtc/lts-6.5)

    Description

      After sending a request with an invalid bearer token to a server with HTTP/2 support signals `finished`, `errorOccurred` are not emitted and nothing happens.

      To reproduce one can try:

      1. Find an API which requires authentication and supports HTTP/2 and sends `www-authenticate` header together with 401 code (I found https://storage.googleapis.com/storage/v1/b?project=123)
      2. Create QNetworkRequest and set header with an invalid authorization token ("Bearer 123", for example)
      3. Try to get this request

      Execution eventually hits this code

              } else if (!auth.isEmpty()) {
                  // Somewhat mimics parts of QHttpNetworkConnectionChannel::handleStatus
                  bool resend = false;
                  const bool authenticateHandled = m_connection->d_func()->handleAuthenticateChallenge(
                          m_socket, httpReply, isProxy, resend);
                  if (authenticateHandled && resend) {
                      httpReply->d_func()->eraseData();
                      // Add the request back in queue, we'll retry later now that
                      // we've gotten some username/password set on it:
                      httpRequest.d->needResendWithCredentials = true;
                      m_channel->h2RequestsToSend.insert(httpRequest.priority(), stream.httpPair);
                      httpReply->d_func()->clearHeaders();
                      // If we have data we were uploading we need to reset it:
                      if (stream.data()) {
                          stream.data()->reset();
                          httpReplyPrivate->totallyUploadedData = 0;
                      }
                      // We automatically try to send new requests when the stream is
                      // closed, so we don't need to call sendRequest ourselves.
                      return true;
                  } // else: Authentication failed or was cancelled 

       `auth` is not empty (it contains information about invalid token), it's not handled, and resend is also `false`

      so it ends up here:

       } // else: Authentication failed or was cancelled
      

      and returns `false` without emitting signals

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            manordheim Mårten Nordheim
            gatsik Gatsik 0
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes