header auth matching breaks with Werkzeug>=2.3.0

[alexrashed]

With Werkzeug 2.3.0 the Authorization header parsing has been refactored quite a lot: https://github.com/pallets/werkzeug/commit/0bdf9bac15e2079abce098f9d105c4e207886319. Here's an excerpt from the changeset:

• Refactor the Authorization and WWWAuthenticate header data structures. :issue:1769, :pr:2619 ...
  • Neither class is a dict anymore, although they still implement getting, setting, and deleting auth[key] and auth.key syntax, as well as auth.get(key) and key in auth. ...

Unfortunately, this means that this class does not implement the __eq__ dunder method, which breaks this equality check: https://github.com/csernazs/pytest-httpserver/blob/1df798a207f06772dc46a765d108a6edb0ab3f9b/pytest_httpserver/httpserver.py#L135-L136

Here's an example which works with pytest-httpserver==1.0.6 and Werkzeug==2.2.3, but breaks with Werkzeug==2.3.0:

def test_httpserver(httpserver):
    test_headers = { "Authorization": "Bearer Rooooar" }
    httpserver.expect_request("/", headers=test_headers).respond_with_data("OK")
    response = requests.get(httpserver.url_for("/"), headers=test_headers)
    assert response.ok

This could either be fixed by adjusting the matcher, or by adding the __eq__ dunder method to Werkzeug's Authorization class (which might be useful for others as well?).

[csernazs]

Hi there,

Thanks for the fine bug report! I'll probably fix this tomorrow.

Zsolt

[davidism]

I'll implement __eq__ in Werkzeug, checking if two auths are equal makes sense.

[csernazs]

thanks @davidism!

@alexrashed, are you ok with having this fix in the next release of werkzeug?

[alexrashed]

Sure! Thanks, @davidism and @csernazs for tackling it. :) Feel free to close this issue (or to keep it open until 2.3.1 is released).

[csernazs]

2.3.1 has been released, the tests pass, so I'm closing this