backout changeset 3435c5865cfc due to buildbot failures. Ref #8797

3 files changed, 18 insertions, 88 deletions

diff --git a/Lib/test/test_urllib2_localnet.py b/Lib/test/test_urllib2_localnet.py
index f341cf7..b7513ee 100644
--- a/Lib/test/test_urllib2_localnet.py
+++ b/Lib/test/test_urllib2_localnet.py
@@ -1,4 +1,3 @@
-import base64
 import os
 import email
 import urllib.parse
@@ -198,48 +197,6 @@ class DigestAuthHandler:
                 return self._return_auth_challenge(request_handler)
             return True
 
-
-class BasicAuthHandler(http.server.SimpleHTTPRequestHandler):
-    """Handler for performing basic authentication."""
-    # Server side values
-    USER = 'testUser'
-    PASSWD = 'testPass'
-    REALM = 'Test'
-    USER_PASSWD = "%s:%s" % (USER, PASSWD)
-    ENCODED_AUTH = base64.b64encode(USER_PASSWD.encode('ascii')).decode('ascii')
-
-    def __init__(self, *args, **kwargs):
-        http.server.SimpleHTTPRequestHandler.__init__(self, *args, **kwargs)
-
-    def log_message(self, format, *args):
-        # Suppress console log message
-        pass
-
-    def do_HEAD(self):
-        self.send_response(200)
-        self.send_header("Content-type", "text/html")
-        self.end_headers()
-
-    def do_AUTHHEAD(self):
-        self.send_response(401)
-        self.send_header("WWW-Authenticate", "Basic realm=\"%s\"" % self.REALM)
-        self.send_header("Content-type", "text/html")
-        self.end_headers()
-
-    def do_GET(self):
-        if not self.headers.get("Authorization", ""):
-            self.do_AUTHHEAD()
-            self.wfile.write(b"No Auth header received")
-        elif self.headers.get(
-                "Authorization", "") == "Basic " + self.ENCODED_AUTH:
-            http.server.SimpleHTTPRequestHandler.do_GET(self)
-        else:
-            self.do_AUTHHEAD()
-            self.wfile.write(
-                bytes(self.headers.get("Authorization", ""), "ascii"))
-            self.wfile.write(b"Not Authenticated")
-
-
 # Proxy test infrastructure
 
 class FakeProxyHandler(http.server.BaseHTTPRequestHandler):
@@ -276,45 +233,6 @@ class FakeProxyHandler(http.server.BaseHTTPRequestHandler):
 # Test cases
 
 @unittest.skipUnless(threading, "Threading required for this test.")
-class BasicAuthTests(unittest.TestCase):
-    USER = "testUser"
-    PASSWD = "testPass"
-    INCORRECT_PASSWD = "Incorrect"
-    REALM = "Test"
-
-    def setUp(self):
-        super(BasicAuthTests, self).setUp()
-        # With Basic Authentication
-        def http_server_with_basic_auth_handler(*args, **kwargs):
-            return BasicAuthHandler(*args, **kwargs)
-        self.server = LoopbackHttpServerThread(http_server_with_basic_auth_handler)
-        self.server_url = 'http://127.0.0.1:%s' % self.server.port
-        self.server.start()
-        self.server.ready.wait()
-
-    def tearDown(self):
-        self.server.stop()
-        super(BasicAuthTests, self).tearDown()
-
-    def test_basic_auth_success(self):
-        ah = urllib.request.HTTPBasicAuthHandler()
-        ah.add_password(self.REALM, self.server_url, self.USER, self.PASSWD)
-        urllib.request.install_opener(urllib.request.build_opener(ah))
-        try:
-            self.assertTrue(urllib.request.urlopen(self.server_url))
-        except urllib.error.HTTPError:
-            self.fail("Basic auth failed for the url: %s", self.server_url)
-        except Exception as e:
-            raise e
-
-    def test_basic_auth_httperror(self):
-        ah = urllib.request.HTTPBasicAuthHandler()
-        ah.add_password(self.REALM, self.server_url, self.USER, self.INCORRECT_PASSWD)
-        urllib.request.install_opener(urllib.request.build_opener(ah))
-        self.assertRaises(urllib.error.HTTPError, urllib.request.urlopen, self.server_url)
-
-
-@unittest.skipUnless(threading, "Threading required for this test.")
 class ProxyAuthTests(unittest.TestCase):
     URL = "http://localhost"
 
@@ -327,7 +245,6 @@ class ProxyAuthTests(unittest.TestCase):
         self.digest_auth_handler = DigestAuthHandler()
         self.digest_auth_handler.set_users({self.USER: self.PASSWD})
         self.digest_auth_handler.set_realm(self.REALM)
-        # With Digest Authentication.
         def create_fake_proxy_handler(*args, **kwargs):
             return FakeProxyHandler(self.digest_auth_handler, *args, **kwargs)
 
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
index a17c868..0389f5e 100644
--- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py
@@ -846,6 +846,10 @@ class AbstractBasicAuthHandler:
             password_mgr = HTTPPasswordMgr()
         self.passwd = password_mgr
         self.add_password = self.passwd.add_password
+        self.retried = 0
+
+    def reset_retry_count(self):
+        self.retried = 0
 
     def http_error_auth_reqed(self, authreq, host, req, headers):
         # host may be an authority (without userinfo) or a URL with an
@@ -853,6 +857,13 @@ class AbstractBasicAuthHandler:
         # XXX could be multiple headers
         authreq = headers.get(authreq, None)
 
+        if self.retried > 5:
+            # retry sending the username:password 5 times before failing.
+            raise HTTPError(req.get_full_url(), 401, "basic auth failed",
+                    headers, None)
+        else:
+            self.retried += 1
+
         if authreq:
             scheme = authreq.split()[0]
             if scheme.lower() != 'basic':
@@ -867,14 +878,17 @@ class AbstractBasicAuthHandler:
                         warnings.warn("Basic Auth Realm was unquoted",
                                       UserWarning, 2)
                     if scheme.lower() == 'basic':
-                        return self.retry_http_basic_auth(host, req, realm)
+                        response = self.retry_http_basic_auth(host, req, realm)
+                        if response and response.code != 401:
+                            self.retried = 0
+                        return response
 
     def retry_http_basic_auth(self, host, req, realm):
         user, pw = self.passwd.find_user_password(realm, host)
         if pw is not None:
             raw = "%s:%s" % (user, pw)
             auth = "Basic " + base64.b64encode(raw.encode()).decode("ascii")
-            if req.get_header(self.auth_header, None) == auth:
+            if req.headers.get(self.auth_header, None) == auth:
                 return None
             req.add_unredirected_header(self.auth_header, auth)
             return self.parent.open(req, timeout=req.timeout)
@@ -890,6 +904,7 @@ class HTTPBasicAuthHandler(AbstractBasicAuthHandler, BaseHandler):
         url = req.full_url
         response = self.http_error_auth_reqed('www-authenticate',
                                           url, req, headers)
+        self.reset_retry_count()
         return response
 
 
@@ -905,6 +920,7 @@ class ProxyBasicAuthHandler(AbstractBasicAuthHandler, BaseHandler):
         authority = req.host
         response = self.http_error_auth_reqed('proxy-authenticate',
                                           authority, req, headers)
+        self.reset_retry_count()
         return response
 
 
diff --git a/Misc/NEWS b/Misc/NEWS
index 32f8cfc..18e5a6d 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -27,9 +27,6 @@ Core and Builtins
 Library
 -------
 
-- Issue #8797: Raise HTTPError on failed Basic Authentication immediately.
-  Initial patch by Sam Bull.
-
 - Issue #20729: Restored the use of lazy iterkeys()/itervalues()/iteritems()
   in the mailbox module.