Skip to content

Prompted passwords are not properly persisted into sessions #1098

New issue
New issue
Closed
Closed
Prompted passwords are not properly persisted into sessions#1098
Labels
enhancementNew feature or enhancementneeds product designWe like the idea, but we want to explore the problem deeper, and consider the solution holistically
Milestone
HTTPie 3.0
@blyxxyz

Description

@blyxxyz
blyxxyz
opened on Jun 28, 2021

What are the steps to reproduce the problem?

  1. While using a session, supply only a username to --auth so the password is prompted. e.g. http --offline --session ./sess.json --auth user :
  2. Send a new request using the session without explicit authentication, e.g. http --offline --session ./sess.json :

What is the expected result?

One of the following:

  • The password I entered last time is sent
  • I have to enter my password again

(Which of these would be desirable? We're implementing sessions in ducaale/xh#125 and would like to stay compatible)

What happens instead?

In the new request, the password is sent as None.

Example

$ http --offline --session ./sess.json --auth user :
http: password for user@localhost: pass
GET / HTTP/1.1
[...]
Authorization: Basic dXNlcjpwYXNz
[...]

$ echo dXNlcjpwYXNz | base64 -d
user:pass

$ http --offline --session ./sess.json :
GET / HTTP/1.1
[...]
Authorization: Basic dXNlcjpOb25l
[...]

$ echo dXNlcjpOb25l | base64 -d
user:None

$ cat sess.json
[...]
    "auth": {
        "raw_auth": "user",
        "type": "basic"
    },
[...]

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or enhancementneeds product designWe like the idea, but we want to explore the problem deeper, and consider the solution holistically

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions