473,320 Members | 1,846 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

using HTTP Digest auth with arbitrary HTTP methods?

Hello there. I've run into some missing functionality with HTTP Digest
authentication in the 2.3 library and I was wondering if I'm just
missing something.

Missing functionality the first: urllib2

1a. You can add "handlers" to your opener indicating that you want to
use HTTP Digest auth. This is nice way to handle it, but I don't
see any way to use a custom verb in your URLOpener -- it always
uses either GET or POST depending on whether you provided data.
Is there any way to specify an arbitrary method? This would allow
urllib2 to be used to write WebDAV clients.

1b. HTTPDigestAuthHandler is initialized with an HTTPPasswordMgr
object, which unfortunately deals in cleartext passwords. Digest
authentication can be computed using only a hash of username,
password, and realm; it would be nice if there was an alternate
version of HTTPPasswordMgr that let you deal in hashes instead of
or in addition to plaintext passwords.

Missing functionality the second: httplib.

2a. httplib.HTTPConnection lets you execute arbitrary HTTP methods
with arbitrary headers and data; this is the missing functionality
in 1a above. However, you have to deal with following redirects
and authentication and so forth yourself. Is there any way to use
the flexibility of
HTTPConnection.request(method, url[, body[, headers]])
with the convenience of the chains of urllib2 handlers?
The upshot is what I'm trying to do is write a WebDAV-using DAV client
library, and I almost have everything I need to do it; the problem is I
can't find an easy way to do digest authentication for arbitrary HTTP
methods. WebDAV (RFC 2518), for those not familiar, is an extension to
HTTP that defines some new methods and settles the semantics of some
existing but rarely implemented HTTP methods (PUT and DELETE, for
example) to define something similar to a file system. It's intended
for things like letting a group of people author a web site.
Jul 18 '05 #1
3 3162
In comp.lang.python, [i] wrote:
Hello there. I've run into some missing functionality with HTTP Digest
authentication in the 2.3 library and I was wondering if I'm just
missing something.

Missing functionality the first: urllib2

1a. You can add "handlers" to your opener indicating that you want to
use HTTP Digest auth. This is nice way to handle it, but I don't
see any way to use a custom verb in your URLOpener -- it always
uses either GET or POST depending on whether you provided data.
Is there any way to specify an arbitrary method? This would allow
urllib2 to be used to write WebDAV clients.

1b. HTTPDigestAuthHandler is initialized with an HTTPPasswordMgr
object, which unfortunately deals in cleartext passwords. Digest
authentication can be computed using only a hash of username,
password, and realm; it would be nice if there was an alternate
version of HTTPPasswordMgr that let you deal in hashes instead of
or in addition to plaintext passwords.


Well, I figured out a workaround, but it requires changing urllib2.py
since the bugs are in base classes.

I instead copied it (to urllib3.py) and made the following changes:
a. in AbstractDigestAuthHandler.get_authorization, call
req.get_method() instead of req.has_data() and 'POST' or 'GET'
(python has a ternary operator, who knew)
b. in AbstractHTTPHandler.do_open, call req.get_method instead of the
hard-coded if-logic which is the same as that in req.get_method

Both of these seem like bugs in urllib2.

Then I overrode urllib2.Request and made it possibly to set the method,
and then passed an instance of my custom Request class (the one that
shouldn't have to exist, since Request should allow method to be set
explicitly) to OpenerDirector.open().

I'd like to see these changes make it into the standard library -- after
being vetted by whoever's in charge of urllib2. Anybody know who I
should talk to?
Jul 18 '05 #2
John Reese <jt*@ofb.net> writes:
In comp.lang.python, [i] wrote: [...] I instead copied it (to urllib3.py) and made the following changes:
a. in AbstractDigestAuthHandler.get_authorization, call
req.get_method() instead of req.has_data() and 'POST' or 'GET'
(python has a ternary operator, who knew)
(Re ternary operator: Everybody who read this list at certain times in
the past is painfully aware of that fact, and of precisely why it's
not quite true, and of all the syntax alternatives for real ternary
conditionals that will never be part of Python ;-)

b. in AbstractHTTPHandler.do_open, call req.get_method instead of the
hard-coded if-logic which is the same as that in req.get_method

Both of these seem like bugs in urllib2.
Yup, bugs both.

Then I overrode urllib2.Request and made it possibly to set the method,
and then passed an instance of my custom Request class (the one that
shouldn't have to exist, since Request should allow method to be set
explicitly) to OpenerDirector.open().

I'd like to see these changes make it into the standard library -- after
being vetted by whoever's in charge of urllib2. Anybody know who I
should talk to?


Nobody is really in charge: just go ahead and submit a patch. Drop me
an email when you do, and I'll try to review it. The only reason
urllib2 doesn't already do arbitrary HTTP methods is that nobody has
spent the time to think carefully if a .set_method() really is the
right way to do it, then followed through with the work needed to get
a patch applied.

As always, a precondition for change is that somebody thinks something
through carefully, writes tests, documentation, patch and submits all
three to the SF patch tracker with a brief explanation like the one
you give above.

BTW, Greg Stein started work on adding the stuff you need at the
httplib level (as module httpx). He seems too busy to finish it, but
see modules httpx and davlib (one or both are in the Python CVS
sandbox). He thinks httplib is a better place for DAV than urllib2,
and he should know. But go ahead and fix urllib2 anyway... :-)
John

Jul 18 '05 #3
On 03 Jan 2005 18:11:06 +0000, John J. Lee <jj*@pobox.com> wrote:
(Re ternary operator: Everybody who read this list at certain times in
the past is painfully aware of that fact, and of precisely why it's
not quite true, and of all the syntax alternatives for real ternary
conditionals that will never be part of Python ;-)
Yeah, I ran across the PEP after I posted this. Sorry to bring up a
sore subject....
Nobody is really in charge: just go ahead and submit a patch. Drop me
an email when you do, and I'll try to review it. The only reason
urllib2 doesn't already do arbitrary HTTP methods is that nobody has
spent the time to think carefully if a .set_method() really is the
right way to do it, then followed through with the work needed to get
a patch applied.
Patch id #1095362 on Sourceforge. It turns out one of the bugs had
already been fixed in CVS -- the digest bug was the only one left, so
this is a one-line fix.

As always, a precondition for change is that somebody thinks something
through carefully, writes tests, documentation, patch and submits all
three to the SF patch tracker with a brief explanation like the one
you give above.

BTW, Greg Stein started work on adding the stuff you need at the
httplib level (as module httpx). He seems too busy to finish it, but
see modules httpx and davlib (one or both are in the Python CVS
sandbox). He thinks httplib is a better place for DAV than urllib2,
and he should know. But go ahead and fix urllib2 anyway... :-)


These files are 2 and 3 years old. He's probably right that an
interface more like httplib would be more appropriate for a DAV client;
urllib2 is more about generalizing open() to use URLs than fully
exposing the protocol. But urllib2 does have all those convenient
handler-chains, and a good DAV client needs to handle a lot of those
same situations, so it might be a good idea to at least find a way to
share the handler classes.
Jul 18 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: trapeze.jsg | last post by:
Hi. I am trying to get through to Microsoft MapPoint Services using ZSI for soap handling. I can generate the service classes and also the soap-requests generated by the service classes seem to...
2
by: trapeze.jsg | last post by:
Hi. Is there anybody who have tried to use python to access Microsofts MapPoint soap services? I am trying hard but I have run into a big thick wall called md5 digest authentication. The...
4
by: Matthew Roche | last post by:
Greetings: I am developing an application that uses an ASP.NET Web Forms application for its UI and ASP.NET web services for its business tier, and I am looking for assistance in improving my...
3
by: Patrick Fogarty | last post by:
I am programming what is to be a web service client that will use an HTTP-POST to request and retrieve data. The remote server (written in java for what it's worth) requires basic authentication...
7
by: fakeprogress | last post by:
For a homework assignment in my Data Structures/C++ class, I have to create the interface and implementation for a class called Book, create objects within the class, and process transactions that...
3
by: Jay-nospam | last post by:
Hi there, I am having trouble getting an ASP.NET web application to connect to another computer and passing the proper credentials and I hope someone can help me. I have a stand-alone Windows...
1
by: mirandacascade | last post by:
I am attempting to implement a process, and I'm pretty sure that a major roadblock is that I do not understand the nomenclature. The specs indicate that the goal is to calculate a message digest...
5
by: mofoloom | last post by:
java program that will tae as input,an arbitrary block of plaintext and genere a message digest using MD-5. show that with high probability, about halve bits are on.also show that no different...
44
by: John Dann | last post by:
I'm unclear as to how best to use what I'm terming the top-level CSS selectors, by which I mean selectors like *, html and body. I'm coming at this from trying to understand how best to set font...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.