This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: httplib does not support user/pass
Type: enhancement Stage:
Components: Library (Lib) Versions:
process
Status: closed Resolution: rejected
Dependencies: Superseder:
Assigned To: gstein Nosy List: gstein, idcmp
Priority: normal Keywords:

Created on 2001-03-27 02:34 by idcmp, last changed 2022-04-10 16:03 by admin. This issue is now closed.

Messages (4)
msg4056 - (view) Author: Idcmp (idcmp) Date: 2001-03-27 02:34
_set_hostport looks for the first ':' it finds and
takes the text after it as the port.  This doesn't work
if the user supplies a username/password combination.

For example:

  
http://user:pass@hostname.org:8080/directory/filename.html

There is no mechanism for easily including the
username/password unless the calling object mangles the
headers itself.  This means every project that uses
httplib needs to implement authentication itself, over
and over and over again.
msg4057 - (view) Author: Greg Stein (gstein) * (Python committer) Date: 2001-04-07 14:07
Logged In: YES 
user_id=6501

1) _set_hostport takes a host/port, NOT a URL.

2) Authentication is for a higher level than the 
HTTPConnection object. The latter is simply to enable 
HTTP/1.1 functionality. Most features can layer on top of 
that as a subclass, or as a class which uses/delegates to a 
connection.
msg4058 - (view) Author: Idcmp (idcmp) Date: 2001-04-07 18:11
Logged In: YES 
user_id=2329

Then whatever method that parses the URL is not properly
stripping away the user:pass@ part from the URL before
passing it to _set_hostport.

Seperating authentication in this mechanism (meaning
everyone has to do the same thing) makes it impossible to do
authentication through things like xmlrpclib without a lot
of black voodoo magic as the protocol is purposely hidden
from you.

The added complexity cancels out the bonus of having an
xmlrpclib.
msg4059 - (view) Author: Greg Stein (gstein) * (Python committer) Date: 2001-08-18 09:30
Logged In: YES 
user_id=6501

Marking this as Closed/Rejected again.

To repeat: the HTTPConnection is the wrong layer for 
authentication support. Callers should not be passing 
user/pass information as part of the host/port.

Further, it is impossible for the HTTPConnection to support 
user/pass. It is unaware of the request that was made. If a 
401 (Authorization Required) is returned by the server, 
then the connection object has no way to resubmit the 
request (with the appropriate credentials).

Authentication will be handled elsewhere, which will be 
part of Python 2.2. (module name and PEP # is TBD)
History
Date User Action Args
2022-04-10 16:03:54adminsetgithub: 34238
2001-03-27 02:34:00idcmpcreate