loader, pager: fix login with username only

It's a bit tricky, because "username only" means "try with the username
only" only if no password has been recorded for the username on the
origin.

2 files changed, 8 insertions, 3 deletions

diff --git a/src/local/pager.nim b/src/local/pager.nim
index 43de48b4..36562a99 100644
--- a/src/local/pager.nim
+++ b/src/local/pager.nim
@@ -1950,7 +1950,7 @@ proc gotoURL(pager: Pager; request: Request; prevurl = none(URL);
     let referer = $referrer.url
     request.headers["Referer"] = referer
     bufferConfig.referrer = referer
-  if request.url.username != "" and request.url.password != "":
+  if request.url.username != "":
     pager.loader.addAuth(request.url)
   request.url.password = ""
   if prevurl.isNone or
diff --git a/src/server/loader.nim b/src/server/loader.nim
index 38435d27..8ffcb19e 100644
--- a/src/server/loader.nim
+++ b/src/server/loader.nim
@@ -1641,8 +1641,13 @@ proc addAuth(ctx: var LoaderContext; stream: SocketStream;
   let origin = url.authOrigin
   let item = ctx.authMap.findItem(origin)
   if item != nil:
-    item.username = url.username
-    item.password = url.password
+    # Only replace the old item if the URL sets a password or the old
+    # item's username is different.
+    # This way, loading a URL with only the username set still lets us
+    # load the password which is already associated with said username.
+    if url.password != "" or item.username != url.username:
+      item.username = url.username
+      item.password = url.password
   else:
     let item = AuthItem(
       origin: url.authOrigin,