From 02cc95097773bcda6a5c65e50303d5de28688886 Mon Sep 17 00:00:00 2001 From: Viet Nguyen Duc Date: Wed, 6 Nov 2024 14:35:40 +0700 Subject: [PATCH] [py] Add test for warning when embedding user:pass in URL Signed-off-by: Viet Nguyen Duc --- py/selenium/webdriver/remote/client_config.py | 10 +++++----- .../webdriver/remote/remote_connection_tests.py | 7 ++++++- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/py/selenium/webdriver/remote/client_config.py b/py/selenium/webdriver/remote/client_config.py index cc44c726d1393..50d1c0d14520b 100644 --- a/py/selenium/webdriver/remote/client_config.py +++ b/py/selenium/webdriver/remote/client_config.py @@ -209,7 +209,10 @@ def auth_type(self) -> str: @auth_type.setter def auth_type(self, value: str) -> None: """Sets the type of authentication to the remote server if it is not - using basic with username and password.""" + using basic with username and password. + + Support values: Bearer, X-API-Key. For others, please use `extra_headers` instead + """ self._auth_type = value @property @@ -220,10 +223,7 @@ def token(self) -> str: @token.setter def token(self, value: str) -> None: """Sets the token used for authentication to the remote server if - auth_type is not basic. - - Support values: Bearer, X-API-Key. For others, please use `extra_headers` instead. - """ + auth_type is not basic.""" self._token = value @property diff --git a/py/test/unit/selenium/webdriver/remote/remote_connection_tests.py b/py/test/unit/selenium/webdriver/remote/remote_connection_tests.py index 2a50b2ebe2683..2d86959f5bcaa 100644 --- a/py/test/unit/selenium/webdriver/remote/remote_connection_tests.py +++ b/py/test/unit/selenium/webdriver/remote/remote_connection_tests.py @@ -69,8 +69,13 @@ def test_get_remote_connection_headers_defaults(): def test_get_remote_connection_headers_adds_auth_header_if_pass(): url = "http://user:pass@remote" - headers = RemoteConnection.get_remote_connection_headers(parse.urlparse(url)) + with pytest.warns(None) as record: + headers = RemoteConnection.get_remote_connection_headers(parse.urlparse(url)) assert headers.get("Authorization") == "Basic dXNlcjpwYXNz" + assert ( + record[0].message.args[0] + == "Embedding username and password in URL could be insecure, use ClientConfig instead" + ) def test_get_remote_connection_headers_adds_keep_alive_if_requested():