This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: urllib2 bug in proxy auth
Type: Stage:
Components: Library (Lib) Versions: Python 2.4
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: georg.brandl Nosy List: georg.brandl, georg.brandl, mussenbrock, paul.moore, pietervd
Priority: high Keywords:

Created on 2004-08-26 07:14 by mussenbrock, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Messages (4)
msg22220 - (view) Author: Christoph Mussenbrock (mussenbrock) Date: 2004-08-26 07:14 
in urllib2.py:

line 502 should be:
... user_pass = base64.encodestring('%s:%s' % (unquote
(user), unquote(password))).strip()

the '.strip()' is missing in the current version ("2.1").

this makes an additonal '\n' at the end of user_pass.
So there will be an empty line in the http header, which 
is buggy.

(see also line 645, where the .strip() is right in place!).

Best regards,

Christoph
msg22221 - (view) Author: Paul Moore (paul.moore) * (Python committer) Date: 2005-01-29 21:50 
Logged In: YES 
user_id=113328

The change was introduced by revision 1.32 of the file, from
patch 527518. There's no mention of removing strip() there,
so I suspect it was an accident.

The strip() is still missing in CVS HEAD. I can see the
problem, in theory (base64.encodestring returns a string
with a terminating newline). However, I cannot reproduce the
problem.

Can the original poster provide a means of verifying the
problem? It may be useful as a test case.

Regardless, the change seems harmless, and can probably be
applied. I attach a patch against CVS HEAD:

--- urllib2.py.orig	2005-01-09 05:51:49.000000000 +0000
+++ urllib2.py	2005-01-29 21:31:49.000000000 +0000
@@ -582,7 +582,8 @@
             if ':' in user_pass:
                 user, password = user_pass.split(':', 1)
                 user_pass = base64.encodestring('%s:%s' %
(unquote(user),
-                                                          
unquote(password)))
+                                                          
unquote(password))
+							   ).strip()
                 req.add_header('Proxy-authorization',
'Basic ' + user_pass)
         host = unquote(host)
         req.set_proxy(host, type)
msg22222 - (view) Author: Pieter Van Dyck (pietervd) Date: 2005-06-14 15:39 
Logged In: YES 
user_id=1240437

I've run into the same bug so allow me to comment.

client environment: windows XP
target: Apache/1.3.33 (Unix)

checked on: python 2.3.4, 2.3.5, 2.4.1

To reproduce:

# from urllib2 import ...
proxy = {"http":"http://user:pwd@proxy:port"}
opener =build_opener(ProxyHandler(proxy))
install_opener( opener )

req = Request(coolurl)
# construct 
base64string = base64.encodestring('%s:%s' % (site_user,
site_pwd))[:-1]
authheader =  "Basic %s" % base64string
req.add_header("Authorization", authheader)
urlopen( req )

Symptoms: authentication failed on coolurl (HTTPError 401)
Fix: Applying the patch solves the problem for me

It appears as if the receiving server treats the empty line
as the end of the header even though it strictly shouldn't.

HTH
Pieter
msg22223 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2005-08-24 20:33 
Logged In: YES 
user_id=1188172

Thanks for the report, committed as Lib/urllib2.py r1.85,
r1.77.2.2.
History
Date User Action Args
2022-04-11 14:56:06adminsetgithub: 40826
2004-08-26 07:14:26mussenbrockcreate