-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
2013-04-08
-
None
-
Python
Digest auth doesn't work using python (urllib) when behind a proxy.
A 400 Bad Request is returned without a body from musicbrainz.org.
An example script can be found at:
https://gist.github.com/JonnyJD/5429281 (password_test.py) using python-musicbrainzngs.
This cannot be reproduced using plain curl, since python's urllib does it differently.
When using the without a proxy it either works or gives a 401 when the password is incorrect.
With a proxy in between a 400 error is always returned, whether the password is correct or not.
The problem is probably: http://bugs.python.org/issue4140
urllib uses an absolute URI in the digest header when talking to a proxy (squid in my case) and musicbrainz.org receives these absolute URIs and rejects them.
When using urllib without a proxy (and curl with or without a proxy) the uri in the digest header is always a server path (without server name and protocol).
The resolution on the ticket is invalid, since using the absoluteURI is required in the spec.
behind proxy (using python 2.7):
POST http://test.musicbrainz.org/ws/2/recording?client=password_test.py-0.1 HTTP/1.1^M Accept-Encoding: identity^M Content-Length: 98^M Host: test.musicbrainz.org^M User-Agent: password_test.py/0.1 python-musicbrainz-ngs/0.4dev ( http://github.com/JonnyJD/musicbrainz-isrcsubmit )^M Connection: close^M Content-Type: application/xml; charset=UTF-8^M Authorization: Digest username="JonnyJD", realm="musicbrainz.org", nonce="nmpfGj6r4hGDzFnNYz14Mw==", uri="http://test.musicbrainz.org/ws/2/recording?client=password_test.py-0.1", response="3285e2d7be509adc73c04940816de4c8", opaque="bqhgGj6r4hGDzFnNYz14Mw==", algorithm="MD5", qop=auth, nc=00000001, cnonce="11fabbbda2085143"^
without proxy:
POST /ws/2/recording?client=password_test.py-0.1 HTTP/1.1 Accept-Encoding: identity Content-Length: 98 Host: test.musicbrainz.org User-Agent: password_test.py/0.1 python-musicbrainz-ngs/0.4dev ( http://github.com/JonnyJD/musicbrainz-isrcsubmit ) Connection: close Content-Type: application/xml; charset=UTF-8 Authorization: Digest username="JonnyJD", realm="musicbrainz.org", nonce="KkHsFECr4hGAJVnNYz14Mw==", uri="/ws/2/recording?client=password_test.py-0.1", response="b51454070016894d8790c85aac98fd2a", opaque="+lfsFECr4hGAJVnNYz14Mw==", algorithm="MD5", qop=auth, nc=00000001, cnonce="dbae7bdd04e155bf"
The difference is:
uri="h ttp://test.musicbrainz.org/ws/2/recording?client=password_test.py-0.1"