Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

urrlib2 digest authentication problems #49536

Closed
encukou opened this issue Feb 16, 2009 · 4 comments
Closed

urrlib2 digest authentication problems #49536

encukou opened this issue Feb 16, 2009 · 4 comments
Assignees
@orsenthil
Labels
easy type-bug An unexpected behavior, bug, or error

Comments

@encukou
Copy link
Member

encukou commented Feb 16, 2009

BPO 5286
Nosy @orsenthil, @encukou
Files
  • python-urllib2.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/orsenthil'
closed_at = <Date 2018-05-16.17:42:48.781>
created_at = <Date 2009-02-16.23:51:38.813>
labels = ['easy', 'type-bug']
title = 'urrlib2 digest authentication problems'
updated_at = <Date 2018-05-16.17:42:48.779>
user = 'https://github.com/encukou'

    bugs.python.org fields:

    activity = <Date 2018-05-16.17:42:48.779>
actor = 'petr.viktorin'
assignee = 'orsenthil'
closed = True
closed_date = <Date 2018-05-16.17:42:48.781>
closer = 'petr.viktorin'
components = []
creation = <Date 2009-02-16.23:51:38.813>
creator = 'petr.viktorin'
dependencies = []
files = ['13111']
hgrepos = []
issue_num = 5286
keywords = ['patch', 'easy']
message_count = 4.0
messages = ['82284', '109886', '109887', '316846']
nosy_count = 3.0
nosy_names = ['exarkun', 'orsenthil', 'petr.viktorin']
pr_nums = []
priority = 'normal'
resolution = 'out of date'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue5286'
versions = ['Python 3.1', 'Python 2.7', 'Python 3.2']
    @encukou
    Copy link
    Member Author

    encukou commented Feb 16, 2009

    I introduced Python to my dad, and the first thing he did with it was to
    try to connect to a proprietary HTTP-based server, which uses Digest
    authentication. It looks like urllib2's Digest support isn't well
    tested. So, after not much more than a "Hello World", he ended up
    patching urrlib2 (and learning a lot more about Python than he would
    have)...

    Anyways, here are the problems:

    • Currently, AbstractBasicAuthHandler and AbstractDigestAuthHandler each
      a different method to find out whether they should kick in. This matters
      when the server supports both methods, and sends out two authentication
      headers. Basic uses a regexp that matches the last haeder, and Digest
      looks at the first one. So, if the server happens to support both, and
      sends the digest header after the basic one, each of the handlers
      assumes the other one should handle it and none does.
      The fix in the patch is crude, but it should work better than now.

    • nonce_count should be reset when the server issues a new nonce
      (See RFC 2617, page 12, nonce-count). So, the nonce value should be
      stored and nonce_count should be reset if it doesn't match

    • Added a max_attempts attribute and set it to 2 by default (instead of
      5). Two may or may not work better in general, but it should probably be
      configurable. This particular change is not too critical, obviously.

    • The HTTPError returned from the digest handler is not a file-like
      object, due to http_error_auth_reqed not taking a "fp" argument. The
      patch fixes that and the two calls to it.

    Credit Libor Viktorin if some of the patch makes it.

    @devdanzin devdanzin mannequin added easy type-bug An unexpected behavior, bug, or error labels Apr 22, 2009
    @BreamoreBoy
    Copy link
    Mannequin

    BreamoreBoy mannequin commented Jul 10, 2010

    To quote msg82284. "The fix in the patch is crude, but it should work better than now." Would this be acceptable?

    @exarkun
    Copy link
    Mannequin

    exarkun mannequin commented Jul 10, 2010

    Some unit tests which demonstrate the present non-working behavior and the correctness of the fix would help a lot.

    @orsenthil orsenthil self-assigned this Jul 10, 2010
    @encukou
    Copy link
    Member Author

    encukou commented May 16, 2018

    I withdraw the patch (and I should have done that years ago). Nowadays, hopefully Requests does the right thing.

    @encukou encukou closed this as completed May 16, 2018
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @orsenthil orsenthil

    Labels
    easy type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @encukou @orsenthil