diff --git a/Lib/distutils/command/upload.py b/Lib/distutils/command/upload.py index 3b4a036718f..f602fbeb686 100644 --- a/Lib/distutils/command/upload.py +++ b/Lib/distutils/command/upload.py @@ -12,7 +12,7 @@ import socket import platform import configparser import http.client as httpclient -import base64 +from base64 import standard_b64encode import urllib.parse # this keeps compatibility for 2.3 and 2.4 @@ -127,7 +127,7 @@ class upload(PyPIRCCommand): user_pass = (self.username + ":" + self.password).encode('ascii') # The exact encoding of the authentication string is debated. # Anyway PyPI only accepts ascii for both username or password. - auth = "Basic " + base64.encodebytes(user_pass).strip().decode('ascii') + auth = "Basic " + standard_b64encode(user_pass).decode('ascii') # Build up the MIME payload for the POST data boundary = '--------------GHSKFJDLGDS7543FJKLFHRE75642756743254' diff --git a/Lib/distutils/tests/test_upload.py b/Lib/distutils/tests/test_upload.py index 828f20c5399..35e970051e9 100644 --- a/Lib/distutils/tests/test_upload.py +++ b/Lib/distutils/tests/test_upload.py @@ -10,6 +10,25 @@ from distutils.core import Distribution from distutils.tests import support from distutils.tests.test_config import PYPIRC, PyPIRCCommandTestCase +PYPIRC_LONG_PASSWORD = """\ +[distutils] + +index-servers = + server1 + server2 + +[server1] +username:me +password:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + +[server2] +username:meagain +password: secret +realm:acme +repository:http://another.pypi/ +""" + + PYPIRC_NOPASSWORD = """\ [distutils] @@ -96,7 +115,7 @@ class uploadTestCase(PyPIRCCommandTestCase): self.write_file(path) command, pyversion, filename = 'xxx', '2.6', path dist_files = [(command, pyversion, filename)] - self.write_file(self.rc, PYPIRC) + self.write_file(self.rc, PYPIRC_LONG_PASSWORD) # lets run it pkg_dir, dist = self.create_dist(dist_files=dist_files) @@ -108,6 +127,7 @@ class uploadTestCase(PyPIRCCommandTestCase): headers = dict(self.conn.headers) self.assertEquals(headers['Content-length'], '2087') self.assertTrue(headers['Content-type'].startswith('multipart/form-data')) + self.assertFalse('\n' in headers['Authorization']) self.assertEquals(self.conn.requests, [('POST', '/pypi')]) self.assert_((b'xxx') in self.conn.body) diff --git a/Misc/NEWS b/Misc/NEWS index dc33c569d8e..05bace37026 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -58,6 +58,10 @@ Core and Builtins Library ------- +- Issue #7552: Removed line feed in the base64 Authorization header in + the Distutils upload command to avoid an error when PyPI reads it. + This occurs on long passwords. Initial patch by JP St. Pierre. + - Issue #7231: urllib2 cannot handle https with proxy requiring auth. Patch by Tatsuhiro Tsujikawa.