Allow overriding URI auth

algesten · Jan 4, 2025 · 938d43c · 938d43c
1 parent 4062333
commit 938d43c
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 1 deletion.
diff --git a/src/client/amended.rs b/src/client/amended.rs
@@ -202,6 +202,12 @@ impl<Body> AmendedRequest<Body> {
             req_host_header = true;
         }
 
+        let mut req_auth_header = false;
+        if let Some(h) = self.headers_get(header::AUTHORIZATION) {
+            h.to_str().map_err(|_| Error::BadAuthorizationHeader)?;
+            req_auth_header = true;
+        }
+
         let mut content_length: Option<u64> = None;
         if let Some(h) = self.headers_get(header::CONTENT_LENGTH) {
             let n = h
@@ -249,6 +255,7 @@ impl<Body> AmendedRequest<Body> {
         Ok(RequestInfo {
             body_mode,
             req_host_header,
+            req_auth_header,
             req_body_header,
         })
     }
@@ -257,5 +264,6 @@ impl<Body> AmendedRequest<Body> {
 pub(crate) struct RequestInfo {
     pub body_mode: BodyWriter,
     pub req_host_header: bool,
+    pub req_auth_header: bool,
     pub req_body_header: bool,
 }
diff --git a/src/client/call.rs b/src/client/call.rs
@@ -123,7 +123,8 @@ impl<State, B> Call<State, B> {
         }
 
         if let Some(auth) = self.request.uri().authority() {
-            if let Some(user) = auth.username() {
+            if auth.userinfo().is_some() && !info.req_auth_header {
+                let user = auth.username().unwrap_or_default();
                 let pass = auth.password().unwrap_or_default();
                 let creds = BASE64_STANDARD.encode(format!("{}:{}", user, pass));
                 let auth = format!("Basic {}", creds);
@@ -1000,4 +1001,25 @@ mod test {
                 authorization: Basic OnNlY3JldA==\r\n\r\n"
         );
     }
+
+    #[test]
+    fn override_auth_header() {
+        let req = Request::get("http://martin:secret@f.test/page")
+            // This should override the auth from the URI
+            .header("authorization", "meh meh meh")
+            .body(())
+            .unwrap();
+        let mut call = Call::without_body(req).unwrap();
+
+        let mut output = vec![0; 1024];
+        let n = call.write(&mut output).unwrap();
+
+        let s = str::from_utf8(&output[..n]).unwrap();
+
+        assert_eq!(
+            s,
+            "GET /page HTTP/1.1\r\nhost: f.test\r\n\
+                authorization: meh meh meh\r\n\r\n"
+        );
+    }
 }
diff --git a/src/error.rs b/src/error.rs
@@ -12,6 +12,7 @@ pub enum Error {
     TooManyHostHeaders,
     TooManyContentLengthHeaders,
     BadHostHeader,
+    BadAuthorizationHeader,
     BadContentLengthHeader,
     MethodForbidsBody(Method),
     MethodRequiresBody(Method),
@@ -55,6 +56,7 @@ impl fmt::Display for Error {
             Error::TooManyHostHeaders => write!(f, "more than one host header"),
             Error::TooManyContentLengthHeaders => write!(f, "more than one content-length header"),
             Error::BadHostHeader => write!(f, "host header is not a string"),
+            Error::BadAuthorizationHeader => write!(f, "authorization header is not a string"),
             Error::BadContentLengthHeader => write!(f, "content-length header not a number"),
             Error::MethodForbidsBody(v) => write!(f, "method forbids body: {}", v),
             Error::MethodRequiresBody(v) => write!(f, "method requires body: {}", v),