GNU bug report logs - #72526
31.0.50; [PATCH] Fix url-basic-auth secret search when passing username and/or port

Previous Next

Full log

View this message in rfc822 format

From: Björn Bidar <bjorn.bidar <at> thaodan.de>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 72526 <at> debbugs.gnu.org
Subject: bug#72526: 31.0.50; [PATCH] Fix url-basic-auth secret search when passing username and/or port
Date: Sat, 17 Aug 2024 11:41:33 +0300

Eli Zaretskii <eliz <at> gnu.org> writes:

>> Date: Fri, 16 Aug 2024 23:02:51 +0300
>> From:  Björn Bidar via "Bug reports for GNU Emacs,
>>  the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org>
>> 
>> Could someone please review my patch?
>
> Sorry, I don't see any experts around to ask to do that.

Maybe the maintainer of the url package?

> Maybe if you'd posted a more detailed description of the problem and
> its context, someone could follow your arguments and do a meaningful
> review.  E.g., it sounds from your description like the case of URLs
> where it currently fails was not meant to be supported by this
> library?  If so, perhaps an alternative is to submit to this library
> only URLs that it supports, like after stripping the port part?

The problem is that the user in url-basic-auth when handling urls like <uri-type>://<user>@<host> isn't
forwarded to auth-source. Further it also appends to port to the
hostname of host which means that the host is invalid since the hostname
includes the port number.

From what I read when looking at url-auth.el at line 84 it does support
this kind of case of url as it already handles the same type of url when
it deals with <uri-type>://<user>:<password>@<host>.

> On another level: please make sure you leave 2 spaces between
> sentences in comments, strings, and commit log messages.  And I don't
> think the 3rd patch belongs to this issue, so let's not include it in
> this discussion.

Sure.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.