[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Will the http.set_auth call in rhc ever happen?



Hello,

I've been recently investigating the authentication code paths of
rhc and the fact that in new_request, code does

          user = options.delete(:user)
          password = options.delete(:password)
          if user
            headers['Authorization'] ||= "Basic #{["#{user}:#{password}"].pack('m').tr("\n", '')}"
          end

to then call httpclient_for(options) which does

            http.set_auth(nil, options[:user], options[:password]) if options[:user]

got me suspicious -- will the options[:user] ever have chance of
existing so that the http.set_auth ever happens (in which case please
consider the patch below) or should the options.delete be changed
to just reading the values without deleting them?

diff --git a/lib/rhc/rest/client.rb b/lib/rhc/rest/client.rb
index 92bfcb2..d1ce5a1 100644
--- a/lib/rhc/rest/client.rb
+++ b/lib/rhc/rest/client.rb
@@ -343,7 +343,6 @@ module RHC
             http.debug_dev = $stderr if ENV['HTTP_DEBUG']
 
             options.select{ |sym, value| http.respond_to?("#{sym}=") }.map{ |sym, value| http.send("#{sym}=", value) }
-            http.set_auth(nil, options[:user], options[:password]) if options[:user]
 
             ssl = http.ssl_config
             options.select{ |sym, value| ssl.respond_to?("#{sym}=") }.map{ |sym, value| ssl.send("#{sym}=", value) }

-- 
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]