Project

General

Profile

Actions

Feature #3848

closed

Using http basic authentication for FTP with Open URI

Added by jlecour (Jérémy Lecour) over 13 years ago. Updated over 2 years ago.

Status:
Closed
Target version:
-
[ruby-core:32465]

Description

=begin
Hi,

I needed to download a file from a FTP server, with OpenURI and I've found that it is not possible to do it with authentication.

There is an option in the OpenURI open method to use a username/password but it is not used in FTP connection, the username/password for FTP is always set to anonymous/nil.

I've written avery basic patch to use the option.
Is it something that can be included in future releases of Ruby ? Is there a "clean" way to patch OpenURI in the meantime ?

Thanks.
=end


Files

openuri-ftp-auth.patch (573 Bytes) openuri-ftp-auth.patch jlecour (Jérémy Lecour), 09/18/2010 04:02 AM

Related issues 2 (0 open2 closed)

Related to Ruby 1.8 - Bug #435: open-uri.rb 407 Proxy Authentication Required (OpenURI::HTTPError)Rejected08/13/2008Actions
Related to Ruby master - Feature #4071: support basic auth for Net::HTTP.get requestsClosed11/19/2010Actions
Actions #1

Updated by jlecour (Jérémy Lecour) over 13 years ago

=begin
As James Gray pointed out (http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/32470), it is already possible to use FTP authentication, by passing the username/password in the URL.

It's a very good thing because it solves the original issue, but I guess it's a little confusing.

You can also do HTTP basic authentication in the Net::HTTP wrapper of OpenURI, by passing an option.
And if we look for this particular option in the Net::FTP wrapper and use it, we can also authenticate without encapsulation the username/password in the URL.

In some situations, it also may not be as straightforward as it seems to encapsulates the username/password in the URL. Let's say that the URL is coming from a configuration and the need for authentication is determined from other factors.

Maybe the name of the option (http_basic_authentication) is not the best if we intend to use it for HTTP and FTP, but I think it would be good to be able to use the options hash for authentication.
=end

Actions #2

Updated by shyouhei (Shyouhei Urabe) over 13 years ago

  • Status changed from Open to Assigned

=begin

=end

Actions #3

Updated by meta (mathew murphy) over 13 years ago

=begin
On Sat, Sep 18, 2010 at 13:19, James Edward Gray II
wrote:

OpenURI is just a wrapper around some clever URI parsing and URI seems to support it just fine:

require "uri"
=> true
u = URI.parse("http://user:pass@server.com/")
=> #<URI::HTTP:0x1007180f8 URL:http://user:pass@server.com/>
u.userinfo
=> "user:pass"
u.host
=> "server.com"

I feel obliged to point out that this is deprecated by the current
generic URI RFC.

RFC3986 section 3.2.1: 'Use of the format "user:password" in the
userinfo field is deprecated.'

RFC2396 stated that it was "NOT RECOMMENDED".

RFC1738 didn't allow it at all.

So building systems which store and process username and password in
this way is a bad idea.

mathew

URL:http://www.pobox.com/~meta/

=end

Actions #4

Updated by meta (mathew murphy) over 13 years ago

=begin
On Sun, Sep 26, 2010 at 20:57, James Edward Gray II
wrote:

On Sep 26, 2010, at 8:44 PM, mathew wrote:

So building systems which store and process username and password in
this way is a bad idea.

I'm not sure that really applies to open-uri's usage of this strategy.  It's just
a familiar interface, not some attempt to correctly mirror how FTP servers
manage logins.  Does that make sense?

I agree that open-uri shouldn't care what is passed to it, and should
just pass the URI to URI for resolution.

I'm not sure URI should be supporting username and password for http,
given the history, but there's also an argument for making the code
general and being permissive.

I was mostly pointing out to the person who wanted to user user:pass
in URIs that he really shouldn't, even if Ruby lets him.

mathew

URL:http://www.pobox.com/~meta/

=end

Actions #5

Updated by meta (mathew murphy) over 13 years ago

=begin
On Sun, Sep 26, 2010 at 21:07, James Edward Gray II
wrote:

On Sep 26, 2010, at 9:01 PM, mathew wrote:

I was mostly pointing out to the person who wanted to user user:pass
in URIs that he really shouldn't, even if Ruby lets him.

OK, but, especially in the case of FTP, they aren't really.  They are building a URL, just because that's open-uri's supported interface.  Under the hood it picks this apart and does a proper FTP login.  So this is just smoke and mirrors and not really any different than doing a normal FTP login.  Do you see what I mean?

Sure. I wouldn't do it that way myself in something I expected to need
to keep running long term, though, because you have to worry about
correctly URI-escaping the username and password. I'd much rather
learn to use the actual FTP or HTTP APIs, it's not like they are
particularly difficult.

But yes, if you're writing a quick throwaway 10-line script to solve
some problem and don't care too much about people with : or @ in their
username or password, fair enough. :-)

mathew

URL:http://www.pobox.com/~meta/

=end

Updated by mame (Yusuke Endoh) over 11 years ago

  • Description updated (diff)
  • Target version set to 2.6
Actions #7

Updated by naruse (Yui NARUSE) about 6 years ago

  • Target version deleted (2.6)
Actions #8

Updated by jeremyevans0 (Jeremy Evans) over 2 years ago

  • Status changed from Assigned to Closed
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0