Message149915
Reproduction:
>>> import urllib
>>> urllib.urlopen("https://example.com/")
Enter username for Test Site at example.com: user
Enter password for user in Test Site at example.com: top secret
Enter username for Test Site at example.com:
# If the correct password contains spaces, nothing will be accepted.
The problem is that the password in basic auth is URI quoted and then base64 encoded. The password should not be quoted.
RFC 2617:
userid = *<TEXT excluding ":">
password = *TEXT
base64-user-pass = <base64 [4] encoding of user-pass,
except not limited to 76 char/line>
I traced the problem with Pydev to urllib retry_https_basic_auth where I can see that
user = "user"
passwd = "my secret password"
After that, the path is like this:
self.retry_https_basic_auth:
self.open(fullurl="https://user:my%20%secret%20password@example.com/")
self.open_https(url="://user:my%20%secret%20password@example.com/")
=> in open_https:
host, selector = splithost(url)
user_passwd, host = splituser(host)
host = unquote(host)
user_passwd is not unquoted, host is.
I found closely related Issue2244 - but did not confirm where this bug has been introduced. I added some people from 2244 to this issue. I hope that is ok.
I think a test should be added that covers usernames and passwords with spaces to avoid further regressions. The reproduction code given works with Python 2.4.3 urllib. This probably also affects python3, did not try. |
|
Date |
User |
Action |
Args |
2011-12-20 15:03:45 | joneskoo | set | recipients:
+ joneskoo, orsenthil, carljm |
2011-12-20 15:03:45 | joneskoo | set | messageid: <1324393425.24.0.243026081887.issue13642@psf.upfronthosting.co.za> |
2011-12-20 15:02:45 | joneskoo | link | issue13642 messages |
2011-12-20 15:02:44 | joneskoo | create | |
|