Author Luci.Stanescu
Recipients Luci.Stanescu
Date 2010-08-27.06:59:24
SpamBayes Score 4.94644e-06
Marked as misclassified No
Message-id <1282892368.57.0.758322534297.issue9698@psf.upfronthosting.co.za>
In-reply-to
Content
Hi,

The HTTPDigestAuthHandler's code looks like this:

    def http_error_401(self, req, fp, code, msg, headers):
        host = urlparse(req.full_url)[1]
        retry = self.http_error_auth_reqed('www-authenticate',
                                           host, req, headers)
        self.reset_retry_count()
        return retry

After successful authentication, the HTTP server might still return an error code, such as 404 or 304. In that case, self.http_error_auth_reqed raises the appropriate HTTPError and self.reset_retry_count is not called. I think that the code should be something along the lines of:

try:
  retry = self.http_error_auth_reqed('www-authenticate', host, req, headers)
except HTTPError, e:
  if e.code != 401:
    self.reset_retry_counter()
  raise
else:
  self.reset_retry_counter()
  return retry

Ways to reproduce the problem: try to access a resource for which an HTTP server requires authentication but for which after successful authentication returns a negative reply. I've attached an example script to demonstrate it (for python 2.X; bug also resent in 3.X, just replace import urllib2 with from urllib import request as urllib2 ;-) ).

The same problem applies to ProxyDigestAuthHandler.
History
Date User Action Args
2010-08-27 06:59:28Luci.Stanescusetrecipients: + Luci.Stanescu
2010-08-27 06:59:28Luci.Stanescusetmessageid: <1282892368.57.0.758322534297.issue9698@psf.upfronthosting.co.za>
2010-08-27 06:59:26Luci.Stanesculinkissue9698 messages
2010-08-27 06:59:24Luci.Stanescucreate