[MERGE] [bug #256612] Don't require "user@" in HTTP(S) URLs that need auth

Vincent Ladeuil v.ladeuil+lp at free.fr
Thu Dec 18 07:30:04 GMT 2008 

>>>>> "Ben" == Ben Jansen <aogail at w007.org> writes:

    Ben> This is my first bzr patch, so please let me know if
    Ben> I've missed any required items.

You didn't try to run 'bzr selftest' :-)

    Ben> Right now, to use HTTP auth with bzr, you have to
    Ben> include at least a username in the URL you want to work
    Ben> with. This patch removes that restriction.

    Ben> This patch modifies AbstractAuthHandler so that, if bzr
    Ben> receives an HTTP 401 response from the server, it will
    Ben> look for *both* a username and password in the
    Ben> authentication config.

Good catch.

    Ben> If it does not find a username, it defaults to the local
    Ben> username. If it does not find a password, it prompts the
    Ben> user. (The password behavior is unchanged.)

    Ben> The code for doing this was mostly already present, but
    Ben> AbstractAuthHandler's auth_required() method had a
    Ben> condition in it that simply blocked any authentication
    Ben> attempt unless the user was already present in the
    Ben> request. That meant you had to pass it in the URL, e.g.,
    Ben> "http://user@domain/path".

    Ben> I'm marking this as fixing bug #256612, although the
    Ben> behavior is not svn-specific.

bug #256612 and its dupes is larger than just finding a user via
authentication.conf but your patch is a step in the right direction.

The missing parts are:

- prompting for a *user*

- add an 'svn' credential store and plug it into the
  authentication.conf machinery so that bzr can use the
  credentials already known by svn (some bzr modifications are
  needed for that part to become addressable, I've got a branch
  that does that, I should send a patch).

You don't have to address them as parts of your patch ;-)

    Ben> In addition to testing against a bzr smart server over
    Ben> HTTP, I tested bzr with my patch against an svn-dav
    Ben> server, and it correctly prompts there, too.

I'm still curious to understand why your patch may stop bzr to
raise the 401 though, may be all your tests where done with a
matching section in authentication.conf ?

         Vincent

More information about the bazaar mailing list