urllib2 authentication manager retries forever if password is wrong #53140

Jurjen · 2010-06-04T07:10:27Z

BPO	8894
Nosy	@orsenthil
Files	circumvent.py: sample code

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/orsenthil'
closed_at = <Date 2010-06-04.07:38:17.448>
created_at = <Date 2010-06-04.07:10:26.788>
labels = ['type-bug', 'library']
title = 'urllib2 authentication manager retries forever if password is wrong'
updated_at = <Date 2010-06-04.07:38:17.447>
user = 'https://bugs.python.org/Jurjen'

bugs.python.org fields:

activity = <Date 2010-06-04.07:38:17.447>
actor = 'orsenthil'
assignee = 'orsenthil'
closed = True
closed_date = <Date 2010-06-04.07:38:17.448>
closer = 'orsenthil'
components = ['Library (Lib)']
creation = <Date 2010-06-04.07:10:26.788>
creator = 'Jurjen'
dependencies = []
files = ['17545']
hgrepos = []
issue_num = 8894
keywords = []
message_count = 5.0
messages = ['107009', '107010', '107011', '107013', '107014']
nosy_count = 2.0
nosy_names = ['orsenthil', 'Jurjen']
pr_nums = []
priority = 'normal'
resolution = 'duplicate'
stage = None
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue8894'
versions = ['Python 2.6']

Jurjen · 2010-06-04T07:10:24Z

If you use an authentication manager from urllib2, it will submit user code and password if authentication fails.
However, if the password is wrong, the authentication manager will happily try again, again with the same password.
A simple way to circumvent this is attached: it modifies the password manager's behaviour to submit each password only once.
One problem I see is in cases where a program needs to log in multiple times in the same site: I propose an extra call to the password manager to reset the "visited" flag.

More details and sample code are in the file.

orsenthil · 2010-06-04T07:19:53Z

There was a fix made in bpo-8797, which adopts a retry approach before failing for wrong password. This is present for Basic Auth and Digest Auth, so the problem wont be faced. Jurjen, do you have any comments before I mark this as Invalid. I see you have adopted a different approach for the patch, but the result would be same (no infinite retries)

Jurjen · 2010-06-04T07:29:55Z

Yep you're right. In that thread they are talking about the exact same problem as I was having. Obviously, I didn't find that one when I was looking for the problem in the database before I posted this.
I do have my doubts about the 5 retries they propose though, I am not sure that the web site I use will not block the account if someone does 5 attempts.

Jurjen

orsenthil · 2010-06-04T07:36:49Z

Okay, so there is another negative vote 5 retries in the basic auth.
But yeah, this bug can be marked duplicate.

orsenthil · 2010-06-04T07:38:17Z

Duplicate of bpo-8797

Jurjen mannequin added stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error labels Jun 4, 2010

orsenthil self-assigned this Jun 4, 2010

orsenthil closed this as completed Jun 4, 2010

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

urllib2 authentication manager retries forever if password is wrong #53140

urllib2 authentication manager retries forever if password is wrong #53140

Jurjen mannequin commented Jun 4, 2010

Jurjen mannequin commented Jun 4, 2010

orsenthil commented Jun 4, 2010

Jurjen mannequin commented Jun 4, 2010

orsenthil commented Jun 4, 2010

orsenthil commented Jun 4, 2010

urllib2 authentication manager retries forever if password is wrong #53140

urllib2 authentication manager retries forever if password is wrong #53140

Comments

Jurjen mannequin commented Jun 4, 2010

Jurjen mannequin commented Jun 4, 2010

orsenthil commented Jun 4, 2010

Jurjen mannequin commented Jun 4, 2010

orsenthil commented Jun 4, 2010

orsenthil commented Jun 4, 2010