Bug 2885 - HTTP Authentication problem
Summary: HTTP Authentication problem
Status: RESOLVED FIXED
Alias: None
Product: Mercurial
Classification: Unclassified
Component: Mercurial (show other bugs)
Version: unspecified
Hardware: All All
: critical bug
Assignee: Bugzilla
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-06 03:25 UTC by Andre Lopes
Modified: 2012-05-13 05:12 UTC (History)
10 users (show)

See Also:
Python Version: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andre Lopes 2011-07-06 03:25 UTC
I'm getting an error trying to clone a project through HTTP, with 
authentication:
D:\developer\workspace>hg -y clone --noupdate --uncompressed 
http://xxxxx:yyyyyy@192.168.1.1:8000/project project
abort: http authorization required

I'm mercurial 1.9, python 2.6.6, on Windows 7 64 Bit.
Without the -y option i get the following output:
D:\developer\workspace>hg clone --noupdate --uncompressed 
http://xxxxx:yyyyyy@192.168.1.1:8000/project project
http authorization required
realm: Restricted
user:<user_input>
password:
requesting all changes
adding changesets
adding manifests
adding file changes
...
and the project gets cloned without problems, but the authentication details 
were already in the URL, so it shouldn't have asked for authentication 
information.

This problem affects the Eclipse plug-in MercurialEclipse, that does the 
HTTP authentication with the username and password passed on the URL.
Comment 1 kiilerix 2011-07-06 04:01 UTC
To narrow it in a bit: -y just answers yes to anything and authentication
will thus fail.

Can you confirm that password in the url worked with 1.8.4?

For another way to do the same see the auth section in the hgrc man page.
Comment 2 Andre Lopes 2011-07-06 04:45 UTC
With v1.8.4, using the same comand line with the same URL and of course the 
same password, the clone was done without any problem!
Comment 3 Adrian Buehlmann 2011-07-07 02:02 UTC
Possibly related bugreports from TortoiseHg:

https://bitbucket.org/tortoisehg/thg/issue/912
https://bitbucket.org/tortoisehg/thg/issue/911
Comment 4 kiilerix 2011-07-14 16:06 UTC
This is a 1.9 regression. It might have been introduced with the big url
handling cleanup.
Comment 5 Augie Fackler 2011-07-20 20:46 UTC
I can't reproduce this, either with tip of mpm's repo (6d1d0b9c4ecc ATM) or
1.9 built from the tag. Has anyone else had "better" luck? I even tried with
HGRCPATH=/dev/null to make sure it wasn't something I had in my
configuration preventing breakage.
Comment 6 kiilerix 2011-07-27 06:55 UTC
Is this a duplicate of Issue2822 ?
Comment 7 Augie Fackler 2011-07-27 08:19 UTC
Looks like it is.
Comment 8 kiilerix 2011-08-02 16:12 UTC
A fix for a very similar issue has been released in 1.9.1:
http://www.selenic.com/hg/rev/4a43e23b8c55 
hgweb: do not ignore [auth] if url has a username (issue2822) 

Please test with that version.

If it haven't fixed your issue: What do "hg showconfig auth" show?
Comment 9 Igor Kostenko 2011-08-04 12:23 UTC
Issue still exists in 1.9.1.
$ hg version
Mercurial Distributed SCM (version 1.9.1+2-9991f8b19ff3+20110804)
$ hg showconfig auth
$ cat .hg/hgrc
[paths]
default = http://username:password@hg.server:8080/repo
$ hg push
pushing to http://username:***@hg.server:8080/repo
http authorization required
realm: Hg repository
user: 

On 1.8.3 it was fine. If I change hgrc to:
[paths]
default = http://hg.server:8080/repo
[auth]
repo.prefix = http://hg.server:8080/repo
repo.username = username
repo.password = password

then I don't need to enter username/password manually. But we have many
developers and many repositories and it wouldn't be easy to fix it everywhere.
Comment 10 kiilerix 2011-08-05 03:55 UTC
Thanks. We have now found out why the fix for 1.9.1 was insufficient.
pmezard is working on polishing a patch, and we will add tests that really
validates that it really has been solved this time.
Comment 11 Marcin Kuzminski 2011-08-05 10:03 UTC
I can confirm that it's broken in 1.9.1 
In RhodeCode i noticed clients > 1.8.X are not sending REMOTE_USER variable in
http headers.

1.8.X clients works just fine.

I think it's critical issue since it make all automated systems like stats
server,buildbots unable to clone/pull via http
Comment 12 HG Bot 2011-08-05 16:00 UTC
Fixed by http://selenic.com/repo/hg/rev/0f1311e829c9
Patrick Mezard <pmezard@gmail.com>
http: strip credentials from urllib2 manager URIs (issue2885)

(please test the fix)
Comment 13 Marcin Kuzminski 2011-08-05 16:52 UTC
I can confirm that mercurial client from rev 0f1311e829c9
fixes that issue for me.
Comment 14 Bugzilla 2012-05-12 09:21 UTC

--- Bug imported by bugzilla@serpentine.com 2012-05-12 09:21 EDT  ---

This bug was previously known as _bug_ 2885 at http://mercurial.selenic.com/bts/issue2885