[Patches] [ python-Patches-1037974 ] urllib2 HTTP digest authentication fix

SourceForge.net noreply at sourceforge.net
Wed Dec 22 15:27:53 CET 2004 

Patches item #1037974, was opened at 2004-09-30 19:10
Message generated for change (Comment added) made by jhylton
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1037974&group_id=5470

Category: Library (Lib)
Group: Python 2.3
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Mathieu Fenniak (mfenniak)
>Assigned to: Jeremy Hylton (jhylton)
Summary: urllib2 HTTP digest authentication fix

Initial Comment:
Although the 'algorithm' component of the Authorization header is 
considered optional by RFC 2617, there are sites that do not 
function without providing algorithm notification.  Specifically, this 
problem is encounted with LiveJournal RSS feeds (where HTTP 
digest authentication can be used to view non-public livejournal 
entries).

This patch makes the algorithm flag always sent in the 
Authorization header.  The following test script demonstrates the 
problem for a LiveJournal RSS feed (username and password must 
be entered):

    import urllib2

    class PasswordMgr(object):
        def find_user_password(self, realm, authuri):
            return "someuser", "somepass"
        def add_password(self):
            pass

    rssURI = "http://livejournal.com/users/someuser/data/rss?
auth=digest"

    handler = urllib2.HTTPDigestAuthHandler(PasswordMgr())
    opener = urllib2.build_opener(handler)
    opener.open(rssURI)

With the attached patch, this works successfully.  Without it, it fails 
with an HTTP 401 error.

----------------------------------------------------------------------

>Comment By: Jeremy Hylton (jhylton)
Date: 2004-12-22 14:27

Message:
Logged In: YES 
user_id=31392

Fixed in rev 1.78 of urllib2

----------------------------------------------------------------------

Comment By: Titus Brown (titus)
Date: 2004-12-19 07:24

Message:
Logged In: YES 
user_id=23486

Patch is simple (one line removed from current urllib2!).  I don't know 
much about http digest authentication, so I can't say anything about 
whether or not this correct; but I have verified that it fixes the 
LiveJournal behavior noted in the patch description (on Linux, under 
current CVS tree).  Moreover the MD5 
algorithm is the default, so this patch merely changes the behavior to be 
more verbose than it is currently -- it shouldn't break any existing actual 
functionality.

Recommend application of patch.



----------------------------------------------------------------------

Comment By: Mathieu Fenniak (mfenniak)
Date: 2004-09-30 19:13

Message:
Logged In: YES 
user_id=1131071

Err, sorry, it appears I didn't attach the patch.  Here it is.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1037974&group_id=5470

More information about the Patches mailing list