Patch #812285: allow multiple auth schemes in AbstractBasicAuthHandler.

author Georg Brandl <georg@python.org>

Wed, 7 Mar 2007 07:39:13 +0000 (07:39 +0000)

committer Georg Brandl <georg@python.org>

Wed, 7 Mar 2007 07:39:13 +0000 (07:39 +0000)
author Georg Brandl <georg@python.org>
Wed, 7 Mar 2007 07:39:13 +0000 (07:39 +0000)
committer Georg Brandl <georg@python.org>
Wed, 7 Mar 2007 07:39:13 +0000 (07:39 +0000)
diff --git a/Lib/urllib2.py b/Lib/urllib2.py

index 1ab5c61454cfabfc9bf62bb9d0056fc16fcfedd1..4e926a154b423add205019c25b5af1c9b45e4ec1 100644 (file)
--- a/Lib/urllib2.py
+++ b/Lib/urllib2.py
@@ -766,11 +766,10 @@ class HTTPPasswordMgrWithDefaultRealm(HTTPPasswordMgr):
  
  class AbstractBasicAuthHandler:
  
-    rx = re.compile('[ \t]*([^ \t]+)[ \t]+realm="([^"]*)"', re.I)
+    # XXX this allows for multiple auth-schemes, but will stupidly pick
+    # the last one with a realm specified.
  
-    # XXX there can actually be multiple auth-schemes in a
-    # www-authenticate header.  should probably be a lot more careful
-    # in parsing them to extract multiple alternatives
+    rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+realm="([^"]*)"', re.I)
  
      # XXX could pre-emptively send auth info already accepted (RFC 2617,
      # end of section 2, and section 1.2 immediately after "credentials"
author	Georg Brandl <georg@python.org>
	Wed, 7 Mar 2007 07:39:13 +0000 (07:39 +0000)
committer	Georg Brandl <georg@python.org>
	Wed, 7 Mar 2007 07:39:13 +0000 (07:39 +0000)