Mercurial > hg
comparison mercurial/url.py @ 29639:6fd751fa58d3 stable
url: avoid re-issuing incorrect password (issue3210)
Some draconian IT setups lock accounts after a small number of incorrect
password attempts. Mercurial's implementation of the urllib2 authentication was
causing 5 retry attempts with the same credentials, without prompting the user.
The code was attempting to check whether the authorization token had changed,
but unfortunately was reading the misleading 'headers' member of the request
instead of using the 'get_header' accessor.
Modelled on fix for Python issue 8797:
https://bugs.python.org/issue8797
https://hg.python.org/cpython/rev/30e8a8f22a2a
| author | Kim Randell <Kim.Randell@vicon.com> |
|---|---|
| date | Fri, 29 Jul 2016 12:46:07 +0100 |
| parents | e3dc96834126 |
| children | b76ea1384bf2 |
comparison
equal
deleted
inserted
replaced
| 29638:491ee264b9f6 | 29639:6fd751fa58d3 |
|---|---|
| 449 def retry_http_basic_auth(self, host, req, realm): | 449 def retry_http_basic_auth(self, host, req, realm): |
| 450 user, pw = self.passwd.find_user_password(realm, req.get_full_url()) | 450 user, pw = self.passwd.find_user_password(realm, req.get_full_url()) |
| 451 if pw is not None: | 451 if pw is not None: |
| 452 raw = "%s:%s" % (user, pw) | 452 raw = "%s:%s" % (user, pw) |
| 453 auth = 'Basic %s' % base64.b64encode(raw).strip() | 453 auth = 'Basic %s' % base64.b64encode(raw).strip() |
| 454 if req.headers.get(self.auth_header, None) == auth: | 454 if req.get_header(self.auth_header, None) == auth: |
| 455 return None | 455 return None |
| 456 self.auth = auth | 456 self.auth = auth |
| 457 req.add_unredirected_header(self.auth_header, auth) | 457 req.add_unredirected_header(self.auth_header, auth) |
| 458 return self.parent.open(req) | 458 return self.parent.open(req) |
| 459 else: | 459 else: |