mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-26 18:29:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Issue12541 - Add UserWarning for unquoted realms

Browse source
This commit is contained in:
Senthil Kumaran 2012-05-15 23:59:19 +08:00
parent 6a2a6c2ee3
commit b0d85fd1b5
2 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

16
Lib/test/test_urllib2.py
View file

@ -1106,8 +1106,8 @@ class HandlerTests(unittest.TestCase):
self._test_basic_auth(opener, auth_handler, "Authorization", self._test_basic_auth(opener, auth_handler, "Authorization",
realm, http_handler, password_manager, realm, http_handler, password_manager,
"http://acme.example.com/protected", "http://acme.example.com/protected",
"http://acme.example.com/protected", "http://acme.example.com/protected"
) )
def test_basic_auth_with_single_quoted_realm(self): def test_basic_auth_with_single_quoted_realm(self):
self.test_basic_auth(quote_char="'") self.test_basic_auth(quote_char="'")
@ -1121,11 +1121,13 @@ class HandlerTests(unittest.TestCase):
401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm) 401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm)
opener.add_handler(auth_handler) opener.add_handler(auth_handler)
opener.add_handler(http_handler) opener.add_handler(http_handler)
self._test_basic_auth(opener, auth_handler, "Authorization", msg = "Basic Auth Realm was unquoted"
realm, http_handler, password_manager, with test_support.check_warnings((msg, UserWarning)):
"http://acme.example.com/protected", self._test_basic_auth(opener, auth_handler, "Authorization",
"http://acme.example.com/protected", realm, http_handler, password_manager,
) "http://acme.example.com/protected",
"http://acme.example.com/protected"
)
def test_proxy_basic_auth(self): def test_proxy_basic_auth(self):

4
Lib/urllib2.py
View file

@ -102,6 +102,7 @@ import sys
import time import time
import urlparse import urlparse
import bisect import bisect
import warnings
try: try:
from cStringIO import StringIO from cStringIO import StringIO
@ -861,6 +862,9 @@ class AbstractBasicAuthHandler:
mo = AbstractBasicAuthHandler.rx.search(authreq) mo = AbstractBasicAuthHandler.rx.search(authreq)
if mo: if mo:
scheme, quote, realm = mo.groups() scheme, quote, realm = mo.groups()
if quote not in ['"', "'"]:
warnings.warn("Basic Auth Realm was unquoted",
UserWarning, 2)
if scheme.lower() == 'basic': if scheme.lower() == 'basic':
response = self.retry_http_basic_auth(host, req, realm) response = self.retry_http_basic_auth(host, req, realm)
if response and response.code != 401: if response and response.code != 401: