Support credentials in URL with empty user, e.g. http://:password@host (

#6494)
aio-libs · Jan 6, 2022 · 06c226f · 06c226f
1 parent 5d70b8e
commit 06c226f
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 4 deletions.
diff --git a/CHANGES/6494.bugfix b/CHANGES/6494.bugfix
@@ -0,0 +1 @@
+Support credentials in URL with empty user, e.g. http://:password@host
diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt
@@ -71,6 +71,7 @@ Chih-Yuan Chen
 Chris AtLee
 Chris Laws
 Chris Moore
+Chris Shucksmith
 Christopher Schmitt
 Claudiu Popa
 Colin Dunklau

diff --git a/aiohttp/client_reqrep.py b/aiohttp/client_reqrep.py
@@ -301,8 +301,8 @@ def update_host(self, url: URL) -> None:
 
         # basic auth info
         username, password = url.user, url.password
-        if username:
-            self.auth = helpers.BasicAuth(username, password or "")
+        if username or password:
+            self.auth = helpers.BasicAuth(username or "", password or "")
 
     def update_version(self, version: Union[http.HttpVersion, str]) -> None:
         """Convert request version to two elements tuple.

diff --git a/aiohttp/helpers.py b/aiohttp/helpers.py
@@ -178,9 +178,9 @@ def from_url(cls, url: URL, *, encoding: str = "latin1") -> Optional["BasicAuth"
         """Create BasicAuth from url."""
         if not isinstance(url, URL):
             raise TypeError("url should be yarl.URL instance")
-        if url.user is None:
+        if url.user is None and url.password is None:
             return None
-        return cls(url.user, url.password or "", encoding=encoding)
+        return cls(url.user or "", url.password or "", encoding=encoding)
 
     def encode(self) -> str:
         """Encode credentials."""

diff --git a/tests/test_client_request.py b/tests/test_client_request.py
@@ -389,6 +389,13 @@ def test_basic_auth_from_url(make_request: Any) -> None:
     assert "python.org" == req.host
 
 
+def test_basic_auth_no_user_from_url(make_request: Any) -> None:
+    req = make_request("get", "http://:[email protected]")
+    assert "AUTHORIZATION" in req.headers
+    assert "Basic OjEyMzQ=" == req.headers["AUTHORIZATION"]
+    assert "python.org" == req.host
+
+
 def test_basic_auth_from_url_overridden(make_request: Any) -> None:
     req = make_request(
         "get", "http://[email protected]", auth=aiohttp.BasicAuth("nkim", "1234")

diff --git a/tests/test_helpers.py b/tests/test_helpers.py
@@ -184,6 +184,13 @@ def test_basic_auth_from_url() -> None:
     assert auth.password == "pass"
 
 
+def test_basic_auth_no_user_from_url() -> None:
+    url = URL("http://:[email protected]")
+    auth = helpers.BasicAuth.from_url(url)
+    assert auth.login == ""
+    assert auth.password == "pass"
+
+
 def test_basic_auth_from_not_url() -> None:
     with pytest.raises(TypeError):
         helpers.BasicAuth.from_url("http://user:[email protected]")
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Support credentials in URL with empty user, e.g. http://:password@host