Fixing authentication challenge implementation to cancel after failed attempt

Source/Alamofire.swift

@@ -574,17 +574,21 @@ public class Request {
             if self.taskDidReceiveChallenge != nil {
                 (disposition, credential) = self.taskDidReceiveChallenge!(session, task, challenge)
             } else {
-                // TODO: Incorporate Trust Evaluation & TLS Chain Validation
-
-                switch challenge.protectionSpace.authenticationMethod! {
-                case NSURLAuthenticationMethodServerTrust:
-                    credential = NSURLCredential(forTrust: challenge.protectionSpace.serverTrust)
-                default:
-                    credential = self.credential ?? session.configuration.URLCredentialStorage?.defaultCredentialForProtectionSpace(challenge.protectionSpace)
-                }
-
-                if credential != nil {
-                    disposition = .UseCredential
+                if challenge.previousFailureCount > 0 {
+                    disposition = .CancelAuthenticationChallenge
+                } else {
+                    // TODO: Incorporate Trust Evaluation & TLS Chain Validation
+
+                    switch challenge.protectionSpace.authenticationMethod! {
+                    case NSURLAuthenticationMethodServerTrust:
+                        credential = NSURLCredential(forTrust: challenge.protectionSpace.serverTrust)
+                    default:
+                        credential = self.credential ?? session.configuration.URLCredentialStorage?.defaultCredentialForProtectionSpace(challenge.protectionSpace)
+                    }
+
+                    if credential != nil {
+                        disposition = .UseCredential
+                    }
                 }
             }
 

Tests/AuthenticationTests.swift

@@ -50,9 +50,9 @@ class AlamofireAuthenticationTestCase: XCTestCase {
                 invalidCredentialsExpectation.fulfill()
 
                 XCTAssertNotNil(request, "request should not be nil")
-                XCTAssertNotNil(response, "response should not be nil")
-                XCTAssert(response?.statusCode == 401, "response status code should be 401")
-                XCTAssertNil(error, "error should be nil")
+                XCTAssertNil(response, "response should be nil")
+                XCTAssertNotNil(error, "error should not be nil")
+                XCTAssert(error?.code == -999, "error should be NSURLErrorDomain Code -999 'cancelled'")
         }
 
         waitForExpectationsWithTimeout(10) { (error) in
@@ -86,9 +86,9 @@ class AlamofireAuthenticationTestCase: XCTestCase {
                 invalidCredentialsExpectation.fulfill()
 
                 XCTAssertNotNil(request, "request should not be nil")
-                XCTAssertNotNil(response, "response should not be nil")
-                XCTAssert(response?.statusCode == 401, "response status code should be 401")
-                XCTAssertNil(error, "error should be nil")
+                XCTAssertNil(response, "response should be nil")
+                XCTAssertNotNil(error, "error should not be nil")
+                XCTAssert(error?.code == -999, "error should be NSURLErrorDomain Code -999 'cancelled'")
         }
 
         waitForExpectationsWithTimeout(10) { (error) in