GNU bug report logs - #72526
31.0.50; [PATCH] Fix url-basic-auth secret search when passing username and/or port

Previous Next

Package: emacs;

Reported by: Björn Bidar <bjorn.bidar <at> thaodan.de>

Date: Thu, 8 Aug 2024 15:03:01 UTC

Severity: normal

Tags: patch

Found in version 31.0.50

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Björn Bidar <bjorn.bidar <at> thaodan.de>
Cc: 72526 <at> debbugs.gnu.org
Subject: bug#72526: 31.0.50; [PATCH] Fix url-basic-auth secret search when passing username and/or port
Date: Sun, 18 Aug 2024 16:13:35 +0300

> From: Björn Bidar <bjorn.bidar <at> thaodan.de>
> Cc: 72526 <at> debbugs.gnu.org
> Date: Sun, 18 Aug 2024 15:30:22 +0300
> 
> Eli Zaretskii <eliz <at> gnu.org> writes:
> 
> 1. url-basic-auth-store uses the 'server' as in the '<server>:<port>' in
>    url-basic-auth-storage. I did not want to change the existing format
>    as I don't know the implications.

Can you calculate a separate variable once, and then use 'server' and
that new variable, each one where appropriate?  It simply doesn't look
clean to recalculate the same value several times.

> 2. I tested calling auth-source-search with :user nil and without :user
>    in both cases the result was the same, from this I imply that calling
>    auth-source-search with :user nil is ok.

Wouldn't it be cleaner to omit :user if the value is nil?

>    Yes if auth-source-search doesn't find a user for the url
>    url-basic-auth will prompt the user for a user.
>    Why is it a good idea to derive the user by url-basic-auth?
>    Because HTTP basic authentication uses the as specific in RFC 3986
>    section 3.2.1. Using it in this function to infer the user from the
>    url just follows the standard as already in other programs/Emacs
>    packages.
>    If the user has specified the username they want to identify with
>    at the server asking for it would be redundant and not confirming to
>    the standard.

What does the current code do in that case?  Does it completely fail,
or does it prompt for the username?  If the latter, it would be a
change in behavior, won't it?

> PS: Reading your message was quite hard as a non-native speaker of
> English, had to search so many of the acronyms.

Sorry about that.  (I'm not a native English speaker, either.)
This bug report was last modified 77 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.