This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: urllib2 ProxyBasicAuthHandler broken
Type: Stage:
Components: Library (Lib) Versions:
process
Status: closed Resolution: accepted
Dependencies: Superseder:
Assigned To: Nosy List: georg.brandl, jjlee
Priority: normal Keywords: patch

Created on 2006-04-15 14:22 by jjlee, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
proxy_path.patch jjlee, 2006-04-15 14:22
proxy_path_2.patch jjlee, 2006-04-15 17:59
Messages (3)
msg50014 - (view) Author: John J Lee (jjlee) Date: 2006-04-15 14:22 
urllib2.ProxyBasicAuthHandler has been broken since
revision 38092 back in December 2004 (unlike the
alternative, using a userinfo URL component in the
string passed to ProxyHandler, e.g.
"joe:password@example.com", which works fine ATM).

There are two problems: First, with a proxy, you're
always authenticating yourself for the whole proxy, not
just for a specific path.  Second, you're
authenticating yourself to the proxy, not to the HTTP
server.  The ProxyBasicAuthHandler subclass dutifully
passes in the right thing for the host argument, but
AbstractBasicAuthHandler ignores it, which means that
it never finds the password -- e.g. if you're trying to
connect to http://python.org/dev through myproxy.com,
it'll be looking for a username/password for
http://python.org/dev instead of the needed myproxy.com.

Since fixing this entails the host argument to
http_error_auth_reqed no longer being ignored,
HTTPBasicAuthHandler must now pass the full URL, which
means AbstractBasicAuthHandler must accept either an
authority or a URL.  ProxyBasicAuthHandler could also
supply a full URL like "http://proxy.example.com/", but
the 'host' argument prior to December 2004 was not
ignored, and accepted a hostname (!), so we should keep
that working rather than insisting on a full URL.  I
also documented this behaviour.

The patch fixes the bug, adds several new tests, and
updates and fixes mis-named method documentation for
http_error_auth_reqed, and a typo in the examples.

Note one of the tests in the attached patch relies on a
currently non-existent URL at python.org requiring
basic authorization (not *proxy* basic auth in this
test, just basic auth).  So I guess the code in the
test_urllib2net.py patch hunk has to be commented out
or something until somebody adds the necessary few
lines of Apache config.

Would also be nice to add a functional test for Proxy
auth itself.  I'm sure python.org doesn't want to be
the world's proxy, but something could be configured
that does the basic auth dance then responds with 403.
 What would be most suitable: something like
SimpleHTTPServer sitting behind Apache, some mod_python
magic...??
msg50015 - (view) Author: John J Lee (jjlee) Date: 2006-04-15 17:59 
Logged In: YES 
user_id=261020

I should have mentioned in my initial comment that this
patch also fixes bug 900898 (an HTTPPasswordMgr bug that
arises when an authority with a port is passed to
.find_user_password()).  The patch includes tests for this
issue, but I've just added a couple more: patch
"proxy_path_2.patch" includes those new tests and supercedes
"proxy_path.patch".
msg50016 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2006-04-30 07:06 
Logged In: YES 
user_id=849994

Applied patch as rev. 45815.
History
Date User Action Args
2022-04-11 14:56:16adminsetgithub: 43218
2006-04-15 14:22:28jjleecreate