mirror of
https://github.com/pypa/pip
synced 2023-12-13 21:30:23 +01:00
Make trusted host w/o port work for HTTPS
This commit is contained in:
parent
c2cf232279
commit
3f9136f885
1
news/6705.bugfix
Normal file
1
news/6705.bugfix
Normal file
|
@ -0,0 +1 @@
|
|||
Fix --trusted-host processing under HTTPS to trust any port number used with the host.
|
|
@ -43,10 +43,12 @@ from pip._internal.utils.misc import (
|
|||
ask_password,
|
||||
ask_path_exists,
|
||||
backup_dir,
|
||||
build_url_from_netloc,
|
||||
consume,
|
||||
display_path,
|
||||
format_size,
|
||||
get_installed_version,
|
||||
netloc_has_port,
|
||||
path_to_url,
|
||||
remove_auth_from_url,
|
||||
rmtree,
|
||||
|
@ -608,7 +610,13 @@ class PipSession(requests.Session):
|
|||
|
||||
def add_insecure_host(self, host):
|
||||
# type: (str) -> None
|
||||
self.mount('https://{}/'.format(host), self._insecure_adapter)
|
||||
self.mount(build_url_from_netloc(host) + '/', self._insecure_adapter)
|
||||
if not netloc_has_port(host):
|
||||
# Mount wildcard ports for the same host.
|
||||
self.mount(
|
||||
build_url_from_netloc(host) + ':',
|
||||
self._insecure_adapter
|
||||
)
|
||||
|
||||
def request(self, method, url, *args, **kwargs):
|
||||
# Allow setting a default timeout on a session
|
||||
|
|
|
@ -1081,6 +1081,27 @@ def path_to_url(path):
|
|||
return url
|
||||
|
||||
|
||||
def build_url_from_netloc(netloc, scheme='https'):
|
||||
# type: (str, str) -> str
|
||||
"""
|
||||
Build a full URL from a netloc.
|
||||
"""
|
||||
if netloc.count(':') >= 2 and '@' not in netloc and '[' not in netloc:
|
||||
# It must be a bare IPv6 address, then wrap it with brackets.
|
||||
netloc = '[{}]'.format(netloc)
|
||||
return '{}://{}'.format(scheme, netloc)
|
||||
|
||||
|
||||
def netloc_has_port(netloc):
|
||||
# type: (str) -> bool
|
||||
"""
|
||||
Return whether the netloc has a port part.
|
||||
"""
|
||||
url = build_url_from_netloc(netloc)
|
||||
parsed = urllib_parse.urlparse(url)
|
||||
return bool(parsed.port)
|
||||
|
||||
|
||||
def split_auth_from_netloc(netloc):
|
||||
"""
|
||||
Parse out and remove the auth information from a netloc.
|
||||
|
|
|
@ -527,13 +527,15 @@ class TestPipSession:
|
|||
|
||||
assert not hasattr(session.adapters["http://"], "cache")
|
||||
|
||||
def test_insecure_host_cache_is_not_enabled(self, tmpdir):
|
||||
def test_insecure_host_adapter(self, tmpdir):
|
||||
session = PipSession(
|
||||
cache=tmpdir.joinpath("test-cache"),
|
||||
insecure_hosts=["example.com"],
|
||||
)
|
||||
|
||||
assert not hasattr(session.adapters["https://example.com/"], "cache")
|
||||
assert "https://example.com/" in session.adapters
|
||||
assert "https://example.com:" in session.adapters
|
||||
|
||||
|
||||
@pytest.mark.parametrize(["input_url", "url", "username", "password"], [
|
||||
|
|
|
@ -37,6 +37,7 @@ from pip._internal.utils.glibc import (
|
|||
)
|
||||
from pip._internal.utils.hashes import Hashes, MissingHashes
|
||||
from pip._internal.utils.misc import (
|
||||
build_url_from_netloc,
|
||||
call_subprocess,
|
||||
egg_link_path,
|
||||
ensure_dir,
|
||||
|
@ -44,6 +45,7 @@ from pip._internal.utils.misc import (
|
|||
get_installed_distributions,
|
||||
get_prog,
|
||||
make_subprocess_output_error,
|
||||
netloc_has_port,
|
||||
normalize_path,
|
||||
normalize_version_info,
|
||||
path_to_display,
|
||||
|
@ -1223,6 +1225,29 @@ def test_path_to_url_win():
|
|||
assert path_to_url('file') == 'file:' + urllib_request.pathname2url(path)
|
||||
|
||||
|
||||
@pytest.mark.parametrize('netloc, url, has_port', [
|
||||
# Test domain name.
|
||||
('example.com', 'https://example.com', False),
|
||||
('example.com:5000', 'https://example.com:5000', True),
|
||||
# Test IPv4 address.
|
||||
('127.0.0.1', 'https://127.0.0.1', False),
|
||||
('127.0.0.1:5000', 'https://127.0.0.1:5000', True),
|
||||
# Test bare IPv6 address.
|
||||
('2001:DB6::1', 'https://[2001:DB6::1]', False),
|
||||
# Test IPv6 with port.
|
||||
('[2001:DB6::1]:5000', 'https://[2001:DB6::1]:5000', True),
|
||||
# Test netloc with auth.
|
||||
(
|
||||
'user:password@localhost:5000',
|
||||
'https://user:password@localhost:5000',
|
||||
True
|
||||
)
|
||||
])
|
||||
def test_build_url_from_netloc_and_netloc_has_port(netloc, url, has_port):
|
||||
assert build_url_from_netloc(netloc) == url
|
||||
assert netloc_has_port(netloc) is has_port
|
||||
|
||||
|
||||
@pytest.mark.parametrize('netloc, expected', [
|
||||
# Test a basic case.
|
||||
('example.com', ('example.com', (None, None))),
|
||||
|
|
Loading…
Reference in a new issue