pwsm / httplib2

Automatically exported from code.google.com/p/httplib2
0 stars 0 forks source link

username:password in URI breaks httplib2 #168

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
url = 'http://foo.bar@example.com'

h = httplib2.Http()

response, content = h.request(url, 'GET')

Traceback (most recent call last):
  File "mini.py", line 7, in <module>
    response, content = h.request(url, 'GET')
  File "/home/faassen/ve26/lib/python2.6/site-packages/httplib2-0.7.1-py2.6.egg/httplib2/__init__.py", line 1320, in request
    proxy_info=self.proxy_info)
  File "/home/faassen/ve26/lib/python2.6/site-packages/httplib2-0.7.1-py2.6.egg/httplib2/__init__.py", line 758, in __init__
    httplib.HTTPConnection.__init__(self, host, port, strict)
  File "/usr/lib/python2.6/httplib.py", line 657, in __init__
    self._set_hostport(host, port)
  File "/usr/lib/python2.6/httplib.py", line 682, in _set_hostport
    raise InvalidURL("nonnumeric port: '%s'" % host[i+1:])
httplib.InvalidURL: nonnumeric port: 'bar@example.com'

It appears it's parsing the ':' separator in the username:password settings as 
the port number separator.

I tried to work around this by adding the port number also to the URI:

 'http://foo:bar@example.com:80'

but that results in:

httplib2.ServerNotFoundError: Unable to find the server at foo:bar@example.com

How would I expect it to behave? I think there are two options:

One is to do the equivalent of this inside httplib2:

parsed = urlparse.urlparse(url)

if parsed.username and parsed.password:
    h.add_credentials(parsed.username, parsed.password)

(and ripping out the username:password@ bit from the URI after that)

I'm not sure whether this is expected behavior according to the RFCs.

Instead, httplib2 could simply rip out the userinfo@ part before proceeding. 
I'm not sure whether that is right either however - firefox at least lets me go 
to userinfo@example.com (with a warning).

Perhaps userinfo@ shouldn'be supported as it isn't very secure - in that case 
httplib2 could give a cleaner error message (instead of trying to interpret 
things as a port number).

(the trouble arose because it is actually quite handy sometimes to be able to 
store username:password@ bits in URIs in config files, even though you don't 
want to send them across the net in that form)

Original issue reported on code.google.com by martijn....@gmail.com on 24 Aug 2011 at 11:13