Rev 4285: Fix wrong realm extraction in http basic authentication (reported in file:///net/bigmamac/Volumes/home/vila/src/bzr/bugs/basic-realm/

Sat Apr 11 07:32:43 BST 2009

At file:///net/bigmamac/Volumes/home/vila/src/bzr/bugs/basic-realm/

------------------------------------------------------------
revno: 4285
revision-id: v.ladeuil+lp at free.fr-20090411063241-21hv3yp5kh9d05l4
parent: pqm at pqm.ubuntu.com-20090410193720-nyej7ft1k2yoyhui
committer: Vincent Ladeuil <v.ladeuil+lp at free.fr>
branch nick: basic-realm
timestamp: Sat 2009-04-11 08:32:41 +0200
message:
  Fix wrong realm extraction in http basic authentication (reported
  by Jelmer).
  
  * bzrlib/transport/http/_urllib2_wrappers.py:
  (BasicAuthHandler.extract_realm): Factor out realm extraction for
  tests purpose.
  
  * bzrlib/tests/test_http.py:
  (TestAuthHeader.parse_header): Accept a specific auth handler.
  (TestAuthHeader.test_basic_extract_realm): Explicitly test realm
  extraction.
-------------- next part --------------
=== modified file 'bzrlib/tests/test_http.py'

--- a/bzrlib/tests/test_http.py	2009-04-09 20:04:47 +0000
+++ b/bzrlib/tests/test_http.py	2009-04-11 06:32:41 +0000
@@ -215,9 +215,11 @@
 
 class TestAuthHeader(tests.TestCase):
 
-    def parse_header(self, header):
-        ah =  _urllib2_wrappers.AbstractAuthHandler()
-        return ah._parse_auth_header(header)
+    def parse_header(self, header, auth_handler_class=None):
+        if auth_handler_class is None:
+            auth_handler_class = _urllib2_wrappers.AbstractAuthHandler
+        self.auth_handler =  auth_handler_class()
+        return self.auth_handler._parse_auth_header(header)
 
     def test_empty_header(self):
         scheme, remainder = self.parse_header('')
@@ -235,6 +237,14 @@
         self.assertEquals('basic', scheme)
         self.assertEquals('realm="Thou should not pass"', remainder)
 
+    def test_basic_extract_realm(self):
+        scheme, remainder = self.parse_header(
+            'Basic realm="Thou should not pass"',
+            _urllib2_wrappers.BasicAuthHandler)
+        match, realm = self.auth_handler.extract_realm(remainder)
+        self.assertTrue(match is not None)
+        self.assertEquals('Thou should not pass', realm)
+
     def test_digest_header(self):
         scheme, remainder = self.parse_header(
             'Digest realm="Thou should not pass"')

=== modified file 'bzrlib/transport/http/_urllib2_wrappers.py'
--- a/bzrlib/transport/http/_urllib2_wrappers.py	2009-04-09 20:04:47 +0000
+++ b/bzrlib/transport/http/_urllib2_wrappers.py	2009-04-11 06:32:41 +0000
@@ -1244,14 +1244,20 @@
         auth_header = 'Basic ' + raw.encode('base64').strip()
         return auth_header
 
+    def extract_realm(self, header_value):
+        match = self.auth_regexp.search(header_value)
+        realm = None
+        if match:
+            realm = match.group(1)
+        return match, realm
+
     def auth_match(self, header, auth):
         scheme, raw_auth = self._parse_auth_header(header)
         if scheme != 'basic':
             return False
 
-        match = self.auth_regexp.search(raw_auth)
+        match, realm = self.extract_realm(raw_auth)
         if match:
-            realm = match.groups()
             if scheme != 'basic':
                 return False
 

