From: "Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
To: Eli Zaretskii <eliz@gnu.org>
Cc: 72526-done@debbugs.gnu.org
Subject: bug#72526: 31.0.50; [PATCH] Fix url-basic-auth secret search when passing username and/or port
Date: Sat, 24 Aug 2024 14:59:29 +0300 [thread overview]
Message-ID: <41169.313730073$1724500845@news.gmane.org> (raw)
In-Reply-To: <86bk1invo7.fsf@gnu.org> (Eli Zaretskii's message of "Sat, 24 Aug 2024 11:59:20 +0300")
Eli Zaretskii <eliz@gnu.org> writes:
>> From: Björn Bidar <bjorn.bidar@thaodan.de>
>> Cc: 72526@debbugs.gnu.org
>> Date: Mon, 19 Aug 2024 09:54:09 +0300
>>
>> Eli Zaretskii <eliz@gnu.org> writes:
>>
>> >> From: Björn Bidar <bjorn.bidar@thaodan.de>
>> >> Cc: 72526@debbugs.gnu.org
>> >> Date: Sun, 18 Aug 2024 15:30:22 +0300
>> >>
>> >> Eli Zaretskii <eliz@gnu.org> writes:
>> >>
>> >> 1. url-basic-auth-store uses the 'server' as in the '<server>:<port>' in
>> >> url-basic-auth-storage. I did not want to change the existing format
>> >> as I don't know the implications.
>> >
>> > Can you calculate a separate variable once, and then use 'server' and
>> > that new variable, each one where appropriate? It simply doesn't look
>> > clean to recalculate the same value several times.
>> >
>> >> 2. I tested calling auth-source-search with :user nil and without :user
>> >> in both cases the result was the same, from this I imply that calling
>> >> auth-source-search with :user nil is ok.
>> >
>> > Wouldn't it be cleaner to omit :user if the value is nil?
>>
>> It would, how would one do such thing in lisp except of course
>> having two separate calls one with :user and one without :user.
>> For C it would be normal to just pass NULL if the argument is optional
>> (beginner in lisp).
>>
>> >> Yes if auth-source-search doesn't find a user for the url
>> >> url-basic-auth will prompt the user for a user.
>> >> Why is it a good idea to derive the user by url-basic-auth?
>> >> Because HTTP basic authentication uses the as specific in RFC 3986
>> >> section 3.2.1. Using it in this function to infer the user from the
>> >> url just follows the standard as already in other programs/Emacs
>> >> packages.
>> >> If the user has specified the username they want to identify with
>> >> at the server asking for it would be redundant and not confirming to
>> >> the standard.
>> >
>> > What does the current code do in that case? Does it completely fail,
>> > or does it prompt for the username? If the latter, it would be a
>> > change in behavior, won't it?
>>
>> Currently it does ask for the user even if the caller sends the user in the
>> url. It would be change of behavior, however it is expected that the user is
>> used in HTTP basic authentication if the the url is 'http://user@host'.
>> I don't think any caller would call the function in such a way without
>> expecting that user is the username used in the call.
>
> Thanks, so I installed the patch on the master branch, and I'm now
> closing this bug.
Would it make sense to apply it to Emacs 30.1 too?
What about the other patch? Should :user only be passed to
auth-source-search if there was a user in the url for the patch to be
ok?
next prev parent reply other threads:[~2024-08-24 11:59 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87bk1stevo.fsf@>
2024-08-17 6:02 ` bug#72526: 31.0.50; [PATCH] Fix url-basic-auth secret search when passing username and/or port Eli Zaretskii
2024-08-17 8:41 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <877ccftubm.fsf@>
2024-08-17 10:49 ` Eli Zaretskii
2024-08-17 20:50 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <87zfpaswk4.fsf@>
2024-08-18 5:15 ` Eli Zaretskii
2024-08-18 12:30 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <87v7zyrp29.fsf@>
2024-08-18 13:13 ` Eli Zaretskii
2024-08-19 6:54 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <87zfp9q9ym.fsf@>
2024-08-24 8:59 ` Eli Zaretskii
2024-08-24 11:59 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors [this message]
[not found] ` <87y14mb07y.fsf@>
2024-08-24 12:51 ` Eli Zaretskii
2024-08-26 6:05 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <87h6b7byzb.fsf@>
2024-08-26 11:14 ` Eli Zaretskii
[not found] <87r0azawml.fsf@>
2024-08-16 20:02 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-08-16 20:02 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-08-08 14:59 Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='41169.313730073$1724500845@news.gmane.org' \
--to=bug-gnu-emacs@gnu.org \
--cc=72526-done@debbugs.gnu.org \
--cc=bjorn.bidar@thaodan.de \
--cc=eliz@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.