Add wxWebCredentials and use it in SetCredentials()

Prefer using a class encapsulating both the user name and the password
to using a pair of variables.

include/wx/msw/private/webrequest_winhttp.h

@@ -53,7 +53,7 @@ public:
 
     bool Init();
 
-    void SetCredentials(const wxString& user, const wxString& password) wxOVERRIDE;
+    void SetCredentials(const wxWebCredentials& cred) wxOVERRIDE;
 
 private:
     wxWebRequestWinHTTP& m_request;

include/wx/private/webrequest.h

@@ -27,8 +27,7 @@ public:
 
     wxWebAuthChallenge::Source GetSource() const { return m_source; }
 
-    virtual void
+    virtual void SetCredentials(const wxWebCredentials& cred) = 0;
-    SetCredentials(const wxString& user, const wxString& password) = 0;
 
 protected:
     explicit wxWebAuthChallengeImpl(wxWebAuthChallenge::Source source)

include/wx/private/webrequest_curl.h

@@ -31,7 +31,7 @@ public:
 
     bool Init();
 
-    void SetCredentials(const wxString& user, const wxString& password) wxOVERRIDE;
+    void SetCredentials(const wxWebCredentials& cred) wxOVERRIDE;
 
 private:
     wxWebRequestCURL& m_request;

include/wx/webrequest.h

@@ -16,6 +16,7 @@
 
 #include "wx/event.h"
 #include "wx/object.h"
+#include "wx/secretstore.h"
 #include "wx/stream.h"
 #include "wx/versioninfo.h"
 
@@ -33,6 +34,22 @@ typedef wxObjectDataPtr<wxWebRequestImpl> wxWebRequestImplPtr;
 typedef wxObjectDataPtr<wxWebResponseImpl> wxWebResponseImplPtr;
 typedef wxObjectDataPtr<wxWebSessionImpl> wxWebSessionImplPtr;
 
+class wxWebCredentials
+{
+public:
+    wxWebCredentials(const wxString& user, const wxSecretValue& password)
+        : m_user(user), m_password(password)
+    {
+    }
+
+    const wxString& GetUser() const { return m_user; }
+    const wxSecretValue& GetPassword() const { return m_password; }
+
+private:
+    wxString m_user;
+    wxSecretValue m_password;
+};
+
 class WXDLLIMPEXP_NET wxWebAuthChallenge
 {
 public:
@@ -51,7 +68,7 @@ public:
 
     Source GetSource() const;
 
-    void SetCredentials(const wxString& user, const wxString& password);
+    void SetCredentials(const wxWebCredentials& cred);
 
 private:
     // Ctor is used by wxWebRequest only.

interface/wx/webrequest.h

@@ -372,7 +372,14 @@ public:
     Authentication challenge information available via
     wxWebRequest::GetAuthChallenge().
 
-    Use SetCredentials() to provide user credentials.
+    Use SetCredentials() to provide user credentials, e.g.
+    @code
+        if ( request.GetState() == wxWebRequest::State_Unauthorized )
+        {
+            wxWebCredentials cred("me", wxSecretValue("s3krit"));
+            request.GetAuthChallenge().SetCredentials(cred);
+        }
+    @endcode
 */
 class wxWebAuthChallenge
 {
@@ -394,12 +401,41 @@ public:
     /**
         Used to provide user credentials to the authentication challenge.
 
-        @param user
+        @see wxWebCredentials
-            User name.
-        @param password
-            The users password.
     */
-    void SetCredentials(const wxString& user, const wxString& password);
+    void SetCredentials(const wxWebCredentials& cred);
+};
+
+/**
+    Simple class containing the username and password to use for authenticating.
+
+    @since 3.1.5
+
+    @library{wxnet}
+    @category{net}
+
+    @see wxWebAuthChallenge
+ */
+class wxWebCredentials
+{
+public:
+    /**
+        Create the new credentials object.
+
+        Note that the password is a wxSecretValue object, to construct it from
+        a string you need to explicitly use wxSecretValue ctor.
+     */
+    wxWebCredentials(const wxString& user, const wxSecretValue& password);
+
+    /// Return the user.
+    const wxString& GetUser() const;
+
+    /**
+        Return the password.
+
+        @see wxSecretString
+     */
+    const wxSecretValue& GetPassword() const;
 };
 
 /**

src/common/webrequest.cpp

@@ -504,12 +504,11 @@ wxWebAuthChallenge::Source wxWebAuthChallenge::GetSource() const
 }
 
 void
-wxWebAuthChallenge::SetCredentials(const wxString& user,
+wxWebAuthChallenge::SetCredentials(const wxWebCredentials& cred)
-                                   const wxString& password)
 {
     wxCHECK_IMPL_VOID();
 
-    m_impl->SetCredentials(user, password);
+    m_impl->SetCredentials(cred);
 }
 
 //

src/common/webrequest_curl.cpp

@@ -319,9 +319,15 @@ bool wxWebAuthChallengeCURL::Init()
     return true;
 }
 
-void wxWebAuthChallengeCURL::SetCredentials(const wxString& user, const wxString& password)
+void wxWebAuthChallengeCURL::SetCredentials(const wxWebCredentials& cred)
 {
-    wxString authStr = wxString::Format("%s:%s", user, password);
+    const wxSecretString authStr =
+        wxString::Format
+        (
+            "%s:%s",
+            cred.GetUser(),
+            static_cast<const wxString&>(wxSecretString(cred.GetPassword()))
+        );
     curl_easy_setopt(m_request.GetHandle(),
         (GetSource() == wxWebAuthChallenge::Source_Proxy) ? CURLOPT_PROXYUSERPWD : CURLOPT_USERPWD,
         static_cast<const char*>(authStr.mb_str()));

src/msw/webrequest_winhttp.cpp

@@ -505,16 +505,15 @@ bool wxWebAuthChallengeWinHTTP::Init()
 }
 
 void
-wxWebAuthChallengeWinHTTP::SetCredentials(const wxString& user,
+wxWebAuthChallengeWinHTTP::SetCredentials(const wxWebCredentials& cred)
-                                          const wxString& password)
 {
     if ( !::WinHttpSetCredentials
             (
                 m_request.GetHandle(),
                 m_target,
                 m_selectedScheme,
-                user.wc_str(),
+                cred.GetUser().wc_str(),
-                password.wc_str(),
+                wxSecretString(cred.GetPassword()).wc_str(),
                 wxRESERVED_PARAM
             ) )
     {

tests/net/webrequest.cpp

@@ -108,6 +108,13 @@ public:
             REQUIRE( request.GetResponse().GetStatus() == requiredStatus );
     }
 
+    // Precondition: we must have an auth challenge.
+    void UseCredentials(const wxString& user, const wxString& password)
+    {
+        request.GetAuthChallenge().SetCredentials(
+            wxWebCredentials(user, wxSecretValue(password)));
+    }
+
     wxString baseURL;
     wxEventLoop loop;
     wxWebRequest request;
@@ -200,7 +207,7 @@ TEST_CASE_METHOD(RequestFixture, "WebRequest", "[net][webrequest]")
 
         SECTION("Good password")
         {
-            request.GetAuthChallenge().SetCredentials("wxtest", "wxwidgets");
+            UseCredentials("wxtest", "wxwidgets");
             loop.Run();
             CHECK( request.GetResponse().GetStatus() == 200 );
             CHECK( request.GetState() == wxWebRequest::State_Completed );
@@ -208,7 +215,7 @@ TEST_CASE_METHOD(RequestFixture, "WebRequest", "[net][webrequest]")
 
         SECTION("Bad password")
         {
-            request.GetAuthChallenge().SetCredentials("wxtest", "foobar");
+            UseCredentials("wxtest", "foobar");
             loop.Run();
             CHECK( request.GetResponse().GetStatus() == 401 );
             CHECK( request.GetState() == wxWebRequest::State_Unauthorized );
@@ -229,7 +236,7 @@ TEST_CASE_METHOD(RequestFixture, "WebRequest", "[net][webrequest]")
 
         SECTION("Good password")
         {
-            request.GetAuthChallenge().SetCredentials("wxtest", "wxwidgets");
+            UseCredentials("wxtest", "wxwidgets");
             loop.Run();
             CHECK( request.GetResponse().GetStatus() == 200 );
             CHECK( request.GetState() == wxWebRequest::State_Completed );
@@ -237,7 +244,7 @@ TEST_CASE_METHOD(RequestFixture, "WebRequest", "[net][webrequest]")
 
         SECTION("Bad password")
         {
-            request.GetAuthChallenge().SetCredentials("foo", "bar");
+            UseCredentials("foo", "bar");
             loop.Run();
             CHECK( request.GetResponse().GetStatus() == 401 );
             CHECK( request.GetState() == wxWebRequest::State_Unauthorized );