commit 92156900eaf38a87a9d8a663a935c21fecc355ac
Author: Petr Písař <ppisar@xxxxxxxxxx>
Date: Tue Nov 19 16:11:26 2013 +0100
Do not override existing Authorization header
...uth-in-URL-overriding-existing-auth-heade.patch | 76 ++++++++++++++++++++
perl-HTTP-Tiny.spec | 4 +
2 files changed, 80 insertions(+), 0 deletions(-)
---
diff --git a/HTTP-Tiny-0.034-fix-basic-auth-in-URL-overriding-existing-auth-heade.patch b/HTTP-Tiny-0.034-fix-basic-auth-in-URL-overriding-existing-auth-heade.patch
new file mode 100644
index 0000000..3996c35
--- /dev/null
+++ b/HTTP-Tiny-0.034-fix-basic-auth-in-URL-overriding-existing-auth-heade.patch
@@ -0,0 +1,76 @@
+From ac94861cecb903e79270d4e1256a4d1195550dc6 Mon Sep 17 00:00:00 2001
+From: David Golden <dagolden@xxxxxxxx>
+Date: Mon, 18 Nov 2013 12:45:06 -0500
+Subject: [PATCH] fix basic auth in URL overriding existing auth header
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Basic authorization shouldn't be added if an authorization
+header exists. The wrong header was being checked and this
+commit fixes that.
+
+Petr Pisar: Ported to 0.034.
+
+Signed-off-by: Petr Písař <ppisar@xxxxxxxxxx>
+---
+ MANIFEST | 1 +
+ lib/HTTP/Tiny.pm | 2 +-
+ t/cases/auth-05.txt | 20 ++++++++++++++++++++
+ 3 files changed, 22 insertions(+), 1 deletion(-)
+ create mode 100644 t/cases/auth-05.txt
+
+diff --git a/MANIFEST b/MANIFEST
+index 5b046cc..f89676a 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -47,6 +47,7 @@ t/cases/auth-01.txt
+ t/cases/auth-02.txt
+ t/cases/auth-03.txt
+ t/cases/auth-04.txt
++t/cases/auth-05.txt
+ t/cases/cookies-01.txt
+ t/cases/cookies-02.txt
+ t/cases/cookies-03.txt
+diff --git a/lib/HTTP/Tiny.pm b/lib/HTTP/Tiny.pm
+index 6a045f6..2c15cac 100644
+--- a/lib/HTTP/Tiny.pm
++++ b/lib/HTTP/Tiny.pm
+@@ -309,7 +309,7 @@ sub _prepare_headers_and_cb {
+ }
+
+ # if we have Basic auth parameters, add them
+- if ( length $auth && ! defined $request->{headers}{authentication} ) {
++ if ( length $auth && ! defined $request->{headers}{authorization} ) {
+ require MIME::Base64;
+ $request->{headers}{authorization} =
+ "Basic " . MIME::Base64::encode_base64($auth, "");
+diff --git a/t/cases/auth-05.txt b/t/cases/auth-05.txt
+new file mode 100644
+index 0000000..3a9970e
+--- /dev/null
++++ b/t/cases/auth-05.txt
+@@ -0,0 +1,20 @@
++url
++ http://foo:bar@xxxxxxxxxxx/index.html
++headers
++ authorization: Whatever
++expected
++ abcdefghijklmnopqrstuvwxyz1234567890abcdef
++----------
++GET /index.html HTTP/1.1
++Host: example.com
++Connection: close
++User-Agent: HTTP-Tiny/VERSION
++Authorization: Whatever
++
++----------
++HTTP/1.1 200 OK
++Date: Thu, 03 Feb 1994 00:00:00 GMT
++Content-Type: text/plain
++Content-Length: 42
++
++abcdefghijklmnopqrstuvwxyz1234567890abcdef
+--
+1.8.3.1
+
diff --git a/perl-HTTP-Tiny.spec b/perl-HTTP-Tiny.spec
index 4c8f8ea..2e4fcbc 100644
--- a/perl-HTTP-Tiny.spec
+++ b/perl-HTTP-Tiny.spec
@@ -8,6 +8,8 @@ URL: http://search.cpan.org/dist/HTTP-Tiny/
Source0: http://www.cpan.org/authors/id/D/DA/DAGOLDEN/HTTP-Tiny-%{version}.tar.gz
# Bug #1032089, in upstream 0.037
Patch0: HTTP-Tiny-0.034-unescape-any-basic-authentication-stanza.patch
+# Bug #1032089, in upstream 0.038
+Patch1: HTTP-Tiny-0.034-fix-basic-auth-in-URL-overriding-existing-auth-heade.patch
BuildArch: noarch
BuildRequires: perl
BuildRequires: perl(ExtUtils::MakeMaker) >= 6.30
@@ -55,6 +57,7 @@ resumes after EINTR.
%prep
%setup -q -n HTTP-Tiny-%{version}
%patch0 -p1
+%patch1 -p1
%build
perl Makefile.PL INSTALLDIRS=vendor
@@ -76,6 +79,7 @@ make test
%changelog
* Tue Nov 19 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 0.034-4
- Unescape any basic authentication stanza (bug #1032089)
+- Do not override existing Authorization header (bug #1032089)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.034-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel
