Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URL with empty password is parsed as None #793

Open
nemosupremo opened this issue Sep 14, 2022 · 4 comments · May be fixed by #804
Open

URL with empty password is parsed as None #793

nemosupremo opened this issue Sep 14, 2022 · 4 comments · May be fixed by #804

Comments

@nemosupremo
Copy link

nemosupremo commented Sep 14, 2022

Trying to parse a URL with an empty password will (incorrectly?) have password be set to None. However if you set password to Some(""), then call url.to_string(), then the password separator in the url will be set. parse and to_string will fail to round trip in this edge case.

let mut url = match reqwest::Url::parse("rtsp://administrator:@google.com/") {
    Ok(u) => u,
    Err(err) => {
        println!("'{}': {}", url, err);
        return;
     }
};
assert_eq!(url.password(), Some("")); // fails
url.set_password(Some(""));
assert_eq!(url.to_string(), "rtsp://administrator:@google.com/"); // passes
@valenting
Copy link
Collaborator

According to the reference URL parser rtsp://administrator:@google.com/ should be parsed as rtsp://[email protected]/.

I think setting the password to "" should be special cased instead, to ensure we don't get a different behaviour.

@tmccombs
Copy link
Contributor

FWIW, I believe that at least for http basic authentication, the absence of a password and an empty password are equivalent.

@nemosupremo
Copy link
Author

Ok, interesting, the issue came up because we use this library for rtsp urls and the remote server was treating the absence of a password and an empty password differently. The fact that the round trip from parse -> to_string wasn't consistent is what led me to open the issue.

Can I assume this is probably a wont-fix then?

@raccmonteiro
Copy link

Accordingly to standard (https://url.spec.whatwg.org/#url-representation) when the url does not have a password we should get an empty string: "A URL’s password is an ASCII string identifying a password. It is initially the empty string."
I created this PR #804, after merge the reported issue is a no issue, because the output will be "" (empty string) with rtsp://administrator:@google.com/ and rtsp://[email protected]/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants