GNU bug report logs - #72526
31.0.50; [PATCH] Fix url-basic-auth secret search when passing username and/or port

Previous Next

Package: emacs;

Reported by: Björn Bidar <bjorn.bidar <at> thaodan.de>

Date: Thu, 8 Aug 2024 15:03:01 UTC

Severity: normal

Tags: patch

Found in version 31.0.50

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Björn Bidar <bjorn.bidar <at> thaodan.de>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 72526 <at> debbugs.gnu.org
Subject: bug#72526: 31.0.50; [PATCH] Fix url-basic-auth secret search when passing username and/or port
Date: Sat, 17 Aug 2024 23:50:51 +0300

Eli Zaretskii <eliz <at> gnu.org> writes:

>> From: Björn Bidar <bjorn.bidar <at> thaodan.de>
>> Cc: 72526 <at> debbugs.gnu.org
>> Date: Sat, 17 Aug 2024 11:41:33 +0300
>> 
>> Eli Zaretskii <eliz <at> gnu.org> writes:
>> 
>> >> Date: Fri, 16 Aug 2024 23:02:51 +0300
>> >> From:  Björn Bidar via "Bug reports for GNU Emacs,
>> >>  the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org>
>> >> 
>> >> Could someone please review my patch?
>> >
>> > Sorry, I don't see any experts around to ask to do that.
>> 
>> Maybe the maintainer of the url package?
>
> Whom did you have in mind?  url.el says "emacs-devel", which is
> basically no one and everyone.

I don't know, the person that usually deals with the package?

>> > Maybe if you'd posted a more detailed description of the problem and
>> > its context, someone could follow your arguments and do a meaningful
>> > review.  E.g., it sounds from your description like the case of URLs
>> > where it currently fails was not meant to be supported by this
>> > library?  If so, perhaps an alternative is to submit to this library
>> > only URLs that it supports, like after stripping the port part?
>> 
>> The problem is that the user in url-basic-auth when handling urls like <uri-type>://<user>@<host> isn't
>> forwarded to auth-source. Further it also appends to port to the
>> hostname of host which means that the host is invalid since the hostname
>> includes the port number.
>> 
>> >From what I read when looking at url-auth.el at line 84 it does support
>> this kind of case of url as it already handles the same type of url when
>> it deals with <uri-type>://<user>:<password>@<host>.
>
> So how come this code was not fixed since the day it was added to
> Emacs, so long ago?

I don't know I assume it was never an issue at that time?
In any case amending the port to the :host key seems like a bug to me.
Similarly when the user specifies the user in the url it should be
passed to auth-source so it can find the credentials.
This bug report was last modified 78 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.