using HTTP Digest auth with arbitrary HTTP methods?

John Reese jtr at ofb.net
Mon Jan 3 02:19:17 CET 2005


Hello there.  I've run into some missing functionality with HTTP Digest
authentication in the 2.3 library and I was wondering if I'm just
missing something.

Missing functionality the first: urllib2

  1a. You can add "handlers" to your opener indicating that you want to
      use HTTP Digest auth.  This is nice way to handle it, but I don't
      see any way to use a custom verb in your URLOpener -- it always
      uses either GET or POST depending on whether you provided data.
      Is there any way to specify an arbitrary method?  This would allow
      urllib2 to be used to write WebDAV clients.

  1b. HTTPDigestAuthHandler is initialized with an HTTPPasswordMgr
      object, which unfortunately deals in cleartext passwords.  Digest
      authentication can be computed using only a hash of username,
      password, and realm; it would be nice if there was an alternate
      version of HTTPPasswordMgr that let you deal in hashes instead of
      or in addition to plaintext passwords.

Missing functionality the second: httplib.

  2a. httplib.HTTPConnection lets you execute arbitrary HTTP methods
      with arbitrary headers and data; this is the missing functionality
      in 1a above.  However, you have to deal with following redirects
      and authentication and so forth yourself.  Is there any way to use
      the flexibility of
      HTTPConnection.request(method, url[, body[, headers]])
      with the convenience of the chains of urllib2 handlers?


The upshot is what I'm trying to do is write a WebDAV-using DAV client
library, and I almost have everything I need to do it; the problem is I
can't find an easy way to do digest authentication for arbitrary HTTP
methods.  WebDAV (RFC 2518), for those not familiar, is an extension to
HTTP that defines some new methods and settles the semantics of some
existing but rarely implemented HTTP methods (PUT and DELETE, for
example) to define something similar to a file system.  It's intended
for things like letting a group of people author a web site.



More information about the Python-list mailing list