Hello there. I've run into some missing functionality with HTTP Digest
authentication in the 2.3 library and I was wondering if I'm just
missing something.
Missing functionality the first: urllib2
1a. You can add "handlers" to your opener indicating that you want to
use HTTP Digest auth. This is nice way to handle it, but I don't
see any way to use a custom verb in your URLOpener -- it always
uses either GET or POST depending on whether you provided data.
Is there any way to specify an arbitrary method? This would allow
urllib2 to be used to write WebDAV clients.
1b. HTTPDigestAuthH andler is initialized with an HTTPPasswordMgr
object, which unfortunately deals in cleartext passwords. Digest
authentication can be computed using only a hash of username,
password, and realm; it would be nice if there was an alternate
version of HTTPPasswordMgr that let you deal in hashes instead of
or in addition to plaintext passwords.
Missing functionality the second: httplib.
2a. httplib.HTTPCon nection lets you execute arbitrary HTTP methods
with arbitrary headers and data; this is the missing functionality
in 1a above. However, you have to deal with following redirects
and authentication and so forth yourself. Is there any way to use
the flexibility of
HTTPConnection. request(method, url[, body[, headers]])
with the convenience of the chains of urllib2 handlers?
The upshot is what I'm trying to do is write a WebDAV-using DAV client
library, and I almost have everything I need to do it; the problem is I
can't find an easy way to do digest authentication for arbitrary HTTP
methods. WebDAV (RFC 2518), for those not familiar, is an extension to
HTTP that defines some new methods and settles the semantics of some
existing but rarely implemented HTTP methods (PUT and DELETE, for
example) to define something similar to a file system. It's intended
for things like letting a group of people author a web site. 3 3191
In comp.lang.pytho n, [i] wrote: Hello there. I've run into some missing functionality with HTTP Digest authentication in the 2.3 library and I was wondering if I'm just missing something.
Missing functionality the first: urllib2
1a. You can add "handlers" to your opener indicating that you want to use HTTP Digest auth. This is nice way to handle it, but I don't see any way to use a custom verb in your URLOpener -- it always uses either GET or POST depending on whether you provided data. Is there any way to specify an arbitrary method? This would allow urllib2 to be used to write WebDAV clients.
1b. HTTPDigestAuthH andler is initialized with an HTTPPasswordMgr object, which unfortunately deals in cleartext passwords. Digest authentication can be computed using only a hash of username, password, and realm; it would be nice if there was an alternate version of HTTPPasswordMgr that let you deal in hashes instead of or in addition to plaintext passwords.
Well, I figured out a workaround, but it requires changing urllib2.py
since the bugs are in base classes.
I instead copied it (to urllib3.py) and made the following changes:
a. in AbstractDigestA uthHandler.get_ authorization, call
req.get_method( ) instead of req.has_data() and 'POST' or 'GET'
(python has a ternary operator, who knew)
b. in AbstractHTTPHan dler.do_open, call req.get_method instead of the
hard-coded if-logic which is the same as that in req.get_method
Both of these seem like bugs in urllib2.
Then I overrode urllib2.Request and made it possibly to set the method,
and then passed an instance of my custom Request class (the one that
shouldn't have to exist, since Request should allow method to be set
explicitly) to OpenerDirector. open().
I'd like to see these changes make it into the standard library -- after
being vetted by whoever's in charge of urllib2. Anybody know who I
should talk to?
John Reese <jt*@ofb.net> writes: In comp.lang.pytho n, [i] wrote:
[...] I instead copied it (to urllib3.py) and made the following changes: a. in AbstractDigestA uthHandler.get_ authorization, call req.get_method( ) instead of req.has_data() and 'POST' or 'GET' (python has a ternary operator, who knew)
(Re ternary operator: Everybody who read this list at certain times in
the past is painfully aware of that fact, and of precisely why it's
not quite true, and of all the syntax alternatives for real ternary
conditionals that will never be part of Python ;-)
b. in AbstractHTTPHan dler.do_open, call req.get_method instead of the hard-coded if-logic which is the same as that in req.get_method
Both of these seem like bugs in urllib2.
Yup, bugs both.
Then I overrode urllib2.Request and made it possibly to set the method, and then passed an instance of my custom Request class (the one that shouldn't have to exist, since Request should allow method to be set explicitly) to OpenerDirector. open().
I'd like to see these changes make it into the standard library -- after being vetted by whoever's in charge of urllib2. Anybody know who I should talk to?
Nobody is really in charge: just go ahead and submit a patch. Drop me
an email when you do, and I'll try to review it. The only reason
urllib2 doesn't already do arbitrary HTTP methods is that nobody has
spent the time to think carefully if a .set_method() really is the
right way to do it, then followed through with the work needed to get
a patch applied.
As always, a precondition for change is that somebody thinks something
through carefully, writes tests, documentation, patch and submits all
three to the SF patch tracker with a brief explanation like the one
you give above.
BTW, Greg Stein started work on adding the stuff you need at the
httplib level (as module httpx). He seems too busy to finish it, but
see modules httpx and davlib (one or both are in the Python CVS
sandbox). He thinks httplib is a better place for DAV than urllib2,
and he should know. But go ahead and fix urllib2 anyway... :-)
John
On 03 Jan 2005 18:11:06 +0000, John J. Lee <jj*@pobox.co m> wrote: (Re ternary operator: Everybody who read this list at certain times in the past is painfully aware of that fact, and of precisely why it's not quite true, and of all the syntax alternatives for real ternary conditionals that will never be part of Python ;-)
Yeah, I ran across the PEP after I posted this. Sorry to bring up a
sore subject....
Nobody is really in charge: just go ahead and submit a patch. Drop me an email when you do, and I'll try to review it. The only reason urllib2 doesn't already do arbitrary HTTP methods is that nobody has spent the time to think carefully if a .set_method() really is the right way to do it, then followed through with the work needed to get a patch applied.
Patch id #1095362 on Sourceforge. It turns out one of the bugs had
already been fixed in CVS -- the digest bug was the only one left, so
this is a one-line fix. As always, a precondition for change is that somebody thinks something through carefully, writes tests, documentation, patch and submits all three to the SF patch tracker with a brief explanation like the one you give above.
BTW, Greg Stein started work on adding the stuff you need at the httplib level (as module httpx). He seems too busy to finish it, but see modules httpx and davlib (one or both are in the Python CVS sandbox). He thinks httplib is a better place for DAV than urllib2, and he should know. But go ahead and fix urllib2 anyway... :-)
These files are 2 and 3 years old. He's probably right that an
interface more like httplib would be more appropriate for a DAV client;
urllib2 is more about generalizing open() to use URLs than fully
exposing the protocol. But urllib2 does have all those convenient
handler-chains, and a good DAV client needs to handle a lot of those
same situations, so it might be a good idea to at least find a way to
share the handler classes. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: trapeze.jsg |
last post by:
Hi.
I am trying to get through to Microsoft MapPoint Services using ZSI for
soap handling. I can generate the service classes and also the
soap-requests generated by the service classes seem to be OK. The
problem I am facing is that I can't seem to authenticate myself. I have
made a small change to ZSI.client so that when I get a "401
Unauthorized" response from the remote server I build up a nice
authorization request:
|
by: trapeze.jsg |
last post by:
Hi.
Is there anybody who have tried to use python to access Microsofts
MapPoint soap services? I am trying hard but I have run into a big
thick wall called md5 digest authentication. The MapPoint service uses
rfc2617 to authenticate the user. I have a working account for this
which works using C# dotnet and Borland Delphi 6.0. When I try to
authenticate using python it fail.
Here is what I do to provoke the rfc2617 challenge:
|
by: Matthew Roche |
last post by:
Greetings:
I am developing an application that uses an ASP.NET Web Forms
application for its UI and ASP.NET web services for its business tier, and I
am looking for assistance in improving my application security. I want to use
declarative security on my web methods so I can secure them more easily. In
short, I want to secure the web services using the first code snippet below.
Please note that the web method has a custom SOAP header....
|
by: Patrick Fogarty |
last post by:
I am programming what is to be a web service client that will use an
HTTP-POST to request and retrieve data. The remote server (written in java
for what it's worth) requires basic authentication as per RFC 2617
(http://www.faqs.org/rfcs/rfc2617.html). My attempts to authenticate are
failing. The server requires the header to be present with the request.
For security reasons, it will not reply in any way if the header is not
present.
...
|
by: fakeprogress |
last post by:
For a homework assignment in my Data Structures/C++ class, I have to
create the interface and implementation for a class called Book, create
objects within the class, and process transactions that manipulate (and
report on) members of the class.
Interface consists of:
- 5 private variables
char author;
char title;
char code;
| |
by: Jay-nospam |
last post by:
Hi there,
I am having trouble getting an ASP.NET web application to connect to another
computer and passing the proper credentials and I hope someone can help me.
I have a stand-alone Windows 2003 Server, ServerA, running as a Web Server
that uses ASP.NET. The default.aspx file tries to access a file in a share
on another computer, ServerB. ServerA and ServerB are on the same domain and
are both running Windows 2003 Server.
|
by: mirandacascade |
last post by:
I am attempting to implement a process, and I'm pretty sure that a
major roadblock is that I do not understand the nomenclature. The
specs indicate that the goal is to calculate a message digest using an
SHA-256 algorithm. There are 2 examples included with the specs. The
label on the 2 examples are: 'HMAC samples'. In both examples, the
message on which the digest is to be calculated is (the 33 chars within
the quotes):
'This is a...
|
by: mofoloom |
last post by:
java program that will tae as input,an arbitrary block of plaintext and genere a message digest using MD-5. show that with high probability, about halve bits are on.also show that no different messages can hash to the same digest.
|
by: John Dann |
last post by:
I'm unclear as to how best to use what I'm terming the top-level CSS
selectors, by which I mean selectors like *, html and body. I'm coming
at this from trying to understand how best to set font sizes but I
seem to have strayed into a broader question.
Some CSS guides seem to suggest that a * declaration is good practice
for any style sheet, primarily I suppose to set zero defaults for
margin and padding for all other relevant selectors...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |