changeset 45759:ff48eea4a926 stable

url: do not continue HTTP authentication with user=None (issue6425) I initially thought this is a py3-compat bug of passwordmgr._writedebug(), but actually returning (None, str) pair is wrong at all. HTTP authentication would continue with user="None" in that case. Since registering a password of user=None should also be wrong, this patch simply adds early return.
author Yuya Nishihara <yuya@tcha.org>
date Fri, 23 Oct 2020 20:33:36 +0900
parents 14ac6a74e7e7
children e0ad11ab8052
files mercurial/url.py tests/test-http.t
diffstat 2 files changed, 38 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/url.py	Fri Oct 23 20:10:17 2020 +0900
+++ b/mercurial/url.py	Fri Oct 23 20:33:36 2020 +0900
@@ -96,6 +96,13 @@
             if not passwd:
                 passwd = self.ui.getpass()
 
+        # As of Python 3.8, the default implementation of
+        # AbstractBasicAuthHandler.retry_http_basic_auth() assumes the user
+        # is set if pw is not None. This means (None, str) is not a valid
+        # return type of find_user_password().
+        if user is None:
+            return None, None
+
         self.passwddb.add_password(realm, authuri, user, passwd)
         self._writedebug(user, passwd)
         return (pycompat.strurl(user), pycompat.strurl(passwd))
--- a/tests/test-http.t	Fri Oct 23 20:10:17 2020 +0900
+++ b/tests/test-http.t	Fri Oct 23 20:33:36 2020 +0900
@@ -192,6 +192,34 @@
   $ hg id http://localhost:$HGPORT2/
   abort: http authorization required for http://localhost:$HGPORT2/
   [255]
+  $ hg id --config ui.interactive=true --debug http://localhost:$HGPORT2/
+  using http://localhost:$HGPORT2/
+  sending capabilities command
+  http authorization required for http://localhost:$HGPORT2/
+  realm: mercurial
+  user: abort: response expected
+  [255]
+  $ cat <<'EOF' | hg id --config ui.interactive=true --config ui.nontty=true --debug http://localhost:$HGPORT2/
+  > 
+  > EOF
+  using http://localhost:$HGPORT2/
+  sending capabilities command
+  http authorization required for http://localhost:$HGPORT2/
+  realm: mercurial
+  user: 
+  password: abort: response expected
+  [255]
+  $ cat <<'EOF' | hg id --config ui.interactive=true --config ui.nontty=true --debug http://localhost:$HGPORT2/
+  > 
+  > 
+  > EOF
+  using http://localhost:$HGPORT2/
+  sending capabilities command
+  http authorization required for http://localhost:$HGPORT2/
+  realm: mercurial
+  user: 
+  password: abort: authorization failed
+  [255]
   $ hg id --config ui.interactive=true --config extensions.getpass=get_pass.py http://user@localhost:$HGPORT2/
   http authorization required for http://localhost:$HGPORT2/
   realm: mercurial
@@ -360,6 +388,9 @@
   "GET /?cmd=capabilities HTTP/1.1" 401 -
   "GET /?cmd=capabilities HTTP/1.1" 401 -
   "GET /?cmd=capabilities HTTP/1.1" 401 -
+  "GET /?cmd=capabilities HTTP/1.1" 401 -
+  "GET /?cmd=capabilities HTTP/1.1" 401 -
+  "GET /?cmd=capabilities HTTP/1.1" 401 -
   "GET /?cmd=capabilities HTTP/1.1" 200 -
   "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ partial-pull
   "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ partial-pull