diff options
author | Senthil Kumaran <senthil@uthcode.com> | 2012-01-14 11:09:04 (GMT) |
---|---|---|
committer | Senthil Kumaran <senthil@uthcode.com> | 2012-01-14 11:09:04 (GMT) |
commit | c5c5a14577f1188125630dcbf31c5c2cd258b541 (patch) | |
tree | 9a9c8efbaa2c774caa11d4c70d6483d6c8651bbf /Lib | |
parent | 9bbcb254dbeafcbfb09b3ca7a53bd69083ecabbb (diff) | |
download | cpython-c5c5a14577f1188125630dcbf31c5c2cd258b541.zip cpython-c5c5a14577f1188125630dcbf31c5c2cd258b541.tar.gz cpython-c5c5a14577f1188125630dcbf31c5c2cd258b541.tar.bz2 |
Fix Issue #13642: Unquote before b64encoding user:password during Basic Authentication.
Diffstat (limited to 'Lib')
-rw-r--r-- | Lib/test/test_urllib.py | 33 | ||||
-rw-r--r-- | Lib/urllib/request.py | 5 |
2 files changed, 33 insertions, 5 deletions
diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py index 97781d7..5a6dd65 100644 --- a/Lib/test/test_urllib.py +++ b/Lib/test/test_urllib.py @@ -12,6 +12,8 @@ import os import sys import tempfile +from base64 import b64encode + def hexescape(char): """Escape char as RFC 2396 specifies""" hex_repr = hex(ord(char))[2:].upper() @@ -42,8 +44,8 @@ class FakeHTTPMixin(object): class FakeSocket(io.BytesIO): io_refs = 1 - def sendall(self, str): - pass + def sendall(self, data): + FakeHTTPConnection.buf = data def makefile(self, *args, **kwds): self.io_refs += 1 @@ -65,8 +67,13 @@ class FakeHTTPMixin(object): io.BytesIO.close(self) class FakeHTTPConnection(http.client.HTTPConnection): + + # buffer to store data for verification in urlopen tests. + buf = None + def connect(self): self.sock = FakeSocket(fakedata) + self._connection_class = http.client.HTTPConnection http.client.HTTPConnection = FakeHTTPConnection @@ -268,6 +275,25 @@ Content-Type: text/html; charset=iso-8859-1 finally: self.unfakehttp() + def test_userpass_inurl_w_spaces(self): + self.fakehttp(b"HTTP/1.0 200 OK\r\n\r\nHello!") + try: + userpass = "a b:c d" + url = "http://{}@python.org/".format(userpass) + fakehttp_wrapper = http.client.HTTPConnection + authorization = ("Authorization: Basic %s\r\n" % + b64encode(userpass.encode("ASCII")).decode("ASCII")) + fp = urlopen(url) + # The authorization header must be in place + self.assertIn(authorization, fakehttp_wrapper.buf.decode("UTF-8")) + self.assertEqual(fp.readline(), b"Hello!") + self.assertEqual(fp.readline(), b"") + # the spaces are quoted in URL so no match + self.assertNotEqual(fp.geturl(), url) + self.assertEqual(fp.getcode(), 200) + finally: + self.unfakehttp() + class urlretrieve_FileTests(unittest.TestCase): """Test urllib.urlretrieve() on local files""" @@ -1111,6 +1137,9 @@ class Utility_Tests(unittest.TestCase): self.assertEqual(('user', 'a\fb'),urllib.parse.splitpasswd('user:a\fb')) self.assertEqual(('user', 'a\vb'),urllib.parse.splitpasswd('user:a\vb')) self.assertEqual(('user', 'a:b'),urllib.parse.splitpasswd('user:a:b')) + self.assertEqual(('user', 'a b'),urllib.parse.splitpasswd('user:a b')) + self.assertEqual(('user 2', 'ab'),urllib.parse.splitpasswd('user 2:ab')) + self.assertEqual(('user+1', 'a+b'),urllib.parse.splitpasswd('user+1:a+b')) def test_thishost(self): """Test the urllib.request.thishost utility function returns a tuple""" diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py index 77b7c7f..cf065715 100644 --- a/Lib/urllib/request.py +++ b/Lib/urllib/request.py @@ -1661,13 +1661,13 @@ class URLopener: if not host: raise IOError('http error', 'no host given') if proxy_passwd: - import base64 + proxy_passwd = unquote(proxy_passwd) proxy_auth = base64.b64encode(proxy_passwd.encode()).decode('ascii') else: proxy_auth = None if user_passwd: - import base64 + user_passwd = unquote(user_passwd) auth = base64.b64encode(user_passwd.encode()).decode('ascii') else: auth = None @@ -1871,7 +1871,6 @@ class URLopener: time.gmtime(time.time()))) msg.append('Content-type: %s' % type) if encoding == 'base64': - import base64 # XXX is this encoding/decoding ok? data = base64.decodebytes(data.encode('ascii')).decode('latin1') else: |