[MERGE] [bug #256612] Don't require "user@" in HTTP(S) URLs that need auth

Marius Kruger amanic at gmail.com
Wed Dec 17 21:20:38 GMT 2008 

Hi,

first off, thanks for submitting this. About 2 seconds after I hit this bug,
I read your mail. good timing.

* you should put your name in the NEWS, so that everybody can see
  who fixed/broke it :)  (see the other news entries)

* there is about 8 test failures which should be fixed eg.
FAIL:
test_http.TestAuth.test_no_user(urllib,HTTP/1.0,basic)

    not
equal:

a =
1

b = 2

* why did you remove the part that obtains the user name from the request?

>          if user is None:
> -            user = auth.get_user(auth['protocol'], auth['host'],
> +            user = auth_conf.get_user(auth['protocol'], auth['host'],
>                                   port=auth['port'], path=auth['path'],
>                                   realm=realm)
>

I think it should rather be like:

         if user is None:
              user = auth.get_user(auth['protocol'], auth['host'],
+            user = auth_conf.get_user(auth['protocol'], auth['host'],
                                  port=auth['port'], path=auth['path'],
                                  realm=realm)
if user is None:

BB:resubmit


> On Wed, 17 Dec 2008 10:05:46 -0800, Ben Jansen <aogail at w007.org> wrote:
> > This is my first bzr patch, so please let me know if I've missed any
> > required items.
> >
> > Right now, to use HTTP auth with bzr, you have to include at least a
> > username in the URL you want to work with. This patch removes that
> > restriction.
> >
> > This patch modifies AbstractAuthHandler so that, if bzr receives an HTTP
> > 401 response from the server, it will look for *both* a username and
> > password in the authentication config. If it does not find a username, it
> > defaults to the local username. If it does not find a password, it
> prompts
> > the user. (The password behavior is unchanged.)
> >
> > The code for doing this was mostly already present, but
> > AbstractAuthHandler's auth_required() method had a condition in it that
> > simply blocked any authentication attempt unless the user was already
> > present in the request. That meant you had to pass it in the URL, e.g.,
> > "http://user@domain/path".
> >
> > I'm marking this as fixing bug #256612, although the behavior is not
> > svn-specific. In addition to testing against a bzr smart server over
> HTTP,
> > I tested bzr with my patch against an svn-dav server, and it correctly
> > prompts there, too.
> >
> > Thanks,
> > Ben Jansen
>



-- 
<| regards
U| Marius
H| <><
Z| http://amanica.blogspot.com/
<|
E| http://bazaar-vcs.org/
<| because I don't trust version control systems with less than 13810 unit
tests
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/bazaar/attachments/20081217/7f3401ed/attachment-0001.htm

More information about the bazaar mailing list