treq
treq copied to clipboard
twisted
HTTP Digest authentication support
This is basically just #111 cherry-picked with merge conflicts fixed and POST Digest Authentication fixed.
Codecov Report
Merging #131 into master will decrease coverage by
0.93%. The diff coverage is88.1%.
@@ Coverage Diff @@
## master #131 +/- ##
==========================================
- Coverage 98.86% 97.92% -0.94%
==========================================
Files 26 26
Lines 2285 2510 +225
Branches 165 183 +18
==========================================
+ Hits 2259 2458 +199
- Misses 14 32 +18
- Partials 12 20 +8
| Impacted Files | Coverage Δ | |
|---|---|---|
| src/treq/test/test_treq_integration.py | 96.56% <100%> (+1.27%) |
:arrow_up: |
| src/treq/test/test_auth.py | 100% <100%> (ø) |
:arrow_up: |
| src/treq/auth.py | 84.65% <82.46%> (-15.35%) |
:arrow_down: |
| src/treq/client.py | 98.47% <0%> (+0.5%) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update 2d45c82...e0d7208. Read the comment docs.
The tests fail on Python 3, looks like you're trying to use a str as the header instead of a bytes.
@dreid How would I got about fixing the issue with the header being a str instead of bytes? I'm having trouble debugging that.
@jameshilliard
How would I got about fixing the issue with the header being a str instead of bytes? I'm having trouble debugging that.
Start by using byte strings (b"") everywhere internally.
@dreid I think I've got everything converted to using byte strings, now I'm getting 401 errors instead(I verified against a production server to confirm it's not just the tests that are failing) for python 3. Any idea what might be causing authentication to fail?
I finally managed to get all travis-ci tests to pass. I also got it working with IIS digest auth which uses MD5-SESS although I couldn't find a MD5-SESS endpoint for automated testing.
I'm trying to figure out how to refactor this to prevent more than one of the initial requests from firing at the same time per HTTPDigestAuth instance. I tried using DeferredLock and moving the auth cache into HTTPDigestAuth but didn't have much success there.
The way we use this in production is we hit 2 endpoints at the same time so I'm trying to get this to only do one initial request for the realm then immediately fire both of those endpoint requests at the same time once I get the realm.
@jameshilliard @mksh Would it be fair to say that #267 supersedes this?
I went ahead and merged trunk into the changes made in #267 and fixed the merge conflicts/tests.
@jameshilliard this looks pretty good but a lot of these methods are missing type annotations. Can you add those in?
@jameshilliard this looks pretty good but a lot of these methods are missing type annotations. Can you add those in?
Sure, will work on that and update.
Sorry, I still have a few concerns about security here that I want to make sure are addressed in a comment or something.
I refactored the header builder based on the latest version in requests so it shouldn't be any worse than that version and appears to be unlikely to be a viable attack vector in practice here in general.
And we should really avoid adding new magic byte sequences without an accompanying Enum somewhere so that callers can type-check their invocations.
I changed algorithm to use an Enum.