intersphinx: _strip_basic_auth() only removes credentials from URL

2025-02-25 18:55:22 -06:00 · 2016-08-18 12:41:38 +09:00 · 2016-08-18 12:41:38 +09:00 · e7ff996d13
commit e7ff996d13
parent 35232a3dd6
2 changed files with 13 additions and 32 deletions
--- a/sphinx/ext/intersphinx.py
+++ b/sphinx/ext/intersphinx.py
@ -135,27 +135,14 @@ def _strip_basic_auth(url):
    :param url: url which may or may not contain basic auth credentials
    :type url: ``str``
-    :return: 3-``tuple`` of:
+    :return: *url* with any basic auth creds removed
-
+    :rtype: ``str``
      * (``str``) -- *url* with any basic auth creds removed
      * (``str`` or ``NoneType``) -- basic auth username or ``None`` if basic
        auth username not given
      * (``str`` or ``NoneType``) -- basic auth password or ``None`` if basic
        auth password not given
    :rtype: ``tuple``
    """
-    url_parts = urlsplit(url)
+    frags = list(urlsplit(url))
    username = url_parts.username
    password = url_parts.password
    frags = list(url_parts)
    # swap out "user[:pass]@hostname" for "hostname"
-    if url_parts.port:
+    if '@' in frags[1]:
-        frags[1] = "%s:%s" % (url_parts.hostname, url_parts.port)
+        frags[1] = frags[1].split('@')[1]
-    else:
+    return urlunsplit(frags)
        frags[1] = url_parts.hostname
    url = urlunsplit(frags)
    return (url, username, password)
 def _read_from_url(url):
@ -212,7 +199,7 @@ def fetch_inventory(app, uri, inv):
    localuri = '://' not in uri
    if not localuri:
        # case: inv URI points to remote resource; strip any existing auth
-        uri, _, _ = _strip_basic_auth(uri)
+        uri = _strip_basic_auth(uri)
    try:
        if '://' in inv:
            f = _read_from_url(inv)
--- a/tests/test_ext_intersphinx.py
+++ b/tests/test_ext_intersphinx.py
@ -230,29 +230,23 @@ class TestStripBasicAuth(unittest.TestCase):
        """basic auth creds stripped from URL containing creds"""
        url = 'https://user:12345@domain.com/project/objects.inv'
        expected = 'https://domain.com/project/objects.inv'
-        actual_url, actual_username, actual_password = _strip_basic_auth(url)
+        actual = _strip_basic_auth(url)
-        self.assertEqual(expected, actual_url)
+        self.assertEqual(expected, actual)
        self.assertEqual('user', actual_username)
        self.assertEqual('12345', actual_password)
    def test_no_auth(self):
        """url unchanged if param doesn't contain basic auth creds"""
        url = 'https://domain.com/project/objects.inv'
        expected = 'https://domain.com/project/objects.inv'
-        actual_url, actual_username, actual_password = _strip_basic_auth(url)
+        actual = _strip_basic_auth(url)
-        self.assertEqual(expected, actual_url)
+        self.assertEqual(expected, actual)
        self.assertEqual(None, actual_username)
        self.assertEqual(None, actual_password)
    def test_having_port(self):
        """basic auth creds correctly stripped from URL containing creds even if URL
        contains port"""
        url = 'https://user:12345@domain.com:8080/project/objects.inv'
        expected = 'https://domain.com:8080/project/objects.inv'
-        actual_url, actual_username, actual_password = _strip_basic_auth(url)
+        actual = _strip_basic_auth(url)
-        self.assertEqual(expected, actual_url)
+        self.assertEqual(expected, actual)
        self.assertEqual('user', actual_username)
        self.assertEqual('12345', actual_password)
 def test_getsafeurl_authed():