[ python-Bugs-944082 ] urllib2 authentication mishandles empty
password
SourceForge.net
noreply at sourceforge.net
Fri Jun 18 11:54:23 EDT 2004
Bugs item #944082, was opened at 2004-04-28 19:02
Message generated for change (Comment added) made by mkc
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=944082&group_id=5470
Category: Python Library
Group: None
Status: Closed
Resolution: Fixed
Priority: 5
Submitted By: Jacek Trzmiel (yangir)
Assigned to: Nobody/Anonymous (nobody)
Summary: urllib2 authentication mishandles empty password
Initial Comment:
If example.org requires authentication, then following
code:
host = 'example.org'
user = 'testuser'
password = ''
url = 'http://%s/' % host
authInfo = urllib2.HTTPPasswordMgrWithDefaultRealm()
authInfo.add_password( None, host, user, password )
authHandler = urllib2.HTTPBasicAuthHandler( authInfo )
opener = urllib2.build_opener( authHandler )
urlFile = opener.open( url )
print urlFile.read()
will die by throwing HTTPError 401:
File "/usr/lib/python2.3/urllib2.py", line 419, in
http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 401: Authorization Required
even if authenticating with 'testuser' and empty
password is valid.
Empty password is mishandled (i.e. authentication with
empty password string is ignored) in
AbstractBasicAuthHandler.retry_http_basic_auth
def retry_http_basic_auth(self, host, req, realm):
user,pw = self.passwd.find_user_password(realm,
host)
if pw:
[...]
It can be fixed by changing:
if pw:
to
if pw is not None:
Python 2.3.2 (#1, Oct 9 2003, 12:03:29)
[GCC 3.3.1 (cygming special)] on cygwin
Type "help", "copyright", "credits" or "license" for more
information.
----------------------------------------------------------------------
Comment By: Mike Coleman (mkc)
Date: 2004-06-18 10:54
Message:
Logged In: YES
user_id=555
The change that was made here probably fixes the bug, but it
looks like it would be better to make the test "user is not
None" rather than "pw is not None", since there are two
other places in the code that check the output of this
function by checking the None-ness of user and no code that
checks the None-ness of pw. (A comment that 'user' is what
is to be checked would also be useful.)
----------------------------------------------------------------------
Comment By: Martin v. Löwis (loewis)
Date: 2004-05-05 20:41
Message:
Logged In: YES
user_id=21627
This is fixed with patch #944110.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=944082&group_id=5470
More information about the Python-bugs-list
mailing list