Login credentials are cached in Briefcase-Aggregate cooperation.

[kkrawczyk123]

Software and hardware versions

Windows/Linux/macOS, Aggregate v2.0, 1.7 Java vx.x.x, ...

Problem description

After log in to Briefcase with correct Aggregate credentials they are cached and it enables the user to log in with invalid credentials after resetting the connection.

Steps to reproduce the problem

1. Run Briefcase
2. Connect to the server with correct credentials on Pull tab
3. Reset connection
4. Configure connection again, use the same aggregate's URL but some wrong/non-existing/ no credential and click on connect button.

Expected behavior

It shouldn't be able to log in with invalid/non-existing credentials. Credentials should not be cached.

Other information

Aggregate should have anonymous access option turned off.
The issue does not occur with Central.
the initially identified issue: getodk/briefcase#481

cc @ggalmazor

[macdude357]

Assuming that Aggregate is returning some type of token that is being sent in subsequent requests, then briefcase could store that token in a map using a hash of the credentials that are configured in the username/password fields for the server. So long as the creds remain untouched, continuously looking up the token using that key will work fine. If the user changes the creds, the key won't be found and briefcase will have to establish a new session using the new creds so if they are bad, the user will not be able to log back in using the token that was associated with the correct creds.