[PATCH] hgweb: do not ignore [auth] if url has a username (issue2822)
Mads Kiilerich
mads at kiilerich.com
Sun Jul 31 16:51:03 CDT 2011
Patrick Mezard wrote, On 07/31/2011 06:46 PM:
> # HG changeset patch
> # User Patrick Mezard<pmezard at gmail.com>
> # Date 1312024327 -7200
> # Branch stable
> # Node ID 552f90214f6f0f8bda5ba0b6e949c119faf4ab32
> # Parent 56848e2bb0c5a43b580dd2ca7ce1e781d4e75b2b
> hgweb: do not ignore [auth] if url has a username (issue2822)
>
> The [auth] section was ignored when handling URLs like:
>
> http://user@example.com/foo
>
> Instead, we look in [auth] for an entry matching the URL and supplied user
> name.
I noticed that it seems like it really fixes to issues:
First: [auth] wasn't used if the username was specified. This is a 1.9
regression and thus a 'serious' bug.
Second: [auth] was matched on prefix only, ignoring the specified
username. I guess it has been like that forever and works as designed
and is correct according to the "specification". It might be surprising,
but it is existing behaviour and so harmless that it in worst case could
be "fixed" by updating the documentation.
I agree the second issue should be fixed too, but I wonder:
* should it really be fixed in stable?
* should the documentation be updated too?
> diff --git a/mercurial/httpconnection.py b/mercurial/httpconnection.py
> --- a/mercurial/httpconnection.py
> +++ b/mercurial/httpconnection.py
> @@ -58,7 +58,7 @@
> return self._len
>
> # moved here from url.py to avoid a cycle
> -def readauthforuri(ui, uri):
> +def readauthforuri(ui, uri, user=None):
Why is user optional? If we want to be able to select auth entry based
on username then we must make sure that we always supply the username.
(The url username might not be so immediately available the other places
we use readauthforuri ...)
/Mads
More information about the Mercurial-devel
mailing list