Skip to content

Correctly identify the repo for a given URL to fix HTTP Auth.

NOTE: Based on !355 (merged) (If that one gets merged first, I can rebase this, or else we can merge this one for both commits)

When downloading arbitrary URLs using F-Droid (e.g. icons, .apk files, indexes) then it may be the case that the repo requires authentication. As such, we try to infer the repository based purely on the URL.

The old code took the basename of the URL, which means remove the last fragment (e.g. "index.jar") and use the remaining portion of the URL to lookup the repo. This is broken for many reasons, partly because of the presence of a query string, partly because there are other things which are not just in the root directory of the repo (e.g. "/icons/*.png").

This new method iteratively peels off the right most segment of the URLs path, then looks to see if a repo exists at that address.

Note that this breaks down if you have nested repositories on a server, where one of the repositories is nested inside a directory that F-Droid knows about, such as "icons". In such a case, the following repositories:

will break down. If requesting something from the repo requiring auth:

Then it will lookup the database and find the repo which lives in "/icons" and doesn't require auth (or requires a different auth username/password). Not sure there is a lot that can be done about this without major refactoring. Such refactoring would require making sure a Repo is always given to a downloader for any HTTP request, and is probably a bit out of scope of this bug.

Also added tests for this behaviour.

Fixes #711 (closed).

Merge request reports