url: avoid re-issuing incorrect password (issue3210)

Some draconian IT setups lock accounts after a small number of incorrect password attempts. Mercurial's implementation of the urllib2 authentication was causing 5 retry attempts with the same credentials, without prompting the user. The code was attempting to check whether the authorization token had changed, but unfortunately was reading the misleading 'headers' member of the request instead of using the 'get_header' accessor. Modelled on fix for Python issue 8797: https://bugs.python.org/issue8797 https://hg.python.org/cpython/rev/30e8a8f22a2a
2024-10-07 07:17:55 +03:00 · 2016-07-29 12:46:07 +01:00 · 2016-07-29 12:46:07 +01:00 · 7d9a563a01
commit 7d9a563a01
parent 8b736f8354
1 changed files with 1 additions and 1 deletions
--- a/mercurial/url.py
+++ b/mercurial/url.py
@ -451,7 +451,7 @@ class httpbasicauthhandler(urlreq.httpbasicauthhandler):
        if pw is not None:
            raw = "%s:%s" % (user, pw)
            auth = 'Basic %s' % base64.b64encode(raw).strip()
-            if req.headers.get(self.auth_header, None) == auth:
+            if req.get_header(self.auth_header, None) == auth:
                return None
            self.auth = auth
            req.add_unredirected_header(self.auth_header, auth)