[Patches] [ python-Patches-1037974 ] urllib2 HTTP digest
authentication fix
SourceForge.net
noreply at sourceforge.net
Wed Dec 22 15:27:53 CET 2004
Patches item #1037974, was opened at 2004-09-30 19:10
Message generated for change (Comment added) made by jhylton
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1037974&group_id=5470
Category: Library (Lib)
Group: Python 2.3
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Mathieu Fenniak (mfenniak)
>Assigned to: Jeremy Hylton (jhylton)
Summary: urllib2 HTTP digest authentication fix
Initial Comment:
Although the 'algorithm' component of the Authorization header is
considered optional by RFC 2617, there are sites that do not
function without providing algorithm notification. Specifically, this
problem is encounted with LiveJournal RSS feeds (where HTTP
digest authentication can be used to view non-public livejournal
entries).
This patch makes the algorithm flag always sent in the
Authorization header. The following test script demonstrates the
problem for a LiveJournal RSS feed (username and password must
be entered):
import urllib2
class PasswordMgr(object):
def find_user_password(self, realm, authuri):
return "someuser", "somepass"
def add_password(self):
pass
rssURI = "http://livejournal.com/users/someuser/data/rss?
auth=digest"
handler = urllib2.HTTPDigestAuthHandler(PasswordMgr())
opener = urllib2.build_opener(handler)
opener.open(rssURI)
With the attached patch, this works successfully. Without it, it fails
with an HTTP 401 error.
----------------------------------------------------------------------
>Comment By: Jeremy Hylton (jhylton)
Date: 2004-12-22 14:27
Message:
Logged In: YES
user_id=31392
Fixed in rev 1.78 of urllib2
----------------------------------------------------------------------
Comment By: Titus Brown (titus)
Date: 2004-12-19 07:24
Message:
Logged In: YES
user_id=23486
Patch is simple (one line removed from current urllib2!). I don't know
much about http digest authentication, so I can't say anything about
whether or not this correct; but I have verified that it fixes the
LiveJournal behavior noted in the patch description (on Linux, under
current CVS tree). Moreover the MD5
algorithm is the default, so this patch merely changes the behavior to be
more verbose than it is currently -- it shouldn't break any existing actual
functionality.
Recommend application of patch.
----------------------------------------------------------------------
Comment By: Mathieu Fenniak (mfenniak)
Date: 2004-09-30 19:13
Message:
Logged In: YES
user_id=1131071
Err, sorry, it appears I didn't attach the patch. Here it is.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1037974&group_id=5470
More information about the Patches
mailing list