GNU bug report logs - #50511
27.2; url-http-handle-authentication should not raise error

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 50511 in the body.
You can then email your comments to 50511 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jonas Bernoulli <jonas <at> bernoul.li>
To: bug-gnu-emacs <at> gnu.org
Cc: Lars Ingebrigtsen <larsi <at> gnus.org>
Subject: 27.2; url-http-handle-authentication should not raise error
Date: Fri, 10 Sep 2021 18:14:54 +0200

Since [1: 64b469f6ae] url-http-handle-authentication raises an error
when it detects that we already tried to make an authenticated request.

1: 2019-07-26 64b469f6ae8173116ec948ac43cd44efe4b5a221
   Don't infloop in url.el when sending invalid basic auth

Instead of signaling an error using `error', it should simply return t
to indicate that no further requests should be made and the response
data (in this case error data) should be passed to the handler, i.e. to
indicate that the request "successfully failed".  Then the error handler
can inspect the response and decide how to react.

This is how it is done for all other https response codes, including all
other error codes.  This approach also solves the infloop issue but also
makes it possible to use an error handler as intended.

     Jonas

Message #8 received at 50511 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Jonas Bernoulli <jonas <at> bernoul.li>
Cc: 50511 <at> debbugs.gnu.org
Subject: Re: bug#50511: 27.2; url-http-handle-authentication should not
 raise error
Date: Sat, 11 Sep 2021 15:05:19 +0200

Jonas Bernoulli <jonas <at> bernoul.li> writes:

> Since [1: 64b469f6ae] url-http-handle-authentication raises an error
> when it detects that we already tried to make an authenticated request.
>
> 1: 2019-07-26 64b469f6ae8173116ec948ac43cd44efe4b5a221
>    Don't infloop in url.el when sending invalid basic auth
>
> Instead of signaling an error using `error', it should simply return t
> to indicate that no further requests should be made and the response
> data (in this case error data) should be passed to the handler, i.e. to
> indicate that the request "successfully failed".  Then the error handler
> can inspect the response and decide how to react.
>
> This is how it is done for all other https response codes, including all
> other error codes.  This approach also solves the infloop issue but also
> makes it possible to use an error handler as intended.

Makes sense.  Can you propose a patch for this (since you can reproduce
the problem and verify that the patch fixes it)?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #11 received at 50511 <at> debbugs.gnu.org (full text, mbox):

From: Jonas Bernoulli <jonas <at> bernoul.li>
To: 50511 <at> debbugs.gnu.org
Subject: [PATCH] No longer raise error when authentication failed
Date: Thu, 16 Sep 2021 20:32:11 +0200

* lisp/url/url-http.el (url-http-handle-authentication): Return t
instead of raising an error, instructing the caller to invoke the
request specific error handler (bug#50511).
---
 lisp/url/url-http.el | 94 ++++++++++++++++++++++----------------------
 1 file changed, 47 insertions(+), 47 deletions(-)

diff --git a/lisp/url/url-http.el b/lisp/url/url-http.el
index ba13a17a8f..1530016397 100644
--- a/lisp/url/url-http.el
+++ b/lisp/url/url-http.el
@@ -462,53 +462,53 @@ url-http-handle-authentication
     ;; credentials to the server, and they were wrong, so just give
     ;; up.
     (let ((authorization (assoc "Authorization" url-http-extra-headers)))
-      (when (and authorization
-		 (not (string-match "^NTLM " (cdr authorization))))
-	(error "Wrong authorization used for %s" url)))
-
-    ;; find strongest supported auth
-    (dolist (this-auth auths)
-      (setq this-auth (url-eat-trailing-space
-		       (url-strip-leading-spaces
-			this-auth)))
-      (let* ((this-type
-	      (downcase (if (string-match "[ \t]" this-auth)
-                            (substring this-auth 0 (match-beginning 0))
-                          this-auth)))
-	     (registered (url-auth-registered this-type))
-	     (this-strength (cddr registered)))
-	(when (and registered (> this-strength strength))
-	  (setq auth this-auth
-		type this-type
-		strength this-strength))))
-
-    (if (not (url-auth-registered type))
-	(progn
-	  (widen)
-	  (goto-char (point-max))
-	  (insert "<hr>Sorry, but I do not know how to handle " (or type auth url "")
-		  " authentication.  If you'd like to write it,"
-		  " please use M-x report-emacs-bug RET.<hr>")
-          ;; We used to set a `status' var (declared "special") but I can't
-          ;; find the corresponding let-binding, so it's probably an error.
-          ;; FIXME: Maybe it was supposed to set `success', i.e. to return t?
-          ;; (setq status t)
-          nil) ;; Not success yet.
-
-      (let* ((args (url-parse-args (subst-char-in-string ?, ?\; auth)))
-	     (auth (url-get-authentication auth-url
-					   (cdr-safe (assoc "realm" args))
-					   type t args)))
-	(if (not auth)
-            t                           ;Success.
-	  (push (cons (if proxy "Proxy-Authorization" "Authorization") auth)
-		url-http-extra-headers)
-	  (let ((url-request-method url-http-method)
-		(url-request-data url-http-data)
-		(url-request-extra-headers url-http-extra-headers))
-	    (url-retrieve-internal url url-callback-function
-				   url-callback-arguments))
-          nil))))) ;; Not success yet.
+      (if (and authorization
+               (not (string-match "^NTLM " (cdr authorization)))) ;Bug#43566
+          t ;; Instruct caller to signal an error.  Bug#50511
+        ;; Find strongest supported auth.
+        (dolist (this-auth auths)
+          (setq this-auth (url-eat-trailing-space
+                           (url-strip-leading-spaces
+                            this-auth)))
+          (let* ((this-type
+                  (downcase (if (string-match "[ \t]" this-auth)
+                                (substring this-auth 0 (match-beginning 0))
+                              this-auth)))
+                 (registered (url-auth-registered this-type))
+                 (this-strength (cddr registered)))
+            (when (and registered (> this-strength strength))
+              (setq auth this-auth
+                    type this-type
+                    strength this-strength))))
+
+        (if (not (url-auth-registered type))
+            (progn
+              (widen)
+              (goto-char (point-max))
+              (insert "<hr>Sorry, but I do not know how to handle "
+                      (or type auth url "")
+                      " authentication.  If you'd like to write it,"
+                      " please use M-x report-emacs-bug RET.<hr>")
+              ;; We used to set a `status' var (declared "special") but I can't
+              ;; find the corresponding let-binding, so it's probably an error.
+              ;; FIXME: Maybe it was supposed to set `success', i.e. to return t?
+              ;; (setq status t)
+              nil) ;; Not success yet.
+
+          (let* ((args (url-parse-args (subst-char-in-string ?, ?\; auth)))
+                 (auth (url-get-authentication auth-url
+                                               (cdr-safe (assoc "realm" args))
+                                               type t args)))
+            (if (not auth)
+                t                           ;Success.
+              (push (cons (if proxy "Proxy-Authorization" "Authorization") auth)
+                    url-http-extra-headers)
+              (let ((url-request-method url-http-method)
+                    (url-request-data url-http-data)
+                    (url-request-extra-headers url-http-extra-headers))
+                (url-retrieve-internal url url-callback-function
+                                       url-callback-arguments))
+              nil))))))) ;; Not success yet.
 
 (defun url-http-parse-response ()
   "Parse just the response code."
-- 
2.33.0

Message #14 received at 50511 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Jonas Bernoulli <jonas <at> bernoul.li>
Cc: 50511 <at> debbugs.gnu.org
Subject: Re: bug#50511: [PATCH] No longer raise error when authentication
 failed
Date: Fri, 17 Sep 2021 16:26:51 +0200

Jonas Bernoulli <jonas <at> bernoul.li> writes:

> * lisp/url/url-http.el (url-http-handle-authentication): Return t
> instead of raising an error, instructing the caller to invoke the
> request specific error handler (bug#50511).

Looks good to me; please go ahead and push.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #19 received at 50511 <at> debbugs.gnu.org (full text, mbox):

From: Jonas Bernoulli <jonas <at> bernoul.li>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 50511 <at> debbugs.gnu.org
Subject: Re: bug#50511: [PATCH] No longer raise error when authentication
 failed
Date: Mon, 20 Sep 2021 21:19:51 +0200

> Looks good to me; please go ahead and push.

Done. Please close.

Message #22 received at 50511 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Jonas Bernoulli <jonas <at> bernoul.li>
Cc: 50511 <at> debbugs.gnu.org
Subject: Re: bug#50511: [PATCH] No longer raise error when authentication
 failed
Date: Mon, 20 Sep 2021 21:24:12 +0200

Jonas Bernoulli <jonas <at> bernoul.li> writes:

>> Looks good to me; please go ahead and push.
>
> Done. Please close.

OK; done.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.