[PATCH] hgweb: do not ignore [auth] if url has a username (issue2822)

Patrick Mezard pmezard at gmail.com
Sun Jul 31 16:46:57 UTC 2011 

# HG changeset patch
# User Patrick Mezard <pmezard at gmail.com>
# Date 1312024327 -7200
# Branch stable
# Node ID 552f90214f6f0f8bda5ba0b6e949c119faf4ab32
# Parent  56848e2bb0c5a43b580dd2ca7ce1e781d4e75b2b
hgweb: do not ignore [auth] if url has a username (issue2822)

The [auth] section was ignored when handling URLs like:

  http://user@example.com/foo

Instead, we look in [auth] for an entry matching the URL and supplied user
name.

diff --git a/mercurial/httpconnection.py b/mercurial/httpconnection.py
--- a/mercurial/httpconnection.py
+++ b/mercurial/httpconnection.py
@@ -58,7 +58,7 @@
         return self._len
 
 # moved here from url.py to avoid a cycle
-def readauthforuri(ui, uri):
+def readauthforuri(ui, uri, user=None):
     # Read configuration
     config = dict()
     for key, val in ui.configitems('auth'):
@@ -72,10 +72,16 @@
         gdict[setting] = val
 
     # Find the best match
+    uri = util.removeauth(uri)
     scheme, hostpath = uri.split('://', 1)
     bestlen = 0
     bestauth = None
     for group, auth in config.iteritems():
+        if user and auth.get('username') != user:
+            # We must have the same user to complete the password,
+            # and we do not accept any alternative credentials if
+            # a username was supplied in the URL.
+            continue
         prefix = auth.get('prefix')
         if not prefix:
             continue
diff --git a/mercurial/url.py b/mercurial/url.py
--- a/mercurial/url.py
+++ b/mercurial/url.py
@@ -25,8 +25,8 @@
             self._writedebug(user, passwd)
             return (user, passwd)
 
-        if not user:
-            res = httpconnectionmod.readauthforuri(self.ui, authuri)
+        if not user or not passwd:
+            res = httpconnectionmod.readauthforuri(self.ui, authuri, user=user)
             if res:
                 group, auth = res
                 user, passwd = auth.get('username'), auth.get('password')
diff --git a/tests/test-hgweb-auth.py b/tests/test-hgweb-auth.py
--- a/tests/test-hgweb-auth.py
+++ b/tests/test-hgweb-auth.py
@@ -1,5 +1,5 @@
 from mercurial import demandimport; demandimport.enable()
-from mercurial import ui
+from mercurial import ui, util
 from mercurial import url
 from mercurial.error import Abort
 
@@ -33,6 +33,9 @@
         print 'URI:', uri
         try:
             pm = url.passwordmgr(ui)
+            authinfo = util.url(uri).authinfo()[1]
+            if authinfo is not None:
+                pm.add_password(*authinfo)
             print '    ', pm.find_user_password('test', uri)
         except Abort, e:
             print 'abort'
@@ -43,6 +46,8 @@
     _test('https://example.org/foo')
     _test('https://example.org/foo/bar')
     _test('https://example.org/bar')
+    _test('https://x@example.org/bar')
+    _test('https://y@example.org/bar')
 
 
 print '\n*** Test in-uri schemes\n'
diff --git a/tests/test-hgweb-auth.py.out b/tests/test-hgweb-auth.py.out
--- a/tests/test-hgweb-auth.py.out
+++ b/tests/test-hgweb-auth.py.out
@@ -14,6 +14,10 @@
      abort
 URI: https://example.org/bar
      abort
+URI: https://x@example.org/bar
+     abort
+URI: https://y@example.org/bar
+     abort
 CFG: {x.prefix: https://example.org}
 URI: http://example.org/foo
      abort
@@ -27,6 +31,10 @@
      ('x', 'x')
 URI: https://example.org/bar
      ('x', 'x')
+URI: https://x@example.org/bar
+     ('x', 'x')
+URI: https://y@example.org/bar
+     abort
 CFG: {x.prefix: http://example.org, x.schemes: https}
 URI: http://example.org/foo
      ('x', 'x')
@@ -40,6 +48,10 @@
      abort
 URI: https://example.org/bar
      abort
+URI: https://x@example.org/bar
+     abort
+URI: https://y@example.org/bar
+     abort
 CFG: {x.prefix: https://example.org, x.schemes: http}
 URI: http://example.org/foo
      abort
@@ -53,6 +65,10 @@
      ('x', 'x')
 URI: https://example.org/bar
      ('x', 'x')
+URI: https://x@example.org/bar
+     ('x', 'x')
+URI: https://y@example.org/bar
+     abort
 
 *** Test separately configured schemes
 
@@ -69,6 +85,10 @@
      abort
 URI: https://example.org/bar
      abort
+URI: https://x@example.org/bar
+     abort
+URI: https://y@example.org/bar
+     abort
 CFG: {x.prefix: example.org, x.schemes: https}
 URI: http://example.org/foo
      abort
@@ -82,6 +102,10 @@
      ('x', 'x')
 URI: https://example.org/bar
      ('x', 'x')
+URI: https://x@example.org/bar
+     ('x', 'x')
+URI: https://y@example.org/bar
+     abort
 CFG: {x.prefix: example.org, x.schemes: http https}
 URI: http://example.org/foo
      ('x', 'x')
@@ -95,6 +119,10 @@
      ('x', 'x')
 URI: https://example.org/bar
      ('x', 'x')
+URI: https://x@example.org/bar
+     ('x', 'x')
+URI: https://y@example.org/bar
+     abort
 
 *** Test prefix matching
 
@@ -111,6 +139,10 @@
      abort
 URI: https://example.org/bar
      abort
+URI: https://x@example.org/bar
+     abort
+URI: https://y@example.org/bar
+     abort
 CFG: {x.prefix: http://example.org/foo, y.prefix: http://example.org/foo/bar}
 URI: http://example.org/foo
      ('x', 'x')
@@ -124,6 +156,10 @@
      abort
 URI: https://example.org/bar
      abort
+URI: https://x@example.org/bar
+     abort
+URI: https://y@example.org/bar
+     abort
 CFG: {x.prefix: *, y.prefix: https://example.org/bar}
 URI: http://example.org/foo
      abort
@@ -137,3 +173,7 @@
      ('x', 'x')
 URI: https://example.org/bar
      ('y', 'y')
+URI: https://x@example.org/bar
+     ('x', 'x')
+URI: https://y@example.org/bar
+     ('y', 'y')

More information about the Mercurial-devel mailing list