Issue12541 - Add UserWarning for unquoted realms

b0d85fd1 · Senthil Kumaran · 6a2a6c2e · b0d85fd1 · b0d85fd1
Commit b0d85fd1 authored May 15, 2012 by Senthil Kumaran
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 7 deletions

Lib/test/test_urllib2.py Lib/test/test_urllib2.py +9 -7

Lib/urllib2.py Lib/urllib2.py +4 -0

No files found.
--- a/Lib/test/test_urllib2.py
+++ b/Lib/test/test_urllib2.py
@@ -1106,8 +1106,8 @@ class HandlerTests(unittest.TestCase):
        self._test_basic_auth(opener, auth_handler, "Authorization",
                              realm, http_handler, password_manager,
                              "http://acme.example.com/protected",
-                              "http://acme.example.com/protected",
-                              )
+                              "http://acme.example.com/protected"
+                             )

    def test_basic_auth_with_single_quoted_realm(self):
        self.test_basic_auth(quote_char="'")
@@ -1121,11 +1121,13 @@ class HandlerTests(unittest.TestCase):
            401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm)
        opener.add_handler(auth_handler)
        opener.add_handler(http_handler)
-        self._test_basic_auth(opener, auth_handler, "Authorization",
-                              realm, http_handler, password_manager,
-                              "http://acme.example.com/protected",
-                              "http://acme.example.com/protected",
-                              )
+        msg = "Basic Auth Realm was unquoted"
+        with test_support.check_warnings((msg, UserWarning)):
+            self._test_basic_auth(opener, auth_handler, "Authorization",
+                                  realm, http_handler, password_manager,
+                                  "http://acme.example.com/protected",
+                                  "http://acme.example.com/protected"
+                                 )


    def test_proxy_basic_auth(self):

--- a/Lib/urllib2.py
+++ b/Lib/urllib2.py
@@ -102,6 +102,7 @@ import sys
 import time
 import urlparse
 import bisect
+import warnings

 try:
    from cStringIO import StringIO
@@ -861,6 +862,9 @@ class AbstractBasicAuthHandler:
            mo = AbstractBasicAuthHandler.rx.search(authreq)
            if mo:
                scheme, quote, realm = mo.groups()
+                if quote not in ['"', "'"]:
+                    warnings.warn("Basic Auth Realm was unquoted",
+                                  UserWarning, 2)
                if scheme.lower() == 'basic':
                    response = self.retry_http_basic_auth(host, req, realm)
                    if response and response.code != 401: