self.assertEqual([(handlers[0], "http_open")],
[tup[0:2] for tup in o.calls])
- def test_basic_auth(self):
+ def test_basic_auth(self, quote_char='"'):
opener = OpenerDirector()
password_manager = MockPasswordManager()
auth_handler = urllib2.HTTPBasicAuthHandler(password_manager)
realm = "ACME Widget Store"
http_handler = MockHTTPHandler(
- 401, 'WWW-Authenticate: Basic realm="%s"\r\n\r\n' % realm)
+ 401, 'WWW-Authenticate: Basic realm=%s%s%s\r\n\r\n' %
+ (quote_char, realm, quote_char) )
opener.add_handler(auth_handler)
opener.add_handler(http_handler)
self._test_basic_auth(opener, auth_handler, "Authorization",
"http://acme.example.com/protected",
)
+ def test_basic_auth_with_single_quoted_realm(self):
+ self.test_basic_auth(quote_char="'")
+
def test_proxy_basic_auth(self):
opener = OpenerDirector()
ph = urllib2.ProxyHandler(dict(http="proxy.example.com:3128"))
# XXX this allows for multiple auth-schemes, but will stupidly pick
# the last one with a realm specified.
- rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+realm="([^"]*)"', re.I)
+ # allow for double- and single-quoted realm values
+ # (single quotes are a violation of the RFC, but appear in the wild)
+ rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+'
+ 'realm=(["\'])(.*?)\\2', re.I)
# XXX could pre-emptively send auth info already accepted (RFC 2617,
# end of section 2, and section 1.2 immediately after "credentials"
if authreq:
mo = AbstractBasicAuthHandler.rx.search(authreq)
if mo:
- scheme, realm = mo.groups()
+ scheme, quote, realm = mo.groups()
if scheme.lower() == 'basic':
return self.retry_http_basic_auth(host, req, realm)
Library
-------
+- Issue #2136: urllib2's auth handler now allows single-quoted realms in the
+ WWW-Authenticate header.
+
- Issue #2434: Enhanced platform.win32_ver() to also work on Python
installation which do not have the win32all package installed.
projects / python / commitdiff