Issue12541 - Add UserWarning for unquoted realms

Lib/test/test_urllib2.py

@@ -1106,7 +1106,7 @@ class HandlerTests(unittest.TestCase):
         self._test_basic_auth(opener, auth_handler, "Authorization",
                               realm, http_handler, password_manager,
                               "http://acme.example.com/protected",
-                              "http://acme.example.com/protected",
+                              "http://acme.example.com/protected"
                              )
 
     def test_basic_auth_with_single_quoted_realm(self):
@@ -1121,10 +1121,12 @@ class HandlerTests(unittest.TestCase):
             401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm)
         opener.add_handler(auth_handler)
         opener.add_handler(http_handler)
+        msg = "Basic Auth Realm was unquoted"
+        with test_support.check_warnings((msg, UserWarning)):
             self._test_basic_auth(opener, auth_handler, "Authorization",
                                   realm, http_handler, password_manager,
                                   "http://acme.example.com/protected",
-                              "http://acme.example.com/protected",
+                                  "http://acme.example.com/protected"
                                  )
 
 

Lib/urllib2.py

@@ -102,6 +102,7 @@ import sys
 import time
 import urlparse
 import bisect
+import warnings
 
 try:
     from cStringIO import StringIO
@@ -861,6 +862,9 @@ class AbstractBasicAuthHandler:
             mo = AbstractBasicAuthHandler.rx.search(authreq)
             if mo:
                 scheme, quote, realm = mo.groups()
+                if quote not in ['"', "'"]:
+                    warnings.warn("Basic Auth Realm was unquoted",
+                                  UserWarning, 2)
                 if scheme.lower() == 'basic':
                     response = self.retry_http_basic_auth(host, req, realm)
                     if response and response.code != 401: