HTTP mixin: warn if only username or password is set

sebix · sebix · commit fc242acc9eaa · 2025-08-30T11:17:32.000+02:00
and add a testcase for the warning
diff --git a/intelmq/lib/mixins/http.py b/intelmq/lib/mixins/http.py
@@ -68,7 +68,7 @@ def setup(self):
         # auth settings. username or password must exist (if only one, then this is likely an error, but we should try without auth) and not be an empty string
         if self.http_username and self.http_password:
             self.__auth = (self.http_username, self.http_password)
-        elif self.http_username and self.http_password:
+        elif self.http_username or self.http_password:
             # only one, but not both are given
             self.logger.warning("Either 'http_username' or 'http_password' are given, but for HTTP Authentication, both must be set.")
         self.__session.auth = self.__auth
diff --git a/intelmq/tests/bots/collectors/http/test_collector.py b/intelmq/tests/bots/collectors/http/test_collector.py
@@ -225,6 +225,23 @@ def check_authorization_header(request):
                             additional_matcher=check_authorization_header)
         self.run_bot()
 
+    def test_auth_only_username_or_password(self, mocker):
+        """
+        Test that no Authorization is set only the username is given and password is missing
+        """
+        def check_authorization_header(request):
+            print(f'check_authorization_header: {request.headers}')  # show the erroneos headers when the test fails
+            return 'Authorization' not in request.headers
+        # generates a mock address if the Authorization header is empty, otherwise the test fails
+        captured = mocker.register_uri('GET', self.sysconfig['http_url'],
+                            text='Foo Bar',
+                            additional_matcher=check_authorization_header)
+        log_line = "Either 'http_username' or 'http_password' are given, but for HTTP Authentication, both must be set\."
+        self.run_bot(parameters={'http_username': 'username'}, allowed_warning_count=1)
+        self.assertLogMatches(log_line, 'WARNING')
+        self.run_bot(parameters={'http_password': 'password'}, allowed_warning_count=1)
+        self.assertLogMatches(log_line, 'WARNING')
+
     def test_auth(self, mocker):
         """
         Test the Authorization header when username and password are set.
