I introduced Python to my dad, and the first thing he did with it was to
try to connect to a proprietary HTTP-based server, which uses Digest
authentication. It looks like urllib2's Digest support isn't well
tested. So, after not much more than a "Hello World", he ended up
patching urrlib2 (and learning a lot more about Python than he would
have)...

Anyways, here are the problems:

- Currently, AbstractBasicAuthHandler and AbstractDigestAuthHandler each
a different method to find out whether they should kick in. This matters
when the server supports both methods, and sends out two authentication
headers. Basic uses a regexp that matches the last haeder, and Digest
looks at the first one. So, if the server happens to support both, and
sends the digest header after the basic one, each of the handlers
assumes the other one should handle it and none does.
The fix in the patch is crude, but it should work better than now.

- nonce_count should be reset when the server issues a new nonce
(See RFC 2617, page 12, nonce-count). So, the nonce value should be
stored and nonce_count should be reset if it doesn't match

- Added a max_attempts attribute and set it to 2 by default (instead of
5). Two may or may not work better in general, but it should probably be
configurable. This particular change is not too critical, obviously.

- The HTTPError returned from the digest handler is not a file-like
object, due to http_error_auth_reqed not taking a "fp" argument. The
patch fixes that and the two calls to it.

Credit Libor Viktorin if some of the patch makes it.

To quote msg82284. "The fix in the patch is crude, but it should work better than now."  Would this be acceptable?

Some unit tests which demonstrate the present non-working behavior and the correctness of the fix would help a lot.

I withdraw the patch (and I should have done that years ago). Nowadays, hopefully Requests does the right thing.