Digest authentication fails during redirect - patch attached

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Test against Apache, with a URL (http://localhost/uiws/ in my example)
which will be redirected to another (/uiws/xml/overview in the example).
The whole server is set up to require digest authentication.
2. conn = Http()
3. conn.add_credentials('foo', '123')
4. conn.request ('http://localhost/uiws/')

What is the expected output? What do you see instead?

This should have authenticated correctly and produced the content of
/uiws/xml/overview, but instead produced an error from Apache "400 Bad
Request".

What version of the product are you using? On what operating system?

0.5.0 (and also latest repository code) on Python 2.6 under Linux

Please provide any additional information below.

The problem is that the DigestAuthentication class (and also
HmacDigestAuthentication and WsseAuthentication) add an "Authorization"
header with exactly that capitalisation, whereas the Http.request method
normalizes header names to lower case.

In performing the redirect, the recursive call to request() receives the
old header, which is no longer valid, under the normalized key
"authorization" and adds the new one with the capital letter.

The result is that both headers are sent, and the behaviour is dependent on
the server, but Apache sees it as an error.

The fix is to ensure that the lower-case version of the header is used
consistently within httplib2.  The attached patch fixes the "authorization"
header in the three classes mentioned.

Original issue reported on code.google.com by paul.rou...@gmail.com on 29 Sep 2009 at 8:40

Attachments:

• auth-patch

[GoogleCodeExporter]

Original comment by joe.gregorio@gmail.com on 13 Jun 2011 at 6:06

• Changed state: Fixed