http: strip credentials from urllib2 manager URIs (
issue2885)
urllib2 password manager does not strip credentials from URIs registered with
add_password() and compare them with stripped URIs in find_password(). Remove
credentials from URIs returned by util.url.authinfo(). It sometimes works when
no port was specified as the URI host is registered too.
--- a/mercurial/util.py Thu Aug 04 19:41:23 2011 +0300
+++ b/mercurial/util.py Fri Aug 05 21:05:40 2011 +0200
@@ -1565,7 +1565,9 @@
self.user, self.passwd = user, passwd
if not self.user:
return (s, None)
- return (s, (None, (str(self), self.host),
+ # authinfo[1] is passed to urllib2 password manager, and its URIs
+ # must not contain credentials.
+ return (s, (None, (s, self.host),
self.user, self.passwd or ''))
def isabs(self):
--- a/tests/test-hgweb-auth.py Thu Aug 04 19:41:23 2011 +0300
+++ b/tests/test-hgweb-auth.py Fri Aug 05 21:05:40 2011 +0200
@@ -1,4 +1,5 @@
from mercurial import demandimport; demandimport.enable()
+import urllib2
from mercurial import ui, util
from mercurial import url
from mercurial.error import Abort
@@ -95,3 +96,12 @@
'y.username': 'y',
'y.password': 'ypassword'},
urls=['http://y@example.org/foo/bar'])
+
+def testauthinfo(fullurl, authurl):
+ print 'URIs:', fullurl, authurl
+ pm = urllib2.HTTPPasswordMgrWithDefaultRealm()
+ pm.add_password(*util.url(fullurl).authinfo()[1])
+ print pm.find_user_password('test', authurl)
+
+print '\n*** Test urllib2 and util.url\n'
+testauthinfo('http://user@example.com:8080/foo', 'http://example.com:8080/foo')
--- a/tests/test-hgweb-auth.py.out Thu Aug 04 19:41:23 2011 +0300
+++ b/tests/test-hgweb-auth.py.out Fri Aug 05 21:05:40 2011 +0200
@@ -189,3 +189,8 @@
CFG: {x.password: xpassword, x.prefix: http://example.org/foo/bar, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y}
URI: http://y@example.org/foo/bar
('y', 'xpassword')
+
+*** Test urllib2 and util.url
+
+URIs: http://user@example.com:8080/foo http://example.com:8080/foo
+('user', '')