Commit 0088b620 authored by Senthil Kumaran's avatar Senthil Kumaran

Fix Issue #8797: Raise HTTPError on failed Basic Authentication immediately....

Fix Issue #8797: Raise HTTPError on failed Basic Authentication immediately. Initial patch by Sam Bull.
parent 52ed7550
import base64
import urlparse import urlparse
import urllib2 import urllib2
import BaseHTTPServer import BaseHTTPServer
...@@ -66,6 +67,46 @@ class LoopbackHttpServerThread(threading.Thread): ...@@ -66,6 +67,46 @@ class LoopbackHttpServerThread(threading.Thread):
# Authentication infrastructure # Authentication infrastructure
class BasicAuthHandler(BaseHTTPServer.BaseHTTPRequestHandler):
"""Handler for performing Basic Authentication."""
# Server side values
USER = "testUser"
PASSWD = "testPass"
REALM = "Test"
USER_PASSWD = "%s:%s" % (USER, PASSWD)
ENCODED_AUTH = base64.b64encode(USER_PASSWD)
def __init__(self, *args, **kwargs):
BaseHTTPServer.BaseHTTPRequestHandler.__init__(self, *args, **kwargs)
def log_message(self, format, *args):
# Supress the HTTP Console log output
pass
def do_HEAD(self):
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
def do_AUTHHEAD(self):
self.send_response(401)
self.send_header("WWW-Authenticate", "Basic realm=\"%s\"" % self.REALM)
self.send_header("Content-type", "text/html")
self.end_headers()
def do_GET(self):
if self.headers.getheader("Authorization") == None:
self.do_AUTHHEAD()
self.wfile.write("No Auth Header Received")
elif self.headers.getheader(
"Authorization") == "Basic " + self.ENCODED_AUTH:
self.wfile.write("It works!")
else:
# Unauthorized Request
self.do_AUTHHEAD()
class DigestAuthHandler: class DigestAuthHandler:
"""Handler for performing digest authentication.""" """Handler for performing digest authentication."""
...@@ -228,6 +269,45 @@ class BaseTestCase(unittest.TestCase): ...@@ -228,6 +269,45 @@ class BaseTestCase(unittest.TestCase):
test_support.threading_cleanup(*self._threads) test_support.threading_cleanup(*self._threads)
class BasicAuthTests(BaseTestCase):
USER = "testUser"
PASSWD = "testPass"
INCORRECT_PASSWD = "Incorrect"
REALM = "Test"
def setUp(self):
super(BasicAuthTests, self).setUp()
# With Basic Authentication
def http_server_with_basic_auth_handler(*args, **kwargs):
return BasicAuthHandler(*args, **kwargs)
self.server = LoopbackHttpServerThread(http_server_with_basic_auth_handler)
self.server_url = 'http://127.0.0.1:%s' % self.server.port
self.server.start()
self.server.ready.wait()
def tearDown(self):
self.server.stop()
super(BasicAuthTests, self).tearDown()
def test_basic_auth_success(self):
ah = urllib2.HTTPBasicAuthHandler()
ah.add_password(self.REALM, self.server_url, self.USER, self.PASSWD)
urllib2.install_opener(urllib2.build_opener(ah))
try:
self.assertTrue(urllib2.urlopen(self.server_url))
except urllib2.HTTPError:
self.fail("Basic Auth Failed for url: %s" % self.server_url)
except Exception as e:
raise e
def test_basic_auth_httperror(self):
ah = urllib2.HTTPBasicAuthHandler()
ah.add_password(self.REALM, self.server_url, self.USER,
self.INCORRECT_PASSWD)
urllib2.install_opener(urllib2.build_opener(ah))
self.assertRaises(urllib2.HTTPError, urllib2.urlopen, self.server_url)
class ProxyAuthTests(BaseTestCase): class ProxyAuthTests(BaseTestCase):
URL = "http://localhost" URL = "http://localhost"
...@@ -240,6 +320,7 @@ class ProxyAuthTests(BaseTestCase): ...@@ -240,6 +320,7 @@ class ProxyAuthTests(BaseTestCase):
self.digest_auth_handler = DigestAuthHandler() self.digest_auth_handler = DigestAuthHandler()
self.digest_auth_handler.set_users({self.USER: self.PASSWD}) self.digest_auth_handler.set_users({self.USER: self.PASSWD})
self.digest_auth_handler.set_realm(self.REALM) self.digest_auth_handler.set_realm(self.REALM)
# With Digest Authentication
def create_fake_proxy_handler(*args, **kwargs): def create_fake_proxy_handler(*args, **kwargs):
return FakeProxyHandler(self.digest_auth_handler, *args, **kwargs) return FakeProxyHandler(self.digest_auth_handler, *args, **kwargs)
...@@ -544,7 +625,7 @@ def test_main(): ...@@ -544,7 +625,7 @@ def test_main():
# the next line. # the next line.
#test_support.requires("network") #test_support.requires("network")
test_support.run_unittest(ProxyAuthTests, TestUrlopen) test_support.run_unittest(BasicAuthTests, ProxyAuthTests, TestUrlopen)
if __name__ == "__main__": if __name__ == "__main__":
test_main() test_main()
...@@ -843,10 +843,7 @@ class AbstractBasicAuthHandler: ...@@ -843,10 +843,7 @@ class AbstractBasicAuthHandler:
password_mgr = HTTPPasswordMgr() password_mgr = HTTPPasswordMgr()
self.passwd = password_mgr self.passwd = password_mgr
self.add_password = self.passwd.add_password self.add_password = self.passwd.add_password
self.retried = 0
def reset_retry_count(self):
self.retried = 0
def http_error_auth_reqed(self, authreq, host, req, headers): def http_error_auth_reqed(self, authreq, host, req, headers):
# host may be an authority (without userinfo) or a URL with an # host may be an authority (without userinfo) or a URL with an
...@@ -854,13 +851,6 @@ class AbstractBasicAuthHandler: ...@@ -854,13 +851,6 @@ class AbstractBasicAuthHandler:
# XXX could be multiple headers # XXX could be multiple headers
authreq = headers.get(authreq, None) authreq = headers.get(authreq, None)
if self.retried > 5:
# retry sending the username:password 5 times before failing.
raise HTTPError(req.get_full_url(), 401, "basic auth failed",
headers, None)
else:
self.retried += 1
if authreq: if authreq:
mo = AbstractBasicAuthHandler.rx.search(authreq) mo = AbstractBasicAuthHandler.rx.search(authreq)
if mo: if mo:
...@@ -869,17 +859,14 @@ class AbstractBasicAuthHandler: ...@@ -869,17 +859,14 @@ class AbstractBasicAuthHandler:
warnings.warn("Basic Auth Realm was unquoted", warnings.warn("Basic Auth Realm was unquoted",
UserWarning, 2) UserWarning, 2)
if scheme.lower() == 'basic': if scheme.lower() == 'basic':
response = self.retry_http_basic_auth(host, req, realm) return self.retry_http_basic_auth(host, req, realm)
if response and response.code != 401:
self.retried = 0
return response
def retry_http_basic_auth(self, host, req, realm): def retry_http_basic_auth(self, host, req, realm):
user, pw = self.passwd.find_user_password(realm, host) user, pw = self.passwd.find_user_password(realm, host)
if pw is not None: if pw is not None:
raw = "%s:%s" % (user, pw) raw = "%s:%s" % (user, pw)
auth = 'Basic %s' % base64.b64encode(raw).strip() auth = 'Basic %s' % base64.b64encode(raw).strip()
if req.headers.get(self.auth_header, None) == auth: if req.get_header(self.auth_header, None) == auth:
return None return None
req.add_unredirected_header(self.auth_header, auth) req.add_unredirected_header(self.auth_header, auth)
return self.parent.open(req, timeout=req.timeout) return self.parent.open(req, timeout=req.timeout)
...@@ -895,7 +882,6 @@ class HTTPBasicAuthHandler(AbstractBasicAuthHandler, BaseHandler): ...@@ -895,7 +882,6 @@ class HTTPBasicAuthHandler(AbstractBasicAuthHandler, BaseHandler):
url = req.get_full_url() url = req.get_full_url()
response = self.http_error_auth_reqed('www-authenticate', response = self.http_error_auth_reqed('www-authenticate',
url, req, headers) url, req, headers)
self.reset_retry_count()
return response return response
...@@ -911,7 +897,6 @@ class ProxyBasicAuthHandler(AbstractBasicAuthHandler, BaseHandler): ...@@ -911,7 +897,6 @@ class ProxyBasicAuthHandler(AbstractBasicAuthHandler, BaseHandler):
authority = req.get_host() authority = req.get_host()
response = self.http_error_auth_reqed('proxy-authenticate', response = self.http_error_auth_reqed('proxy-authenticate',
authority, req, headers) authority, req, headers)
self.reset_retry_count()
return response return response
......
...@@ -21,6 +21,9 @@ Library ...@@ -21,6 +21,9 @@ Library
- Issue #15696: Add a __sizeof__ implementation for mmap objects on Windows. - Issue #15696: Add a __sizeof__ implementation for mmap objects on Windows.
- Issue #8797: Raise HTTPError on failed Basic Authentication immediately.
Initial patch by Sam Bull.
- Issue #22068: Avoided reference loops with Variables and Fonts in Tkinter. - Issue #22068: Avoided reference loops with Variables and Fonts in Tkinter.
- Issue #21448: Changed FeedParser feed() to avoid O(N**2) behavior when - Issue #21448: Changed FeedParser feed() to avoid O(N**2) behavior when
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment