wininet: Clear cached credentials after the first failed attempt.

Windows when using cached credentials will use them on the first challenge, if then a second 403 (ACCESS_DENIED) is received, the user is prompted again but this time with the password and save checkbox cleared. Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
2024-09-01 13:23:37 +00:00 · 2021-10-04 12:41:33 +11:00 · 2021-10-04 12:41:33 +11:00 · b9d07d6cb4
parent 8537b72202
commit b9d07d6cb4
2 changed files with 24 additions and 1 deletions
--- a/dlls/wininet/dialogs.c
+++ b/dlls/wininet/dialogs.c
@ -152,9 +152,25 @@ static BOOL WININET_GetSetPassword( HWND hdlg, LPCWSTR szServer,
    p = wcschr( szUserPass, ':' );
    if( p )
    {
+        struct WININET_ErrorDlgParams *params;
+        HWND hwnd;
+
+        params = (struct WININET_ErrorDlgParams*)
+                 GetWindowLongPtrW( hdlg, GWLP_USERDATA );
+
        *p = 0;
        SetWindowTextW( hUserItem, szUserPass );
-        SetWindowTextW( hPassItem, p+1 );
+
+        if (!params->req->clear_auth)
+        {
+            SetWindowTextW( hPassItem, p+1 );
+
+            hwnd = GetDlgItem( hdlg, IDC_SAVEPASSWORD );
+            if (hwnd)
+                SendMessageW(hwnd, BM_SETCHECK, BST_CHECKED, 0);
+        }
+        else
+            WININET_GetSetPassword( hdlg, szServer, szRealm, TRUE );
    }

    return TRUE;
@ -264,6 +280,8 @@ static INT_PTR WINAPI WININET_ProxyPasswordDialog(
                WININET_GetSetPassword( hdlg, params->req->session->appInfo->proxy, szRealm, TRUE );
            WININET_SetAuthorization( params->req, username, password, TRUE );

+            params->req->clear_auth = TRUE;
+
            EndDialog( hdlg, ERROR_INTERNET_FORCE_RETRY );
            return TRUE;
        }
@ -340,6 +358,7 @@ static INT_PTR WINAPI WININET_PasswordDialog(
                WININET_GetSetPassword( hdlg, params->req->session->hostName, szRealm, TRUE );
            }
            WININET_SetAuthorization( params->req, username, password, FALSE );
+            params->req->clear_auth = TRUE;

            EndDialog( hdlg, ERROR_INTERNET_FORCE_RETRY );
            return TRUE;
@ -509,6 +528,9 @@ DWORD WINAPI InternetErrorDlg(HWND hWnd, HINTERNET hRequest,
            res = DialogBoxParamW( WININET_hModule, MAKEINTRESOURCEW( IDD_AUTHDLG ),
                                    hWnd, WININET_PasswordDialog, (LPARAM) &params );
            break;
+        case HTTP_STATUS_OK:
+            req->clear_auth = FALSE;
+            break;
        default:
            WARN("unhandled status %lu\n", req->status_code);
        }
--- a/dlls/wininet/internet.h
+++ b/dlls/wininet/internet.h
@ -361,6 +361,7 @@ typedef struct
    LPWSTR statusText;
    DWORD bytesToWrite;
    DWORD bytesWritten;
+    BOOL clear_auth; /* Flag to clear the password field on the authorization dialog */

    CRITICAL_SECTION headers_section;  /* section to protect the headers array */
    HTTPHEADERW *custHeaders;