Added support for credentials in URL.

Closes #100 🍰
2024-11-24 08:22:22 +02:00 · 2012-11-08 22:29:54 +01:00 · 2012-11-08 22:29:54 +01:00 · d87b2aa0e5
commit d87b2aa0e5
parent 5d969852c7
3 changed files with 47 additions and 3 deletions
--- a/README.rst
+++ b/README.rst
@ -447,6 +447,9 @@ come). There are two flags that control authentication:
                        (``-a username``), you'll be prompted for
                        the password before the request is sent.
                        To send a an empty password, pass ``username:``.
+                        The ``username:password@hostname`` URL syntax is
+                        supported as well (but credentials passed via ``-a``
+                        have higher priority).

 ``--auth-type``         Specify the auth mechanism. Possible values are
                        ``basic`` and ``digest``. The default value is
--- a/httpie/input.py
+++ b/httpie/input.py
@ -123,12 +123,28 @@ class Parser(ArgumentParser):
            scheme = HTTPS if env.progname == 'https' else HTTP
            args.url = scheme + args.url

-        if args.auth and not args.auth.has_password():
-            # Stdin already read (if not a tty) so it's save to prompt.
-            args.auth.prompt_password(urlparse(args.url).netloc)
+        self._process_auth(args)

        return args

+    def _process_auth(self, args):
+        url = urlparse(args.url)
+
+        if args.auth:
+            if not args.auth.has_password():
+                # Stdin already read (if not a tty) so it's save to prompt.
+                args.auth.prompt_password(url.netloc)
+
+        elif url.username is not None:
+            # Handle http://username:password@hostname/
+            username, password = url.username, url.password
+            args.auth = AuthCredentials(
+                key=username,
+                value=password,
+                sep=SEP_CREDENTIALS,
+                orig=SEP_CREDENTIALS.join([username, password])
+            )
+
    def _apply_no_options(self, args, no_options):
        """For every `--no-OPTION` in `no_options`, set `args.OPTION` to
        its default value. This allows for un-setting of options, e.g.,
--- a/tests/tests.py
+++ b/tests/tests.py
@ -858,6 +858,31 @@ class AuthTest(BaseTestCase):
        self.assertIn('"authenticated": true', r)
        self.assertIn('"user": "user"', r)

+    def test_credentials_in_url(self):
+        url = httpbin('/basic-auth/user/password')
+        url = 'http://user:password@' + url.split('http://', 1)[1]
+        r = http(
+            'GET',
+            url
+        )
+        self.assertIn(OK, r)
+        self.assertIn('"authenticated": true', r)
+        self.assertIn('"user": "user"', r)
+
+    def test_credentials_in_url_auth_flag_has_priority(self):
+        """When credentials are passed in URL and via -a at the same time,
+         then the ones from -a are used."""
+        url = httpbin('/basic-auth/user/password')
+        url = 'http://user:wrong_password@' + url.split('http://', 1)[1]
+        r = http(
+            '--auth=user:password',
+            'GET',
+            url
+        )
+        self.assertIn(OK, r)
+        self.assertIn('"authenticated": true', r)
+        self.assertIn('"user": "user"', r)
+

 class ExitStatusTest(BaseTestCase):