changeset 15024:0f1311e829c9 stable

http: strip credentials from urllib2 manager URIs (issue2885) urllib2 password manager does not strip credentials from URIs registered with add_password() and compare them with stripped URIs in find_password(). Remove credentials from URIs returned by util.url.authinfo(). It sometimes works when no port was specified as the URI host is registered too.
author Patrick Mezard <pmezard@gmail.com>
date Fri, 05 Aug 2011 21:05:40 +0200
parents f4b7be3f8430
children 0593e8f81c71
files mercurial/util.py tests/test-hgweb-auth.py tests/test-hgweb-auth.py.out
diffstat 3 files changed, 18 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/util.py	Thu Aug 04 19:41:23 2011 +0300
+++ b/mercurial/util.py	Fri Aug 05 21:05:40 2011 +0200
@@ -1565,7 +1565,9 @@
             self.user, self.passwd = user, passwd
         if not self.user:
             return (s, None)
-        return (s, (None, (str(self), self.host),
+        # authinfo[1] is passed to urllib2 password manager, and its URIs
+        # must not contain credentials.
+        return (s, (None, (s, self.host),
                     self.user, self.passwd or ''))
 
     def isabs(self):
--- a/tests/test-hgweb-auth.py	Thu Aug 04 19:41:23 2011 +0300
+++ b/tests/test-hgweb-auth.py	Fri Aug 05 21:05:40 2011 +0200
@@ -1,4 +1,5 @@
 from mercurial import demandimport; demandimport.enable()
+import urllib2
 from mercurial import ui, util
 from mercurial import url
 from mercurial.error import Abort
@@ -95,3 +96,12 @@
       'y.username': 'y',
       'y.password': 'ypassword'},
      urls=['http://y@example.org/foo/bar'])
+
+def testauthinfo(fullurl, authurl):
+    print 'URIs:', fullurl, authurl
+    pm = urllib2.HTTPPasswordMgrWithDefaultRealm()
+    pm.add_password(*util.url(fullurl).authinfo()[1])
+    print pm.find_user_password('test', authurl)
+
+print '\n*** Test urllib2 and util.url\n'
+testauthinfo('http://user@example.com:8080/foo', 'http://example.com:8080/foo')
--- a/tests/test-hgweb-auth.py.out	Thu Aug 04 19:41:23 2011 +0300
+++ b/tests/test-hgweb-auth.py.out	Fri Aug 05 21:05:40 2011 +0200
@@ -189,3 +189,8 @@
 CFG: {x.password: xpassword, x.prefix: http://example.org/foo/bar, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y}
 URI: http://y@example.org/foo/bar
      ('y', 'xpassword')
+
+*** Test urllib2 and util.url
+
+URIs: http://user@example.com:8080/foo http://example.com:8080/foo
+('user', '')