Mercurial > hg
changeset 45759:ff48eea4a926 stable
url: do not continue HTTP authentication with user=None (issue6425)
I initially thought this is a py3-compat bug of passwordmgr._writedebug(),
but actually returning (None, str) pair is wrong at all. HTTP authentication
would continue with user="None" in that case.
Since registering a password of user=None should also be wrong, this patch
simply adds early return.
author | Yuya Nishihara <yuya@tcha.org> |
---|---|
date | Fri, 23 Oct 2020 20:33:36 +0900 |
parents | 14ac6a74e7e7 |
children | e0ad11ab8052 |
files | mercurial/url.py tests/test-http.t |
diffstat | 2 files changed, 38 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/url.py Fri Oct 23 20:10:17 2020 +0900 +++ b/mercurial/url.py Fri Oct 23 20:33:36 2020 +0900 @@ -96,6 +96,13 @@ if not passwd: passwd = self.ui.getpass() + # As of Python 3.8, the default implementation of + # AbstractBasicAuthHandler.retry_http_basic_auth() assumes the user + # is set if pw is not None. This means (None, str) is not a valid + # return type of find_user_password(). + if user is None: + return None, None + self.passwddb.add_password(realm, authuri, user, passwd) self._writedebug(user, passwd) return (pycompat.strurl(user), pycompat.strurl(passwd))
--- a/tests/test-http.t Fri Oct 23 20:10:17 2020 +0900 +++ b/tests/test-http.t Fri Oct 23 20:33:36 2020 +0900 @@ -192,6 +192,34 @@ $ hg id http://localhost:$HGPORT2/ abort: http authorization required for http://localhost:$HGPORT2/ [255] + $ hg id --config ui.interactive=true --debug http://localhost:$HGPORT2/ + using http://localhost:$HGPORT2/ + sending capabilities command + http authorization required for http://localhost:$HGPORT2/ + realm: mercurial + user: abort: response expected + [255] + $ cat <<'EOF' | hg id --config ui.interactive=true --config ui.nontty=true --debug http://localhost:$HGPORT2/ + > + > EOF + using http://localhost:$HGPORT2/ + sending capabilities command + http authorization required for http://localhost:$HGPORT2/ + realm: mercurial + user: + password: abort: response expected + [255] + $ cat <<'EOF' | hg id --config ui.interactive=true --config ui.nontty=true --debug http://localhost:$HGPORT2/ + > + > + > EOF + using http://localhost:$HGPORT2/ + sending capabilities command + http authorization required for http://localhost:$HGPORT2/ + realm: mercurial + user: + password: abort: authorization failed + [255] $ hg id --config ui.interactive=true --config extensions.getpass=get_pass.py http://user@localhost:$HGPORT2/ http authorization required for http://localhost:$HGPORT2/ realm: mercurial @@ -360,6 +388,9 @@ "GET /?cmd=capabilities HTTP/1.1" 401 - "GET /?cmd=capabilities HTTP/1.1" 401 - "GET /?cmd=capabilities HTTP/1.1" 401 - + "GET /?cmd=capabilities HTTP/1.1" 401 - + "GET /?cmd=capabilities HTTP/1.1" 401 - + "GET /?cmd=capabilities HTTP/1.1" 401 - "GET /?cmd=capabilities HTTP/1.1" 200 - "GET /?cmd=lookup HTTP/1.1" 200 - x-hgarg-1:key=tip x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ partial-pull "GET /?cmd=listkeys HTTP/1.1" 200 - x-hgarg-1:namespace=namespaces x-hgproto-1:0.1 0.2 comp=$USUAL_COMPRESSIONS$ partial-pull