Joonas Kuorilehto jones...@derbian.fi added the comment:
Also adding a patch that may be enough to fix the problem in python3.2. Review
needed, did not test more than passing the previously failed unit test.
--
Added file:
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 80e3b8de4edd by Senthil Kumaran in branch '3.2':
Fix Issue #13642: Unquote before b64encoding user:password during Basic
Authentication.
http://hg.python.org/cpython/rev/80e3b8de4edd
New changeset 4b4029fc8cf2 by
Senthil Kumaran sent...@uthcode.com added the comment:
Here we go! I thought the problem did not exist in py3k, but good that the
tests caught them and we have a fix now.
Thanks for the complete patch, Joonas. I hope it was easy to port the patch to
3k. The encoding part may perhaps be the
Joonas Kuorilehto jones...@derbian.fi added the comment:
Updating the issue with version 3.2 tag since it was fixed there as well. Still
fixed, of course.
You are correct that the encodings can be tricky. Luckily I only added coding
to tests. But you're right, I would consider very carefully
Joonas Kuorilehto jones...@derbian.fi added the comment:
Senthil, I ported the tests to 3.2. The quoting problem seems to be the same in
3.2 and the new test fails. I don't know how the password managers handle the
usernames and passwords in python3 urllib so I did not look at that.
Could you
Michele Orrù maker...@gmail.com added the comment:
Whoops, probably I tested using $ python instead of $ ./python.exe -
Attaching two patches, one keeps using map(), but definitely changes unquote()
behavior; the other simply asserts user_passwd exists before using unquote().
Well, concerning
Changes by Michele Orrù maker...@gmail.com:
Removed file: http://bugs.python.org/file24186/issue13642.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13642
___
Changes by Michele Orrù maker...@gmail.com:
Added file: http://bugs.python.org/file24192/issue13642_with_map.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13642
___
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 01ef13e9e225 by Senthil Kumaran in branch '2.7':
- Issue #13642: Unquote before b64encoding user:password during Basic
http://hg.python.org/cpython/rev/01ef13e9e225
--
nosy: +python-dev
Senthil Kumaran sent...@uthcode.com added the comment:
Joonas and Michele - The fix along with the tests is in for 2.7 line. W.r.t to
tests having it in the class level buf seems to be only easy way, for other it
seemed to be that FakeSocket and FakeConnection stuff need some major change
Michele Orrù maker...@gmail.com added the comment:
Patch attached. Note that now unquote is called with host using map(), and b64
encoded strings are no more hardcoded. Please tell me if those changes are
acceptable - anyway they don't break any other unit tests.
--
nosy:
Joonas Kuorilehto jones...@derbian.fi added the comment:
Michele, in your patch:
+authorization = (Authorization: Basic %s\r\n %
+ b64encode('a%20b:c%20d'))
This is wrong. See the original report by me and RFC 2617. The username and
password MUST NOT be
Michele Orrù maker...@gmail.com added the comment:
There's no need to port your patch over python3k, since urllib behaves
differently with http passwords - as you can see in the doc
http://docs.python.org/dev/py3k/library/urllib.request.html#examples
I would be glad to finish your password
Senthil Kumaran sent...@uthcode.com added the comment:
Some review comments. Instead of doing the inline unquote like this -
-auth = base64.b64encode(user_passwd).strip()
+auth = base64.b64encode(unquote(user_passwd)).strip()
It is better to do the explicitly above the
Joonas Kuorilehto jones...@derbian.fi added the comment:
It is better to do the explicitly above the b64 encoding step.
Just as host has been unquoted.
user_passwd, host = splituser(host)
host = unquote(host)
Ok. So it needs to be done on the line
Joonas Kuorilehto oh8...@gmail.com added the comment:
Regarding unittests instead, there is already a method called
test_userpass_inurl which could be extended with some tests on a
password containing spaces ( Lib/test/test_urllib.py:263). But what
I haven't yet understood is: does it really
Joonas Kuorilehto jones...@derbian.fi added the comment:
Updated patch for 2.7 hg tip attached. Please review, test and if ok, port to
3.x.
I guess the URL needs to be quoted so commented out the assertion for the URL
being equal. I added unquote in the base64 encoding of the password, which
Michele Orrù maker...@gmail.com added the comment:
Joonas, this issue seems easy to solve. Do you want to try to post a
patch?. Extra credits for patching testsuite too :).
As far as I see, it would be sufficient to add unquote(passed) to
_open_generic_http. Regarding unittests instead,
Jesús Cea Avión j...@jcea.es added the comment:
Joonas, this issue seems easy to solve. Do you want to try to post a patch?.
Extra credits for patching testsuite too :).
If you work in 2.7, I promise to up-port the patch to 3.x.
--
nosy: +jcea
___
New submission from Joonas Kuorilehto oh8...@gmail.com:
Reproduction:
import urllib
urllib.urlopen(https://example.com/;)
Enter username for Test Site at example.com: user
Enter password for user in Test Site at example.com: top secret
Enter username for Test Site at example.com:
# If the
20 matches
Mail list logo
