classification
Title: urllib2 - Basic,Digest Proxy Auth Handlers failure will give 401 code instead of 407
Type: behavior Stage: test needed
Components: Library (Lib) Versions: Python 3.8
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: orsenthil Nosy List: orsenthil, terry.reedy, xtreak
Priority: normal Keywords:

Created on 2010-08-19 17:59 by orsenthil, last changed 2019-04-27 06:02 by xtreak.

Messages (4)
msg114386 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2010-08-19 17:59
The retry logic and code used by ProxyBasicAuthHandler and ProxyDigestAuthHandler are same as normal authentication handlers. While this reuse is good, there is a problem that, on authentication failure, the HTTPError code is hardcoded to 401, whereas for Proxy cases it should have been 407.

The problematic line is this:


    def http_error_auth_reqed(self, auth_header, host, req, headers):
            ...
            raise HTTPError(req.full_url, 401, "digest auth failed",
                            headers, None)

can be changed by:
- Passing the errcode as arg.
- Or getting it from headers.
msg114442 - (view) Author: Terry J. Reedy (terry.reedy) * (Python committer) Date: 2010-08-20 18:53
In 3.x, http_error_auth_reqed is a method of urllib.request.AbstractBasicAuthHandler
(20.5.8. AbstractBasicAuthHandler Objects in 3.1 lib manual)
msg227774 - (view) Author: Mark Lawrence (BreamoreBoy) * Date: 2014-09-28 20:50
Slipped under the radar?
msg340968 - (view) Author: Karthikeyan Singaravelan (xtreak) * (Python committer) Date: 2019-04-27 06:02
This is still an issue and the relevant RFC part and a unittest would be as below. I would propose adding a new keyword argument with 401 as default value to ensure backwards compatibility with older versions. I can propose a PR if agreed and also improve test case since changing the hard coded status code from 401 to 407 doesn't seem to cause any failure.


https://tools.ietf.org/html/rfc7235#section-3.2

3.2.  407 Proxy Authentication Required

   The 407 (Proxy Authentication Required) status code is similar to 401
   (Unauthorized), but it indicates that the client needs to
   authenticate itself in order to use a proxy.  The proxy MUST send a
   Proxy-Authenticate header field (Section 4.3) containing a challenge
   applicable to that proxy for the target resource.  The client MAY
   repeat the request with a new or replaced Proxy-Authorization header
   field (Section 4.4).

unittest

diff --git a/Lib/test/test_urllib2_localnet.py b/Lib/test/test_urllib2_localnet.py
index 591b48d6d4..ab8dd32795 100644
--- a/Lib/test/test_urllib2_localnet.py
+++ b/Lib/test/test_urllib2_localnet.py
@@ -357,9 +357,9 @@ class ProxyAuthTests(unittest.TestCase):
         self.proxy_digest_handler.add_password(self.REALM, self.URL,
                                                self.USER, self.PASSWD+"bad")
         self.digest_auth_handler.set_qop("auth")
-        self.assertRaises(urllib.error.HTTPError,
-                          self.opener.open,
-                          self.URL)
+        with self.assertRaises(urllib.error.HTTPError) as cm:
+            self.opener.open(self.URL)
+        self.assertEqual(cm.exception.code, 407)

     def test_proxy_with_no_password_raises_httperror(self):
         self.digest_auth_handler.set_qop("auth")

$ ./python.exe -m unittest -v test.test_urllib2_localnet.ProxyAuthTests.test_proxy_with_bad_password_raises_httperror
test_proxy_with_bad_password_raises_httperror (test.test_urllib2_localnet.ProxyAuthTests) ... FAIL

======================================================================
FAIL: test_proxy_with_bad_password_raises_httperror (test.test_urllib2_localnet.ProxyAuthTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/karthikeyansingaravelan/stuff/python/cpython/Lib/test/test_urllib2_localnet.py", line 362, in test_proxy_with_bad_password_raises_httperror
    self.assertEqual(cm.exception.code, 407)
AssertionError: 401 != 407

----------------------------------------------------------------------
Ran 1 test in 0.160s

FAILED (failures=1)
History
Date User Action Args
2019-04-27 06:02:26xtreaksetnosy: + xtreak

messages: + msg340968
versions: + Python 3.8, - Python 3.4, Python 3.5
2019-04-26 20:36:22BreamoreBoysetnosy: - BreamoreBoy
2014-09-28 20:50:37BreamoreBoysetversions: + Python 3.4, Python 3.5, - Python 3.2
nosy: + BreamoreBoy

messages: + msg227774

components: + Library (Lib)
type: behavior
2010-08-20 18:53:07terry.reedysetnosy: + terry.reedy

messages: + msg114442
stage: test needed
2010-08-19 18:01:30orsenthilsettitle: urllib2 - Basic,Digest Auth Handlers Retry will give 401 code instead of 407 -> urllib2 - Basic,Digest Proxy Auth Handlers failure will give 401 code instead of 407
2010-08-19 17:59:10orsenthilcreate