using HTTP Digest auth with arbitrary HTTP methods?
jtr at ofb.net
Sun Jan 2 22:38:04 EST 2005
In comp.lang.python, [I] wrote:
> Hello there. I've run into some missing functionality with HTTP Digest
> authentication in the 2.3 library and I was wondering if I'm just
> missing something.
> Missing functionality the first: urllib2
> 1a. You can add "handlers" to your opener indicating that you want to
> use HTTP Digest auth. This is nice way to handle it, but I don't
> see any way to use a custom verb in your URLOpener -- it always
> uses either GET or POST depending on whether you provided data.
> Is there any way to specify an arbitrary method? This would allow
> urllib2 to be used to write WebDAV clients.
> 1b. HTTPDigestAuthHandler is initialized with an HTTPPasswordMgr
> object, which unfortunately deals in cleartext passwords. Digest
> authentication can be computed using only a hash of username,
> password, and realm; it would be nice if there was an alternate
> version of HTTPPasswordMgr that let you deal in hashes instead of
> or in addition to plaintext passwords.
Well, I figured out a workaround, but it requires changing urllib2.py
since the bugs are in base classes.
I instead copied it (to urllib3.py) and made the following changes:
a. in AbstractDigestAuthHandler.get_authorization, call
req.get_method() instead of req.has_data() and 'POST' or 'GET'
(python has a ternary operator, who knew)
b. in AbstractHTTPHandler.do_open, call req.get_method instead of the
hard-coded if-logic which is the same as that in req.get_method
Both of these seem like bugs in urllib2.
Then I overrode urllib2.Request and made it possibly to set the method,
and then passed an instance of my custom Request class (the one that
shouldn't have to exist, since Request should allow method to be set
explicitly) to OpenerDirector.open().
I'd like to see these changes make it into the standard library -- after
being vetted by whoever's in charge of urllib2. Anybody know who I
should talk to?
More information about the Python-list