Title: urllib2 - Basic,Digest Proxy Auth Handlers failure will give 401 code instead of 407
Type: behavior Stage: test needed
Components: Library (Lib) Versions: Python 3.8
Status: open Resolution:
Dependencies: Superseder:
Assigned To: orsenthil Nosy List: orsenthil, terry.reedy, xtreak
Priority: normal Keywords:

Created on 2010-08-19 17:59 by orsenthil, last changed 2019-04-27 06:02 by xtreak.

Messages (4)
msg114386 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2010-08-19 17:59
The retry logic and code used by ProxyBasicAuthHandler and ProxyDigestAuthHandler are same as normal authentication handlers. While this reuse is good, there is a problem that, on authentication failure, the HTTPError code is hardcoded to 401, whereas for Proxy cases it should have been 407.

The problematic line is this:

    def http_error_auth_reqed(self, auth_header, host, req, headers):
            raise HTTPError(req.full_url, 401, "digest auth failed",
                            headers, None)

can be changed by:
- Passing the errcode as arg.
- Or getting it from headers.
msg114442 - (view) Author: Terry J. Reedy (terry.reedy) * (Python committer) Date: 2010-08-20 18:53
In 3.x, http_error_auth_reqed is a method of urllib.request.AbstractBasicAuthHandler
(20.5.8. AbstractBasicAuthHandler Objects in 3.1 lib manual)
msg227774 - (view) Author: Mark Lawrence (BreamoreBoy) * Date: 2014-09-28 20:50
Slipped under the radar?
msg340968 - (view) Author: Karthikeyan Singaravelan (xtreak) * (Python committer) Date: 2019-04-27 06:02
This is still an issue and the relevant RFC part and a unittest would be as below. I would propose adding a new keyword argument with 401 as default value to ensure backwards compatibility with older versions. I can propose a PR if agreed and also improve test case since changing the hard coded status code from 401 to 407 doesn't seem to cause any failure.

3.2.  407 Proxy Authentication Required

   The 407 (Proxy Authentication Required) status code is similar to 401
   (Unauthorized), but it indicates that the client needs to
   authenticate itself in order to use a proxy.  The proxy MUST send a
   Proxy-Authenticate header field (Section 4.3) containing a challenge
   applicable to that proxy for the target resource.  The client MAY
   repeat the request with a new or replaced Proxy-Authorization header
   field (Section 4.4).


diff --git a/Lib/test/ b/Lib/test/
index 591b48d6d4..ab8dd32795 100644
--- a/Lib/test/
+++ b/Lib/test/
@@ -357,9 +357,9 @@ class ProxyAuthTests(unittest.TestCase):
         self.proxy_digest_handler.add_password(self.REALM, self.URL,
                                                self.USER, self.PASSWD+"bad")
-        self.assertRaises(urllib.error.HTTPError,
-                ,
-                          self.URL)
+        with self.assertRaises(urllib.error.HTTPError) as cm:
+        self.assertEqual(cm.exception.code, 407)

     def test_proxy_with_no_password_raises_httperror(self):

$ ./python.exe -m unittest -v test.test_urllib2_localnet.ProxyAuthTests.test_proxy_with_bad_password_raises_httperror
test_proxy_with_bad_password_raises_httperror (test.test_urllib2_localnet.ProxyAuthTests) ... FAIL

FAIL: test_proxy_with_bad_password_raises_httperror (test.test_urllib2_localnet.ProxyAuthTests)
Traceback (most recent call last):
  File "/Users/karthikeyansingaravelan/stuff/python/cpython/Lib/test/", line 362, in test_proxy_with_bad_password_raises_httperror
    self.assertEqual(cm.exception.code, 407)
AssertionError: 401 != 407

Ran 1 test in 0.160s

FAILED (failures=1)
Date User Action Args
2019-04-27 06:02:26xtreaksetnosy: + xtreak

messages: + msg340968
versions: + Python 3.8, - Python 3.4, Python 3.5
2019-04-26 20:36:22BreamoreBoysetnosy: - BreamoreBoy
2014-09-28 20:50:37BreamoreBoysetversions: + Python 3.4, Python 3.5, - Python 3.2
nosy: + BreamoreBoy

messages: + msg227774

components: + Library (Lib)
type: behavior
2010-08-20 18:53:07terry.reedysetnosy: + terry.reedy

messages: + msg114442
stage: test needed
2010-08-19 18:01:30orsenthilsettitle: urllib2 - Basic,Digest Auth Handlers Retry will give 401 code instead of 407 -> urllib2 - Basic,Digest Proxy Auth Handlers failure will give 401 code instead of 407
2010-08-19 17:59:10orsenthilcreate