Attachment #11323 for bug #58371

View | Details | Raw Unified | Return to bug 58371
Collapse All | Expand All




            UCSHttpServer.password_manager.add_password(realm=None, uri=uri, user=self.baseurl.username, passwd=self.baseurl.password)
        req = urllib.request.Request(uri)  # noqa: S310

        # Add preemptive authentication for JFrog Artifactory compatibility
        has_credentials = False
        # Try to get credentials from password manager first
        username_pm, password_pm = UCSHttpServer.password_manager.find_user_password(None, uri)
        
        credentials_to_use = None
        if username_pm and password_pm:
            credentials_to_use = f"{username_pm}:{password_pm}"
            self.log.debug('Using credentials from password manager for %s', uri)
        elif self.baseurl.username and self.baseurl.password:
            credentials_to_use = f"{self.baseurl.username}:{self.baseurl.password}"
            self.log.debug('Using credentials from baseurl for %s', uri)

        if credentials_to_use:
            has_credentials = True
            # Use ISO8859-1 encoding as per HTTP Basic Auth standard
            encoded_creds = base64.b64encode(credentials_to_use.encode('ISO8859-1')).decode('ASCII')
            req.add_header("Authorization", f"Basic {encoded_creds}")

        def get_host() -> str:
            return req.host


            self.log.debug("Failed %s %s: %s", req.get_method(), req.get_full_url(), res, exc_info=True)
            if res.code == httplib.UNAUTHORIZED:  # 401
                raise ConfigurationError(uri, 'credentials not accepted')
            if res.code == httplib.FORBIDDEN:  # 403
                # JFrog Artifactory may return 403 instead of 401 for authentication failures
                if has_credentials:
                    raise ConfigurationError(uri, 'authentication failed (forbidden)')
                else:
                    raise ConfigurationError(uri, 'access forbidden')
            if res.code == httplib.PROXY_AUTHENTICATION_REQUIRED:  # 407
                raise ProxyError(uri, 'credentials not accepted')
            if res.code in (httplib.BAD_GATEWAY, httplib.GATEWAY_TIMEOUT):  # 502 504

Return to bug 58371

Lines 560-565 class UCSHttpServer(_UCSServer): Link Here

(-)a/base/univention-updater/modules/univention/updater/tools.py (+25 lines)
560	UCSHttpServer.password_manager.add_password(realm=None, uri=uri, user=self.baseurl.username, passwd=self.baseurl.password)	560	UCSHttpServer.password_manager.add_password(realm=None, uri=uri, user=self.baseurl.username, passwd=self.baseurl.password)
561	req = urllib.request.Request(uri) # noqa: S310	561	req = urllib.request.Request(uri) # noqa: S310
562		562
		563	# Add preemptive authentication for JFrog Artifactory compatibility
		564	has_credentials = False
		565	# Try to get credentials from password manager first
		566	username_pm, password_pm = UCSHttpServer.password_manager.find_user_password(None, uri)
		567
		568	credentials_to_use = None
		569	if username_pm and password_pm:
		570	credentials_to_use = f"{username_pm}:{password_pm}"
		571	self.log.debug('Using credentials from password manager for %s', uri)
		572	elif self.baseurl.username and self.baseurl.password:
		573	credentials_to_use = f"{self.baseurl.username}:{self.baseurl.password}"
		574	self.log.debug('Using credentials from baseurl for %s', uri)
		575
		576	if credentials_to_use:
		577	has_credentials = True
		578	# Use ISO8859-1 encoding as per HTTP Basic Auth standard
		579	encoded_creds = base64.b64encode(credentials_to_use.encode('ISO8859-1')).decode('ASCII')
		580	req.add_header("Authorization", f"Basic {encoded_creds}")
		581
563	def get_host() -> str:	582	def get_host() -> str:
564	return req.host	583	return req.host
565		584
Lines 618-623 class UCSHttpServer(_UCSServer): Link Here
618	self.log.debug("Failed %s %s: %s", req.get_method(), req.get_full_url(), res, exc_info=True)	637	self.log.debug("Failed %s %s: %s", req.get_method(), req.get_full_url(), res, exc_info=True)
619	if res.code == httplib.UNAUTHORIZED: # 401	638	if res.code == httplib.UNAUTHORIZED: # 401
620	raise ConfigurationError(uri, 'credentials not accepted')	639	raise ConfigurationError(uri, 'credentials not accepted')
		640	if res.code == httplib.FORBIDDEN: # 403
		641	# JFrog Artifactory may return 403 instead of 401 for authentication failures
		642	if has_credentials:
		643	raise ConfigurationError(uri, 'authentication failed (forbidden)')
		644	else:
		645	raise ConfigurationError(uri, 'access forbidden')
621	if res.code == httplib.PROXY_AUTHENTICATION_REQUIRED: # 407	646	if res.code == httplib.PROXY_AUTHENTICATION_REQUIRED: # 407
622	raise ProxyError(uri, 'credentials not accepted')	647	raise ProxyError(uri, 'credentials not accepted')
623	if res.code in (httplib.BAD_GATEWAY, httplib.GATEWAY_TIMEOUT): # 502 504	648	if res.code in (httplib.BAD_GATEWAY, httplib.GATEWAY_TIMEOUT): # 502 504