[PATCH] url: avoid re-issuing incorrect password (issue3210)
Kim Randell
Kim.Randell at vicon.com
Fri Jul 29 14:46:30 UTC 2016
# HG changeset patch
# User Kim Randell
# Date 1469792767 -3600
# Fri Jul 29 12:46:07 2016 +0100
# Branch stable
# Node ID 9ae7fc90e0bac36de9b725587eb093f98b34619f
# Parent 8421cbebc783e7f3cb17cfb62b4095113f8d666b
url: avoid re-issuing incorrect password (issue3210)
Some draconian IT setups lock accounts after a small number of incorrect
password attempts. Mercurial's implementation of the urllib2 authentication was
causing 5 retry attempts with the same credentials, without prompting the user.
The code was attempting to check whether the authorization token had changed,
but unfortunately was reading the misleading 'headers' member of the request
instead of using the 'get_header' accessor.
Modelled on fix for Python issue 8797:
https://bugs.python.org/issue8797
https://hg.python.org/cpython/rev/30e8a8f22a2a
diff -r 8421cbebc783 -r 9ae7fc90e0ba mercurial/url.py
--- a/mercurial/url.py Wed Jul 27 13:57:51 2016 +0100
+++ b/mercurial/url.py Fri Jul 29 12:46:07 2016 +0100
@@ -451,7 +451,7 @@
if pw is not None:
raw = "%s:%s" % (user, pw)
auth = 'Basic %s' % base64.b64encode(raw).strip()
- if req.headers.get(self.auth_header, None) == auth:
+ if req.get_header(self.auth_header, None) == auth:
return None
self.auth = auth
req.add_unredirected_header(self.auth_header, auth)
More information about the Mercurial-devel
mailing list