#2136: allow single quotes in realm spec.

2008-03-21 19:54:00 +00:00 · 2008-03-21 19:54:00 +00:00 · 331243270d
parent d346475a0c
commit 331243270d
3 changed files with 14 additions and 4 deletions
--- a/Lib/test/test_urllib2.py
+++ b/Lib/test/test_urllib2.py
@ -911,13 +911,14 @@ class HandlerTests(unittest.TestCase):
        self.assertEqual([(handlers[0], "http_open")],
                         [tup[0:2] for tup in o.calls])

-    def test_basic_auth(self):
+    def test_basic_auth(self, quote_char='"'):
        opener = OpenerDirector()
        password_manager = MockPasswordManager()
        auth_handler = urllib2.HTTPBasicAuthHandler(password_manager)
        realm = "ACME Widget Store"
        http_handler = MockHTTPHandler(
-            401, 'WWW-Authenticate: Basic realm="%s"\r\n\r\n' % realm)
+            401, 'WWW-Authenticate: Basic realm=%s%s%s\r\n\r\n' %
+            (quote_char, realm, quote_char) )
        opener.add_handler(auth_handler)
        opener.add_handler(http_handler)
        self._test_basic_auth(opener, auth_handler, "Authorization",
@ -926,6 +927,9 @@ class HandlerTests(unittest.TestCase):
                              "http://acme.example.com/protected",
                              )

+    def test_basic_auth_with_single_quoted_realm(self):
+        self.test_basic_auth(quote_char="'")
+
    def test_proxy_basic_auth(self):
        opener = OpenerDirector()
        ph = urllib2.ProxyHandler(dict(http="proxy.example.com:3128"))
--- a/Lib/urllib2.py
+++ b/Lib/urllib2.py
@ -780,7 +780,10 @@ class AbstractBasicAuthHandler:
    # XXX this allows for multiple auth-schemes, but will stupidly pick
    # the last one with a realm specified.

-    rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+realm="([^"]*)"', re.I)
+    # allow for double- and single-quoted realm values
+    # (single quotes are a violation of the RFC, but appear in the wild)
+    rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+'
+                    'realm=(["\'])(.*?)\\2', re.I)

    # XXX could pre-emptively send auth info already accepted (RFC 2617,
    # end of section 2, and section 1.2 immediately after "credentials"
@ -800,7 +803,7 @@ class AbstractBasicAuthHandler:
        if authreq:
            mo = AbstractBasicAuthHandler.rx.search(authreq)
            if mo:
-                scheme, realm = mo.groups()
+                scheme, quote, realm = mo.groups()
                if scheme.lower() == 'basic':
                    return self.retry_http_basic_auth(host, req, realm)

--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -51,6 +51,9 @@ Core and builtins
 Library
 -------

+- Issue #2136: urllib2's auth handler now allows single-quoted realms in the
+  WWW-Authenticate header.
+
 - Issue #2434: Enhanced platform.win32_ver() to also work on Python
  installation which do not have the win32all package installed.