[issue2202] urllib2 fails against IIS 6.0 (No support for MD5-sess auth)
Manuel Muradás mmura...@dieresys.com.ar added the comment: Here is a patch for supporting MD5-sess, following RFC2617 specification. Some comments/warnings: * I've only tested the patch against IIS 6.0. I don't know about other servers supporting MD5-sess. * IIS 6.0 expects the User Agent to send the URI (in the Authorization header) without the query string. * This patch doesn't add support for Digest sessions. For each request we make, we get a new [401|407] message with a new nonce (depending if we're talking about a proxy with digest authentication or a web server). Then we generate another authenticated request using that nonce. For Digest sessions to be fully supported, we should be adding an [WWW|Proxy]-Authenticate header in each following request we made to the server using the last nonce. This includes both MD5-sess and MD5 digest implementations. * A1 is being recalculated for every request. Given the above, this is not a real problem. I'll open a new ticket regarding Digest sessions. -- keywords: +patch nosy: +dieresys Added file: http://bugs.python.org/file15964/urllib2-support_md5-sess.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue2202 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7752] Add support for Digest authentication session (reuse nonces)
New submission from Manuel Muradás mmura...@dieresys.com.ar:
Description:
As described in issue [2202], for each request we make, we get a new
[401|407] message with a new nonce (depending if we're talking about a proxy
with digest authentication or a web server). Then we generate another
authenticated request using that nonce. For Digest authentication session to be
fully supported, we should be adding a [WWW|Proxy]-Authenticate header in each
following request we made to the server using the last nonce sent by the
server. This will reduce the amount of requests performed, improving the
performance.
How common browsers behaves:
Browsers implements authentication session by reusing the last nonce
received from the web server for a given domain and Realm. When a request is
made to a new URL from the same domain, the browsers doesn't know if that URL
belongs to the same Realm. If the new URL is a sub-url of any other known URL
on that Realm, the browsers add the Authorization header to new request. If
they can't infer the Realm with this method, the Request is sent without the
header. If the new URL do belongs to the Realm, the Browsers uses the nonce
included in the response from the sever (with a 401 status code) to make new
requests to URLs belonging to that Realm.
Regarding proxies with Digest authentication, browsers reuse the last nonce
for every request made through the proxy.
For example:
URL1 redirects to URL2 and URL2 redirects to URL3:
Notes:
- = request
- = response
N = nonce
C = client nonce
NC = nonce count
---
[1]
URL1: http://domain/1/1.htm
URL2: http://domain/2/1.htm
URL3: http://domain/1/2.htm
- GET URL1
- 401 N1
- GET URL1 N1 C1 NC1
- 301 URL2
- GET URL2
- 401 N2
- GET URL2 N2 C2 NC1
- 301 URL3
- GET URL3 N2 C2 NC2
- 200
---
[2]
URL1: http://domain/1.htm
URL2: http://domain/1/1.htm
URL3: http://domain/2/1.htm
- GET URL1
- 401 N1
- GET URL1 N1 C1 NC1
- 301 URL2
- GET URL2 N1 C1 NC2
- 301 URL3
- GET URL3 N1 C1 NC3
- 200
About the patch:
I've added a 'http_request' to 'AbstractDigestAuthHandler' to add the
'*-Authenticate' header before performing the requests.
There is a known problem with this patch: we generate a new
AuthenticationSession against digest proxies when we are redirected to another
page (with a 30X code), instead of re-using the previous session (first we send
the redirected request without the authentication handler, we receive a new 407
code, and then we send the redirected request again with the new authentication
handler). This is caused because of the execution order of handlers:
- RedirectHandler generates a new request and calls to self.parent.open
- ProxyDigestAuthHandler tries to find an AuthenticationSession for that
request but fails ('Request.get_host' returns the web server host)
- ProxyHandler modifies the request (now 'Request.get_host' returns the proxy
host)
Comments are more than welcome!!
--
components: Library (Lib)
files: urllib2-support_digest_sessions.diff
keywords: patch
messages: 98120
nosy: dieresys
severity: normal
status: open
title: Add support for Digest authentication session (reuse nonces)
type: feature request
versions: Python 2.7
Added file:
http://bugs.python.org/file15966/urllib2-support_digest_sessions.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7752
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7570] Error in urllib2 example
New submission from Manuel Muradás mmura...@dieresys.com.ar:
We've found an error in an urllib2 example with Proxy Basic
authentication. This is the example with the error:
{{{
This example replaces the default ProxyHandler with one that uses
programmatically-supplied proxy URLs, and adds proxy authorization
support with ProxyBasicAuthHandler.
proxy_handler = urllib2.ProxyHandler({'http':
'http://www.example.com:3128/'})
proxy_auth_handler = urllib2.HTTPBasicAuthHandler()
proxy_auth_handler.add_password('realm', 'host', 'username', 'password')
opener = build_opener(proxy_handler, proxy_auth_handler)
# This time, rather than install the OpenerDirector, we use it directly:
opener.open('http://www.example.com/login.html')
}}}
Attached you will find a patch with the fix.
--
assignee: georg.brandl
components: Documentation
files: urllib2.patch
keywords: patch
messages: 96843
nosy: dieresys, georg.brandl
severity: normal
status: open
title: Error in urllib2 example
versions: Python 2.6, Python 2.7
Added file: http://bugs.python.org/file15668/urllib2.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7570
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7291] urllib2 cannot handle https with proxy requiring auth
Manuel Muradás mmura...@dieresys.com.ar added the comment: Hi! 2.6 backport is missing an argument in _set_tunnel definition. It should be: def _set_tunnel(self, host, port=None, headers=None): -- nosy: +dieresys ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7291 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7291] urllib2 cannot handle https with proxy requiring auth
Manuel Muradás mmura...@dieresys.com.ar added the comment:
The patch fixes only when you pass the authentication info in the proxy
handler's URL. Like:
proxy_handler = urllib2.ProxyHandler({'https':
'http://user:p...@proxy-example.com:3128/'})
But setting the authentication using a ProxyBasicAuthHandler is still
broken:
proxy_auth_handler = urllib2.ProxyBasicAuthHandler()
proxy_auth_handler.add_password('realm', 'proxy-example.com:3128',
'user', 'pass')
In the attached file (urllib2_with_proxy_auth_comparison.py) we've wrote
a comparison between what works with HTTP and HTTPS.
The problem is the 407 error never reaches the ProxyBasicAuthHandler
because HTTPConnection._tunnel raises an exception when the http
response status code is not 200.
--
Added file:
http://bugs.python.org/file15669/urllib2_with_proxy_auth_comparison.py
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7291
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue3396] rlcompleter can't autocomplete members of callable objects
Manuel Muradás [EMAIL PROTECTED] added the comment: Oops, you are right. If that is the way we should handle this regression, I could upload a patch. I also thought we could use hasattr, but that means using getattr twice. Something like: if word[:n] == attr and word != __builtins__ and hasattr(object, word): val = getattr(object, word) What do you think about it? -- nosy: +dieresys ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue3396 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue449227] rlcompleter add ( to callables feature
Manuel Muradás [EMAIL PROTECTED] added the comment: Guilherme, Thanks a lot for taking some time to review my patch. Here is a new version. Please take another look and tell me what do you think about it. Thanks again Added file: http://bugs.python.org/file10721/rlcompleter2.6.diff ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue449227 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue449227] rlcompleter add ( to callables feature
Changes by Manuel Muradás [EMAIL PROTECTED]: Removed file: http://bugs.python.org/file10714/rlcompleterAndDoc2.6.diff ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue449227 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue449227] rlcompleter add ( to callables feature
Manuel Muradás [EMAIL PROTECTED] added the comment: I have also updated the rlcompleter documentation. Here is the complete patch. rlcompleterAndDoc2.6.diff -- nosy: +facundobatista Added file: http://bugs.python.org/file10714/rlcompleterAndDoc2.6.diff ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue449227 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue449227] rlcompleter add ( to callables feature
Changes by Manuel Muradás [EMAIL PROTECTED]: Removed file: http://bugs.python.org/file10695/rlcompleter2.6.diff ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue449227 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1044479] docs for Py_UNICODE are wrong
Manuel Muradás [EMAIL PROTECTED] added the comment: This looks fixed to me. The current documentation is much more clear. Look: http://docs.python.org/api/unicodeObjects.html -- nosy: +dieresys ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue1044479 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1044479] docs for Py_UNICODE are wrong
Manuel Muradás [EMAIL PROTECTED] added the comment: This is the link to the current py_unicode documentation: http://docs.python.org/dev/c-api/unicode.html ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue1044479 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue449227] rlcompleter add ( to callables feature
Manuel Muradás [EMAIL PROTECTED] added the comment: Here is a new patch against 2.6. -- nosy: +dieresys Added file: http://bugs.python.org/file10695/rlcompleter2.6.diff ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue449227 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
