Title: urllib/urllib2 AbstractDigestAuthHandler locked to retried count of 5
Type: enhancement Stage: needs patch
Components: Library (Lib) Versions: Python 3.7
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: matorban, orsenthil, r.david.murray, secynic
Priority: normal Keywords: patch

Created on 2016-09-27 21:23 by secynic, last changed 2016-10-13 21:52 by ned.deily.

File name Uploaded Description Edit
issue28291.patch secynic, 2016-09-27 23:57 First pass at patch, added retry_count arg review
Messages (5)
msg277549 - (view) Author: Philip Hane (secynic) * Date: 2016-09-27 21:23
urllib/urllib2 AbstractDigestAuthHandler is hardcoded to 5 retries (self.retried). Normally this wouldn't be an issue.

Certain products link basic HTTP auth to Active Directory (yes, this shouldn't be a thing). When you have a failed login attempt lockout set on AD, this will lockout accounts on the very first failed Python basic auth attempt, if the AD lockout is set to 5 or less.

In my specific use case, I was able to override request.HTTPBasicAuthHandler.__init__() and request.HTTPBasicAuthHandler.reset_retry_count() by setting self.retried=5. One way to fix this would be to add a new retry_count argument to AbstractDigestAuthHandler.

I am a bit busy at the moment, but will submit a patch as soon as I get time.
msg277556 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2016-09-27 22:17
For (convoluted) background, see issue 8797.

A solution that uses a new would be a new feature and could only go in 3.7, but perhaps the solutions in the above issue will point to a backward compatible solution.
msg277558 - (view) Author: Philip Hane (secynic) * Date: 2016-09-27 22:25
It is a very limited use case; I won't gripe about 3.7+ only support. At the end of the day, even shown in the comments of that class, it shouldn't be set to a static 5 count.

At least this is a very easy patch that won't affect existing code.
msg278553 - (view) Author: orban (matorban) * Date: 2016-10-13 09:49
Just checked (for my first contribution at cpython) this patch. For me this patch could be merge.
msg278571 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2016-10-13 12:53
Well, it's missing doc changes and tests, so even if it is still applicable it isn't ready for merge yet.
Date User Action Args
2016-10-13 21:52:39ned.deilysetnosy: + orsenthil
2016-10-13 12:54:07r.david.murraysetstage: patch review -> needs patch
2016-10-13 12:53:39r.david.murraysetmessages: + msg278571
2016-10-13 11:06:08matrixisesetstage: patch review
2016-10-13 09:49:10matorbansetnosy: + matorban
messages: + msg278553
2016-09-27 23:57:59secynicsetfiles: + issue28291.patch
keywords: + patch
versions: - Python 2.7, Python 3.3, Python 3.4, Python 3.5, Python 3.6
2016-09-27 22:25:00secynicsetmessages: + msg277558
2016-09-27 22:17:27r.david.murraysetnosy: + r.david.murray
messages: + msg277556
2016-09-27 21:23:08secyniccreate