[perl-HTTP-Tiny/f20] Do not override existing Authorization header

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



commit 92156900eaf38a87a9d8a663a935c21fecc355ac
Author: Petr Písař <ppisar@xxxxxxxxxx>
Date:   Tue Nov 19 16:11:26 2013 +0100

    Do not override existing Authorization header

 ...uth-in-URL-overriding-existing-auth-heade.patch |   76 ++++++++++++++++++++
 perl-HTTP-Tiny.spec                                |    4 +
 2 files changed, 80 insertions(+), 0 deletions(-)
---
diff --git a/HTTP-Tiny-0.034-fix-basic-auth-in-URL-overriding-existing-auth-heade.patch b/HTTP-Tiny-0.034-fix-basic-auth-in-URL-overriding-existing-auth-heade.patch
new file mode 100644
index 0000000..3996c35
--- /dev/null
+++ b/HTTP-Tiny-0.034-fix-basic-auth-in-URL-overriding-existing-auth-heade.patch
@@ -0,0 +1,76 @@
+From ac94861cecb903e79270d4e1256a4d1195550dc6 Mon Sep 17 00:00:00 2001
+From: David Golden <dagolden@xxxxxxxx>
+Date: Mon, 18 Nov 2013 12:45:06 -0500
+Subject: [PATCH] fix basic auth in URL overriding existing auth header
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Basic authorization shouldn't be added if an authorization
+header exists.  The wrong header was being checked and this
+commit fixes that.
+
+Petr Pisar: Ported to 0.034.
+
+Signed-off-by: Petr Písař <ppisar@xxxxxxxxxx>
+---
+ MANIFEST            |  1 +
+ lib/HTTP/Tiny.pm    |  2 +-
+ t/cases/auth-05.txt | 20 ++++++++++++++++++++
+ 3 files changed, 22 insertions(+), 1 deletion(-)
+ create mode 100644 t/cases/auth-05.txt
+
+diff --git a/MANIFEST b/MANIFEST
+index 5b046cc..f89676a 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -47,6 +47,7 @@ t/cases/auth-01.txt
+ t/cases/auth-02.txt
+ t/cases/auth-03.txt
+ t/cases/auth-04.txt
++t/cases/auth-05.txt
+ t/cases/cookies-01.txt
+ t/cases/cookies-02.txt
+ t/cases/cookies-03.txt
+diff --git a/lib/HTTP/Tiny.pm b/lib/HTTP/Tiny.pm
+index 6a045f6..2c15cac 100644
+--- a/lib/HTTP/Tiny.pm
++++ b/lib/HTTP/Tiny.pm
+@@ -309,7 +309,7 @@ sub _prepare_headers_and_cb {
+     }
+ 
+     # if we have Basic auth parameters, add them
+-    if ( length $auth && ! defined $request->{headers}{authentication} ) {
++    if ( length $auth && ! defined $request->{headers}{authorization} ) {
+         require MIME::Base64;
+         $request->{headers}{authorization} =
+             "Basic " . MIME::Base64::encode_base64($auth, "");
+diff --git a/t/cases/auth-05.txt b/t/cases/auth-05.txt
+new file mode 100644
+index 0000000..3a9970e
+--- /dev/null
++++ b/t/cases/auth-05.txt
+@@ -0,0 +1,20 @@
++url
++  http://foo:bar@xxxxxxxxxxx/index.html
++headers
++  authorization: Whatever
++expected
++  abcdefghijklmnopqrstuvwxyz1234567890abcdef
++----------
++GET /index.html HTTP/1.1
++Host: example.com
++Connection: close
++User-Agent: HTTP-Tiny/VERSION
++Authorization: Whatever
++
++----------
++HTTP/1.1 200 OK
++Date: Thu, 03 Feb 1994 00:00:00 GMT
++Content-Type: text/plain
++Content-Length: 42
++
++abcdefghijklmnopqrstuvwxyz1234567890abcdef
+-- 
+1.8.3.1
+
diff --git a/perl-HTTP-Tiny.spec b/perl-HTTP-Tiny.spec
index 4c8f8ea..2e4fcbc 100644
--- a/perl-HTTP-Tiny.spec
+++ b/perl-HTTP-Tiny.spec
@@ -8,6 +8,8 @@ URL:            http://search.cpan.org/dist/HTTP-Tiny/
 Source0:        http://www.cpan.org/authors/id/D/DA/DAGOLDEN/HTTP-Tiny-%{version}.tar.gz
 # Bug #1032089, in upstream 0.037
 Patch0:         HTTP-Tiny-0.034-unescape-any-basic-authentication-stanza.patch
+# Bug #1032089, in upstream 0.038
+Patch1:         HTTP-Tiny-0.034-fix-basic-auth-in-URL-overriding-existing-auth-heade.patch
 BuildArch:      noarch
 BuildRequires:  perl
 BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.30
@@ -55,6 +57,7 @@ resumes after EINTR.
 %prep
 %setup -q -n HTTP-Tiny-%{version}
 %patch0 -p1
+%patch1 -p1
 
 %build
 perl Makefile.PL INSTALLDIRS=vendor
@@ -76,6 +79,7 @@ make test
 %changelog
 * Tue Nov 19 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 0.034-4
 - Unescape any basic authentication stanza (bug #1032089)
+- Do not override existing Authorization header (bug #1032089)
 
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.034-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel





[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Legacy Announce]     [Fedora PHP Devel]     [Kernel Devel]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite Information]
  Powered by Linux