➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2004-02-20 06:51 by jk7, last changed 2022-04-11 14:56 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| urllib2_bug.py | jk7, 2004-02-20 14:39 | Explanation of the bug, and proposed fix. | ||
| authbugsample.py | jk7, 2004-02-20 21:25 | |||
| Messages (6) | |||
|---|---|---|---|
| msg20066 - (view) | Author: James Kruth (jk7) | Date: 2004-02-20 06:51 | |
If the Request object being used returns a URI with a port included (e.g. http://www.mysite.com:7777/index.html) If Request.get_full_url() or Request.get_host() returns a URI or host with a port included (e.g. http://www.mysite.com:7777/index.html or www.mysite.com:7777, respectively), and authentication (proxy or http, basic only) is required, then the respective AuthHandlers (HTTPBasicAuthHandler, ProxyBasicAuthHandler) end up calling http_error_auth_reqed with a host looking like "www.mysite.com:7777". http_error_auth_reqed then precedes to call retry_http_basic_auth with the same host parameter, which in turn calls HTTPPasswordMgr.find_user_password. The problem is that find_user_password appears to expect a full URI, and attempts to reduce it to just a host, by calling reduce_uri. If a bare host with a port is passed (like "www.mysite.com:7777"), then reduce_uri returns just the port number in the netloc position - which find_user_password then attempts to compare against the correct host name you've stored in your HTTPPasswordMgr object along with your user name and password. I believe either find_user_password should not reduce the host, or the Auth Handler objects should pass full hostnames to find_user_password. |
|||
| msg20067 - (view) | Author: James Kruth (jk7) | Date: 2004-02-20 14:39 | |
Logged In: YES user_id=979977 I've made up a file with some source code and comments that will hopefully clarify what I posted. I will post an example of the problem a bit later today. |
|||
| msg20068 - (view) | Author: James Kruth (jk7) | Date: 2004-02-20 21:25 | |
Logged In: YES user_id=979977 Here's a sample of the problem... |
|||
| msg20069 - (view) | Author: Brad Clements (bkc) | Date: 2004-04-06 19:58 | |
Logged In: YES
user_id=4631
I ran into this problem today with Python 2.3.3 on RedHat 9.
I'm using port numbers in my URLs, and I found that the Auth
Handler did NOT correctly find the userid and password
registered.
ie:
authinfo = urllib2.HTTPPasswordMgrWithDefaultRealm()
authinfo.add_password(None, host, userid, password)
authHandler = urllib2.HTTPBasicAuthHandler(authinfo)
opener = urllib2.build_opener(authHandler)
where host = "http://localhost:7993"
I've tested the proposed fix shown in urllib2_bug.py at line 31,
to whit, this:
class HTTPBasicAuthHandlerF(AbstractBasicAuthHandler,
BaseHandler):
auth_header = 'Authorization'
def http_error_401(self, req, fp, code, msg, headers):
host = req.get_full_url()
return self.http_error_auth_reqed('www-authenticate',
host, req, headers)
This appears to have corrected the problem.
test_urllib2.py and test_urllib.py both pass after making
this change. I did not test the ProxyBasicAuthHandler change
(I don't have a proxy)
|
|||
| msg20070 - (view) | Author: John J Lee (jjlee) | Date: 2006-04-15 17:59 | |
Logged In: YES user_id=261020 This is fixed by patch 1470846, which includes tests and doc fix / update (though I neglected to mention that the patch fixes this problem in the initial patch comment; I'll rectify that now). |
|||
| msg20071 - (view) | Author: Georg Brandl (georg.brandl) *  |
Date: 2006-04-30 08:22 | |
Logged In: YES user_id=849994 Fixed with commit of patch 1470846. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:56:02 | admin | set | github: 39958 |
| 2004-02-20 06:51:04 | jk7 | create | |