Issue 944110: urllib2 authentication mishandles empty pass bugfix 944082

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/40195

classification

Title:	urllib2 authentication mishandles empty pass bugfix 944082
Type:		Stage:
Components:	Library (Lib)	Versions:

process

Created on 2004-04-29 00:52 by yangir, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
urllib2.py.empty_pass_auth.patch	yangir, 2004-04-29 00:52	A patch

Messages (2)
msg45885 - (view)	Author: Jacek Trzmiel (yangir)	Date: 2004-04-29 00:52
If example.org requires authentication, then following code: host = 'example.org' user = 'testuser' password = '' url = 'http://%s/' % host authInfo = urllib2.HTTPPasswordMgrWithDefaultRealm() authInfo.add_password( None, host, user, password ) authHandler = urllib2.HTTPBasicAuthHandler( authInfo ) opener = urllib2.build_opener( authHandler ) urlFile = opener.open( url ) print urlFile.read() will die by throwing HTTPError 401: File "/usr/lib/python2.3/urllib2.py", line 419, in http_error_default raise HTTPError(req.get_full_url(), code, msg, hdrs, fp) urllib2.HTTPError: HTTP Error 401: Authorization Required even if authenticating with 'testuser' and empty password is valid. Empty password is mishandled (i.e. authentication with empty password string is ignored) in AbstractBasicAuthHandler.retry_http_basic_auth def retry_http_basic_auth(self, host, req, realm): user,pw = self.passwd.find_user_password(realm, host) if pw: [...] It can be fixed by changing: if pw: to if pw is not None: Patch attached.
msg45886 - (view)	Author: Martin v. Löwis (loewis) *	Date: 2004-05-06 01:42
Logged In: YES user_id=21627 Thanks for the patch. Applied as urllib2.py 1.53.6.5, 1.65 NEWS 1.831.4.103