Changeset 19345 in josm for trunk/src

Timestamp:

2025-03-10T17:38:42+01:00 (2 weeks ago)

Author:

stoecker

Message:

don't send authentication oinformation to wrong server, fix #24149, patch by ssundell

Location:

trunk/src/org/openstreetmap/josm/io

Files:

• OsmApi.java (modified) (1 diff)
• OsmServerReader.java (modified) (1 diff)
• auth/AbstractCredentialsAgent.java (modified) (5 diffs)
• auth/CredentialsAgent.java (modified) (1 diff)
• auth/CredentialsManager.java (modified) (3 diffs)

trunk/src/org/openstreetmap/josm/io/OsmApi.java

@@ -825 +825 @@
                 case HttpURLConnection.HTTP_UNAUTHORIZED:
                 case HttpURLConnection.HTTP_FORBIDDEN:
-                    CredentialsManager.getInstance().purgeCredentialsCache(RequestorType.SERVER);
+                    CredentialsManager.getInstance().purgeCredentialsCache(RequestorType.SERVER, getHost());
                     throw new OsmApiException(retCode, errorHeader, errorBody, activeConnection.getURL().toString(),
                             doAuthenticate ? retrieveBasicAuthorizationLogin(client) : null, response.getContentType());

trunk/src/org/openstreetmap/josm/io/OsmServerReader.java

@@ -208 +208 @@
             try {
                 if (response.getResponseCode() == HttpURLConnection.HTTP_UNAUTHORIZED) {
-                    CredentialsManager.getInstance().purgeCredentialsCache(RequestorType.SERVER);
+                    CredentialsManager.getInstance().purgeCredentialsCache(RequestorType.SERVER, OsmApi.getOsmApi().getHost());
                     throw new OsmApiException(HttpURLConnection.HTTP_UNAUTHORIZED, null, null);
                 }

trunk/src/org/openstreetmap/josm/io/auth/AbstractCredentialsAgent.java

@@ -4 +4 @@
 import java.net.Authenticator.RequestorType;
 import java.net.PasswordAuthentication;
-import java.util.EnumMap;
+import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
 
 import org.openstreetmap.josm.tools.Logging;
+import org.openstreetmap.josm.tools.Pair;
 
 /**
@@ -48 +49 @@
     }
 
-    protected Map<RequestorType, PasswordAuthentication> memoryCredentialsCache = new EnumMap<>(RequestorType.class);
+    protected Map<Pair<RequestorType, String>, PasswordAuthentication> memoryCredentialsCache = new HashMap<>();
 
     @Override
@@ -65 +66 @@
          * -> Try to recall credentials that have been entered manually in this session.
          */
-        if (!noSuccessWithLastResponse && memoryCredentialsCache.containsKey(requestorType) &&
+        Pair<RequestorType, String> mccKey = Pair.create(requestorType, host);
+        if (!noSuccessWithLastResponse && memoryCredentialsCache.containsKey(mccKey) &&
                 (credentials == null || credentials.getPassword() == null || credentials.getPassword().length == 0)) {
-            PasswordAuthentication pa = memoryCredentialsCache.get(requestorType);
+            PasswordAuthentication pa = memoryCredentialsCache.get(mccKey);
             response.setUsername(pa.getUserName());
             response.setPassword(pa.getPassword());
@@ -89 +91 @@
             } else {
                 // User decides not to save credentials to file. Keep it in memory so we don't have to ask over and over again.
-                memoryCredentialsCache.put(requestorType, new PasswordAuthentication(response.getUsername(), response.getPassword()));
+                memoryCredentialsCache.put(mccKey, new PasswordAuthentication(response.getUsername(), response.getPassword()));
             }
         } else {
@@ -102 +104 @@
     @Override
     public final void purgeCredentialsCache(RequestorType requestorType) {
-        memoryCredentialsCache.remove(requestorType);
+        memoryCredentialsCache.keySet().removeIf(pair -> pair.a == requestorType);
+    }
+
+    @Override
+    public void purgeCredentialsCache(RequestorType requestorType, String host) {
+        memoryCredentialsCache.remove(Pair.create(requestorType, host));
     }
 

trunk/src/org/openstreetmap/josm/io/auth/CredentialsAgent.java

@@ -84 +84 @@
      * Purges the internal credentials cache for the given requestor type.
      * @param requestorType the type of service.
-     * {@link RequestorType#SERVER} for the OSM API server, {@link RequestorType#PROXY} for a proxy server
+     * {@link RequestorType#PROXY} for a proxy server, {@link RequestorType#SERVER} for other servers.
      * @since 12992
      */
     void purgeCredentialsCache(RequestorType requestorType);
+
+    /**
+     * Purges the internal credentials cache for the given requestor type and host.
+     * @param requestorType the type of service.
+     * @param host the host.
+     * {@link RequestorType#PROXY} for a proxy server, {@link RequestorType#SERVER} for other servers.
+     */
+    default void purgeCredentialsCache(RequestorType requestorType, String host) {
+        purgeCredentialsCache(requestorType);
+    }
 
     /**

trunk/src/org/openstreetmap/josm/io/auth/CredentialsManager.java

@@ -134 +134 @@
         }
         // see #11914: clear cache before we store new value
-        purgeCredentialsCache(requestorType);
+        purgeCredentialsCache(requestorType, host);
         delegate.store(requestorType, host, credentials);
     }
@@ -142 +142 @@
             throws CredentialsAgentException {
         CredentialsAgentResponse credentials = delegate.getCredentials(requestorType, host, noSuccessWithLastResponse);
-        if (requestorType == RequestorType.SERVER) {
+        if (requestorType == RequestorType.SERVER && Objects.equals(OsmApi.getOsmApi().getHost(), host)) {
             // see #11914 : Keep UserIdentityManager up to date
             String userName = credentials.getUsername();
@@ -175 +175 @@
         delegate.purgeCredentialsCache(requestorType);
     }
+
+    @Override
+    public void purgeCredentialsCache(RequestorType requestorType, String host) {
+        delegate.purgeCredentialsCache(requestorType, host);
+    }
 }