[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: Updating the issue with version 3.2 tag since it was fixed there as well. Still fixed, of course. You are correct that the encodings can be tricky. Luckily I only added coding to tests. But you're right, I would consider very carefully before using simila

[issue13642] urllib incorrectly quotes username and password in https basic auth

Senthil Kumaran added the comment: Here we go! I thought the problem did not exist in py3k, but good that the tests caught them and we have a fix now. Thanks for the complete patch, Joonas. I hope it was easy to port the patch to 3k. The encoding part may perhaps be the only thing to careful

[issue13642] urllib incorrectly quotes username and password in https basic auth

Roundup Robot added the comment: New changeset 80e3b8de4edd by Senthil Kumaran in branch '3.2': Fix Issue #13642: Unquote before b64encoding user:password during Basic Authentication. http://hg.python.org/cpython/rev/80e3b8de4edd New changeset 4b4029fc8cf2 by Senthil Kumaran in branch 'default

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: Also adding a patch that may be enough to fix the problem in python3.2. Review needed, did not test more than passing the previously failed unit test. -- Added file: http://bugs.python.org/file24235/urllib-userpass-w-spaces-fix.patch __

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: Senthil, I ported the tests to 3.2. The quoting problem seems to be the same in 3.2 and the new test fails. I don't know how the password managers handle the usernames and passwords in python3 urllib so I did not look at that. Could you please also port th

[issue13642] urllib incorrectly quotes username and password in https basic auth

Senthil Kumaran added the comment: Joonas and Michele - The fix along with the tests is in for 2.7 line. W.r.t to tests having it in the class level buf seems to be only easy way, for other it seemed to be that FakeSocket and FakeConnection stuff need some major change (and resulted in breaki

[issue13642] urllib incorrectly quotes username and password in https basic auth

Roundup Robot added the comment: New changeset 01ef13e9e225 by Senthil Kumaran in branch '2.7': - Issue #13642: Unquote before b64encoding user:password during Basic http://hg.python.org/cpython/rev/01ef13e9e225 -- nosy: +python-dev ___ Python tracke

[issue13642] urllib incorrectly quotes username and password in https basic auth

Changes by Michele Orrù : Added file: http://bugs.python.org/file24192/issue13642_with_map.patch ___ Python tracker ___ ___ Python-bugs-list m

[issue13642] urllib incorrectly quotes username and password in https basic auth

Changes by Michele Orrù : Removed file: http://bugs.python.org/file24186/issue13642.patch ___ Python tracker ___ ___ Python-bugs-list mailing

[issue13642] urllib incorrectly quotes username and password in https basic auth

Michele Orrù added the comment: Whoops, probably I tested using $ python instead of $ ./python.exe - Attaching two patches, one keeps using map(), but definitely changes unquote() behavior; the other simply asserts user_passwd exists before using unquote(). Well, concerning the class field ab

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: Michele, in your patch: +authorization = ("Authorization: Basic %s\r\n" % + b64encode('a%20b:c%20d')) This is wrong. See the original report by me and RFC 2617. The username and password MUST NOT be url encoded befor

[issue13642] urllib incorrectly quotes username and password in https basic auth

Michele Orrù added the comment: Patch attached. Note that now unquote is called with host using map(), and b64 encoded strings are no more hardcoded. Please tell me if those changes are acceptable - anyway they don't break any other unit tests. -- nosy: +ezio.melotti Added file: http:

[issue13642] urllib incorrectly quotes username and password in https basic auth

Michele Orrù added the comment: There's no need to port your patch over python3k, since urllib behaves differently with http passwords - as you can see in the doc http://docs.python.org/dev/py3k/library/urllib.request.html#examples I would be glad to finish your password on 2.7 as soon as po

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: > It is better to do the explicitly above the b64 encoding step. > Just as host has been unquoted. > > user_passwd, host = splituser(host) > host = unquote(host) Ok. So it needs to be done on the line after import bas

[issue13642] urllib incorrectly quotes username and password in https basic auth

Senthil Kumaran added the comment: Some review comments. Instead of doing the inline unquote like this - -auth = base64.b64encode(user_passwd).strip() +auth = base64.b64encode(unquote(user_passwd)).strip() It is better to do the explicitly above the b64 encoding step. J

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: Updated patch for 2.7 hg tip attached. Please review, test and if ok, port to 3.x. I guess the URL needs to be quoted so commented out the assertion for the URL being equal. I added unquote in the base64 encoding of the password, which makes the test pass

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: > Regarding unittests instead, there is already a method called > test_userpass_inurl which could be extended with some tests on a > password containing spaces ( Lib/test/test_urllib.py:263). But what > I haven't yet understood is: does it really exists a use

[issue13642] urllib incorrectly quotes username and password in https basic auth

Michele Orrù added the comment: > Joonas, this issue seems easy to solve. Do you want to try to post a > patch?. Extra credits for patching testsuite too :). As far as I see, it would be sufficient to add unquote(passed) to _open_generic_http. Regarding unittests instead, there is already a me

[issue13642] urllib incorrectly quotes username and password in https basic auth

Jesús Cea Avión added the comment: Joonas, this issue seems easy to solve. Do you want to try to post a patch?. Extra credits for patching testsuite too :). If you work in 2.7, I promise to up-port the patch to 3.x. -- nosy: +jcea ___ Python tracke

[issue13642] urllib incorrectly quotes username and password in https basic auth

New submission from Joonas Kuorilehto : Reproduction: >>> import urllib >>> urllib.urlopen("https://example.com/";) Enter username for Test Site at example.com: user Enter password for user in Test Site at example.com: top secret Enter username for Test Site at example.com: # If the correct pass