This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: fix for scheme identification in urllib2?
Type: behavior Stage: test needed
Components: Library (Lib) Versions: Python 2.6
process
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: orsenthil Nosy List: bboals, jjlee, orsenthil, zathras
Priority: normal Keywords: easy

Created on 2005-11-28 15:37 by bboals, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Messages (3)
msg60840 - (view) Author: Ben Boals (bboals) Date: 2005-11-28 15:37
I was looking at the following piece of code in urllib2

    def http_error_auth_reqed(self, auth_header, host,
req, headers):
        authreq = headers.get(auth_header, None)
        if self.retried > 5:
            # Don't fail endlessly - if we failed once,
we'll probably
            # fail a second time. Hm. Unless the
Password Manager is
            # prompting for the information. Crap. This
isn't great
            # but it's better than the current 'repeat
until recursion
            # depth exceeded' approach <wink>
            raise HTTPError(req.get_full_url(), 401,
"digest auth failed",
                            headers, None)
        else:
            self.retried += 1
        if authreq:
            scheme = authreq.split()[0]
            if scheme.lower() == 'digest':
                return self.retry_http_digest_auth(req,
authreq)
            else:
                raise
ValueError("AbstractDigestAuthHandler doesn't know "
                                 "about %s"%(scheme))

The particular thing that concerns me is scheme =     
       scheme = authreq.split()[0]
            if scheme.lower() == 'digest':
Quite frequently, when there are multiple auth schemes
allowed, digest is NOT the first one in the list.

I would suggest substituting

schemes = authreq.lower().split(',')##a list of schemes
allowed, all lowercase
    if('digest' in schemes):


and if needed, fixing the call to
retry_http_digest_auth so that the authreq passed is
valid  (assuming for some reason it assumes the digest
is first)


            

msg66239 - (view) Author: david reid (zathras) Date: 2008-05-04 21:20
I've run into this as an issue with a server that replies with both
digest and basic auth.

When parsing the keys in the header it's possible to detect the start of
a different auth method, so I'd suggest parsing the www-authenticate
line and returning a dict for each type of auth containing the
appropriate key,value pairs.

This approach should allow every auth type to be catered for.
msg95274 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2009-11-15 06:08
This issue is Invalid. I am sorry that it had be open for so long
without any explanation. 

The order in which the handlers are tried does not depend upon the way
http_error_auth_reqed method is coded, but rather on the handler_order.
In urllib2, we have handler_order set to 490 for digest and 500 for
basic, which means that Digest will always be tried before Basic
(Correctly so).  If you have any server implementing both Basic and
Digest (well,it is bad idea on the server part), you can try with any
client, like firefox and see that Digest overrules Basic.

Now, if you have two files (one under Basic Authentication ) and another
under Digest Authentication configured, then it all boils down to adding
"both" HTTPBasicAuthHandler and HTTPDigestAuthHandler to your
OpenerDirector instance. The handler_order and opener instance will
properly take care of opening the individual distinct requests with
appropriate handlers.
I tested it with the setup here and could not see any problem.  I am
closing this bug as Invalid.
History
Date User Action Args
2022-04-11 14:56:14adminsetgithub: 42635
2009-11-15 06:08:03orsenthilsetstatus: open -> closed
resolution: not a bug
messages: + msg95274
2009-05-06 02:40:06orsenthilsetassignee: orsenthil
2009-04-22 17:21:45ajaksu2setkeywords: + easy
2009-02-13 02:05:45ajaksu2setnosy: + jjlee
2009-02-12 17:41:18ajaksu2setnosy: + orsenthil
stage: test needed
type: behavior
versions: + Python 2.6
2008-05-04 21:20:27zathrassetnosy: + zathras
messages: + msg66239
2005-11-28 15:37:39bboalscreate