Patch #812285: allow multiple auth schemes in AbstractBasicAuthHandler.

author: Georg Brandl <georg@python.org> 2007-03-07 07:39:06 (GMT)
committer: Georg Brandl <georg@python.org> 2007-03-07 07:39:06 (GMT)
commit: 172e7257f65e5d37974aacf0c467e76a321ddf2c (patch)
tree: 1b88c24097cdc303a4feae242371458b0620427a /Lib/urllib2.py
parent: cadbbfc85b58ec8428d871ccd32507b4129c3d4e (diff)
download: cpython-172e7257f65e5d37974aacf0c467e76a321ddf2c.zip
cpython-172e7257f65e5d37974aacf0c467e76a321ddf2c.tar.gz
cpython-172e7257f65e5d37974aacf0c467e76a321ddf2c.tar.bz2
1 files changed, 3 insertions, 4 deletions
diff --git a/Lib/urllib2.py b/Lib/urllib2.py
index 58b480d..b0afac2 100644
--- a/Lib/urllib2.py
+++ b/Lib/urllib2.py
@@ -767,11 +767,10 @@ class HTTPPasswordMgrWithDefaultRealm(HTTPPasswordMgr):
 
 class AbstractBasicAuthHandler:
 
-    rx = re.compile('[ \t]*([^ \t]+)[ \t]+realm="([^"]*)"', re.I)
+    # XXX this allows for multiple auth-schemes, but will stupidly pick
+    # the last one with a realm specified.
 
-    # XXX there can actually be multiple auth-schemes in a
-    # www-authenticate header.  should probably be a lot more careful
-    # in parsing them to extract multiple alternatives
+    rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+realm="([^"]*)"', re.I)
 
     # XXX could pre-emptively send auth info already accepted (RFC 2617,
     # end of section 2, and section 1.2 immediately after "credentials"
author	Georg Brandl <georg@python.org>	2007-03-07 07:39:06 (GMT)
committer	Georg Brandl <georg@python.org>	2007-03-07 07:39:06 (GMT)
commit	172e7257f65e5d37974aacf0c467e76a321ddf2c (patch)
tree	1b88c24097cdc303a4feae242371458b0620427a /Lib/urllib2.py
parent	cadbbfc85b58ec8428d871ccd32507b4129c3d4e (diff)
download	cpython-172e7257f65e5d37974aacf0c467e76a321ddf2c.zip cpython-172e7257f65e5d37974aacf0c467e76a321ddf2c.tar.gz cpython-172e7257f65e5d37974aacf0c467e76a321ddf2c.tar.bz2