search

djc / couchdb-python

Python library for working with CouchDB
Other
202 stars 86 forks source link

HTTP basic auth is broken for accented characters #301

Closed adrienverge closed 8 years ago

adrienverge commented 8 years ago

Username/password encoding in HTTP basic auth is currently broken for non-ASCII password.

Example with user user and password unusual-char-é. With curl it works as expected:

curl -v 'http://user:unusual-char-%C3%A9@localhost:5984/'
> GET / HTTP/1.1
> Authorization: Basic YWxpY2U6YWRyaWVuPTohw6k=
> 
< HTTP/1.1 200 OK

But with couchdb-python the string is decoded from utf-8 then re-encoded into latin1, causing an incorrect Authorization header:

url = 'http://user:unusual-char-%C3%A9@localhost:5984/'
couchdb.Server(url).version()
> GET / HTTP/1.1
> Authorization: Basic dXNlcjp1bnVzdWFsLWNoYXIt6Q==
> 
< HTTP/1.1 401 Unauthorized
kxepal commented 8 years ago

FYI: It's only since RFC-7617 utf-8 basic auth credentials became officially legal. Previously, RFC-2616 only allowed to use ISO-8859-1 which is basically latin1.

adrienverge commented 8 years ago

Hey @kxepal, I didn't know, thanks! It's quite recent...

Still, I think python-couchdb should support it. I made a pull-request for this.