[PATCH] url: avoid re-issuing incorrect password (issue3210)

Kim Randell Kim.Randell at vicon.com
Fri Jul 29 10:46:30 EDT 2016


# HG changeset patch
# User Kim Randell
# Date 1469792767 -3600
#      Fri Jul 29 12:46:07 2016 +0100
# Branch stable
# Node ID 9ae7fc90e0bac36de9b725587eb093f98b34619f
# Parent  8421cbebc783e7f3cb17cfb62b4095113f8d666b
url: avoid re-issuing incorrect password (issue3210)

Some draconian IT setups lock accounts after a small number of incorrect
password attempts. Mercurial's implementation of the urllib2 authentication was
causing 5 retry attempts with the same credentials, without prompting the user.
The code was attempting to check whether the authorization token had changed,
but unfortunately was reading the misleading 'headers' member of the request
instead of using the 'get_header' accessor.

Modelled on fix for Python issue 8797:
https://bugs.python.org/issue8797
https://hg.python.org/cpython/rev/30e8a8f22a2a

diff -r 8421cbebc783 -r 9ae7fc90e0ba mercurial/url.py
--- a/mercurial/url.py	Wed Jul 27 13:57:51 2016 +0100
+++ b/mercurial/url.py	Fri Jul 29 12:46:07 2016 +0100
@@ -451,7 +451,7 @@
         if pw is not None:
             raw = "%s:%s" % (user, pw)
             auth = 'Basic %s' % base64.b64encode(raw).strip()
-            if req.headers.get(self.auth_header, None) == auth:
+            if req.get_header(self.auth_header, None) == auth:
                 return None
             self.auth = auth
             req.add_unredirected_header(self.auth_header, auth)


More information about the Mercurial-devel mailing list