If a login request with a Git cookie fails with 401 because the
token contained in the cookie is already expired, a native Git
client prompts the user for a secret (either a fresh token, or a
password). However, even if a valid secret is entered, the login
fails with 401 again, because the outdated Git cookie is also
sent, and ProjectOAuthFilter prefers Git cookies to credentials
sent in a BASIC authentication header.
This patch reverses the fallback strategy for an OAuth login: if
there is a BASIC authentication header it overrules a Git cookie
sent in the same request. A native Git client will always send
the Git cookie. If the cookie is valid, the request will succeed.
Otherwise, 401 is returned and the client will prompt for
user and password. Now a fresh token or a password can be entered,
which will overrule the invalid Git cookie for this request.
Change-Id: I6344b0daab1855465418bb5611d79fcef01c3118
Signed-off-by: Michael Ochmann <michael.ochmann@sap.com>
543d6bcda5