From: Eli Zaretskii <eliz@gnu.org>
To: "Björn Bidar" <bjorn.bidar@thaodan.de>
Cc: 72526-done@debbugs.gnu.org
Subject: bug#72526: 31.0.50; [PATCH] Fix url-basic-auth secret search when passing username and/or port
Date: Sat, 24 Aug 2024 11:59:20 +0300 [thread overview]
Message-ID: <86bk1invo7.fsf@gnu.org> (raw)
In-Reply-To: <87zfp9q9ym.fsf@> (message from Björn Bidar on Mon, 19 Aug 2024 09:54:09 +0300)
> From: Björn Bidar <bjorn.bidar@thaodan.de>
> Cc: 72526@debbugs.gnu.org
> Date: Mon, 19 Aug 2024 09:54:09 +0300
>
> Eli Zaretskii <eliz@gnu.org> writes:
>
> >> From: Björn Bidar <bjorn.bidar@thaodan.de>
> >> Cc: 72526@debbugs.gnu.org
> >> Date: Sun, 18 Aug 2024 15:30:22 +0300
> >>
> >> Eli Zaretskii <eliz@gnu.org> writes:
> >>
> >> 1. url-basic-auth-store uses the 'server' as in the '<server>:<port>' in
> >> url-basic-auth-storage. I did not want to change the existing format
> >> as I don't know the implications.
> >
> > Can you calculate a separate variable once, and then use 'server' and
> > that new variable, each one where appropriate? It simply doesn't look
> > clean to recalculate the same value several times.
> >
> >> 2. I tested calling auth-source-search with :user nil and without :user
> >> in both cases the result was the same, from this I imply that calling
> >> auth-source-search with :user nil is ok.
> >
> > Wouldn't it be cleaner to omit :user if the value is nil?
>
> It would, how would one do such thing in lisp except of course
> having two separate calls one with :user and one without :user.
> For C it would be normal to just pass NULL if the argument is optional
> (beginner in lisp).
>
> >> Yes if auth-source-search doesn't find a user for the url
> >> url-basic-auth will prompt the user for a user.
> >> Why is it a good idea to derive the user by url-basic-auth?
> >> Because HTTP basic authentication uses the as specific in RFC 3986
> >> section 3.2.1. Using it in this function to infer the user from the
> >> url just follows the standard as already in other programs/Emacs
> >> packages.
> >> If the user has specified the username they want to identify with
> >> at the server asking for it would be redundant and not confirming to
> >> the standard.
> >
> > What does the current code do in that case? Does it completely fail,
> > or does it prompt for the username? If the latter, it would be a
> > change in behavior, won't it?
>
> Currently it does ask for the user even if the caller sends the user in the
> url. It would be change of behavior, however it is expected that the user is
> used in HTTP basic authentication if the the url is 'http://user@host'.
> I don't think any caller would call the function in such a way without
> expecting that user is the username used in the call.
Thanks, so I installed the patch on the master branch, and I'm now
closing this bug.
next prev parent reply other threads:[~2024-08-24 8:59 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87bk1stevo.fsf@>
2024-08-17 6:02 ` bug#72526: 31.0.50; [PATCH] Fix url-basic-auth secret search when passing username and/or port Eli Zaretskii
2024-08-17 8:41 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <877ccftubm.fsf@>
2024-08-17 10:49 ` Eli Zaretskii
2024-08-17 20:50 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <87zfpaswk4.fsf@>
2024-08-18 5:15 ` Eli Zaretskii
2024-08-18 12:30 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <87v7zyrp29.fsf@>
2024-08-18 13:13 ` Eli Zaretskii
2024-08-19 6:54 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <87zfp9q9ym.fsf@>
2024-08-24 8:59 ` Eli Zaretskii [this message]
2024-08-24 11:59 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <87y14mb07y.fsf@>
2024-08-24 12:51 ` Eli Zaretskii
2024-08-26 6:05 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <87h6b7byzb.fsf@>
2024-08-26 11:14 ` Eli Zaretskii
[not found] <87r0azawml.fsf@>
2024-08-16 20:02 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-08-16 20:02 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-08-08 14:59 Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86bk1invo7.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=72526-done@debbugs.gnu.org \
--cc=bjorn.bidar@thaodan.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.