Commit b26fe2f3 authored by Senthil Kumaran's avatar Senthil Kumaran

merge from 3.2 - Issue #12541: Be lenient with quotes around Realm field of...

merge from 3.2 - Issue #12541: Be lenient with quotes around Realm field of HTTP Basic Authentation in urllib2.
parents 0fb41b56 34f3fcc2
...@@ -1252,6 +1252,21 @@ class HandlerTests(unittest.TestCase): ...@@ -1252,6 +1252,21 @@ class HandlerTests(unittest.TestCase):
def test_basic_auth_with_single_quoted_realm(self): def test_basic_auth_with_single_quoted_realm(self):
self.test_basic_auth(quote_char="'") self.test_basic_auth(quote_char="'")
def test_basic_auth_with_unquoted_realm(self):
opener = OpenerDirector()
password_manager = MockPasswordManager()
auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager)
realm = "ACME Widget Store"
http_handler = MockHTTPHandler(
401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm)
opener.add_handler(auth_handler)
opener.add_handler(http_handler)
self._test_basic_auth(opener, auth_handler, "Authorization",
realm, http_handler, password_manager,
"http://acme.example.com/protected",
"http://acme.example.com/protected",
)
def test_proxy_basic_auth(self): def test_proxy_basic_auth(self):
opener = OpenerDirector() opener = OpenerDirector()
ph = urllib.request.ProxyHandler(dict(http="proxy.example.com:3128")) ph = urllib.request.ProxyHandler(dict(http="proxy.example.com:3128"))
......
...@@ -895,7 +895,7 @@ class AbstractBasicAuthHandler: ...@@ -895,7 +895,7 @@ class AbstractBasicAuthHandler:
# allow for double- and single-quoted realm values # allow for double- and single-quoted realm values
# (single quotes are a violation of the RFC, but appear in the wild) # (single quotes are a violation of the RFC, but appear in the wild)
rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+' rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+'
'realm=(["\'])(.*?)\\2', re.I) 'realm=(["\']?)([^"\']*)\\2', re.I)
# XXX could pre-emptively send auth info already accepted (RFC 2617, # XXX could pre-emptively send auth info already accepted (RFC 2617,
# end of section 2, and section 1.2 immediately after "credentials" # end of section 2, and section 1.2 immediately after "credentials"
......
...@@ -31,6 +31,9 @@ Core and Builtins ...@@ -31,6 +31,9 @@ Core and Builtins
Library Library
------- -------
- Issue #12541: Be lenient with quotes around Realm field of HTTP Basic
Authentation in urllib2.
- Issue 14807: move undocumented tarfile.filemode() to stat.filemode() and add - Issue 14807: move undocumented tarfile.filemode() to stat.filemode() and add
doc entry. Add tarfile.filemode alias with deprecation warning. doc entry. Add tarfile.filemode alias with deprecation warning.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment