Support using netrc for non-proxy HTTP credentials

[yuvipanda]

What do these changes do?

Currently, setting trust_env=True in ClientSession will only use the .netrc
file if present for authentication to proxies. With this change, the credentials will
also be used for regular HTTP hosts, and Basic Auth will be sent if an appropriate
entry is present in the user's .netrc file.

Are there changes in behavior for the user?

YES! Currently, their .netrc file will be ignored when not making proxy requests. This
will start sending any credentials in netrc files to hosts.

The behavior of this PR seems to have possibly been the suggested behavior when
netrc support was initially added, based on this comment: #2584 (comment).

The behavior with this PR applied also matches requests and other libraries. In fact, this
was a deep dive output after trying to figure out why accessing NASA open data with requests
works but aiohttp does not :D (nsidc/earthaccess#188 has the trail crumbs).

If this is considered a breaking change, I'm happy to instead introduce a new param that
toggles this behavior instead. However, trust_env is what requests and other libraries use,
so may be ok.

Related issue number

#2581
#2584 (comment)
(outside aiohttp) nsidc/earthaccess#188

Checklist

• I think the code is well written
• Unit tests for the changes exist
• Documentation reflects the changes
• If you provide code modification, please add yourself to CONTRIBUTORS.txt
  • The format is <Name> <Surname>.
  • Please keep alphabetical order, the file is sorted by names.
• Add a new news fragment into the CHANGES folder
  • name it <issue_id>.<type> for example (588.bugfix)
  • if you don't have an issue_id change it to the pr id after creating the pr
  • ensure type is one of the following:
    • .feature: Signifying a new feature.
    • .bugfix: Signifying a bug fix.
    • .doc: Signifying a documentation improvement.
    • .removal: Signifying a deprecation or removal of public API.
    • .misc: A ticket has been closed, but it is not of interest to users.
  • Make sure to use full sentences with correct case and punctuation, for example: "Fix issue with non-ascii contents in doctest text files."

[yuvipanda]

I will add tests and documentation changes soon! Wanted to open this early to get @asvetlov's opinion (and others' too maybe?) on wether this is a breaking change or not.

THANK YOU SO MUCH for all the work on aiohttplib! It is heavily used in the open science / climate science ecosystem, and we are grateful for it.

[codecov]

Codecov Report

Merging #7131 (38a86d9) into master (d51013d) will decrease coverage by 0.01%.
The diff coverage is 95.31%.

@@            Coverage Diff             @@
##           master    #7131      +/-   ##
==========================================
- Coverage   97.38%   97.37%   -0.01%     
==========================================
  Files         106      106              
  Lines       31093    31146      +53     
  Branches     3875     3900      +25     
==========================================
+ Hits        30280    30329      +49     
- Misses        612      613       +1     
- Partials      201      204       +3     

Flag	Coverage Δ
CI-GHA	97.28% <95.31%> (-0.01%)	⬇️
OS-Linux	96.93% <95.31%> (-0.02%)	⬇️
OS-Windows	95.34% <95.23%> (-0.01%)	⬇️
OS-macOS	96.50% <95.31%> (-0.01%)	⬇️
Py-3.10.8	?
Py-3.10.9	97.02% <95.31%> (-0.01%)	⬇️
Py-3.11.0	95.60% <95.31%> (+<0.01%)	⬆️
Py-3.7.15	96.75% <95.23%> (-0.01%)	⬇️
Py-3.7.9	95.23% <95.16%> (-0.01%)	⬇️
Py-3.8.10	95.13% <95.23%> (-0.01%)	⬇️
Py-3.8.15	?
Py-3.8.16	96.65% <95.31%> (?)
Py-3.9.13	95.12% <95.23%> (-0.01%)	⬇️
Py-3.9.14	?
Py-3.9.15	?
Py-3.9.16	96.66% <95.31%> (-0.01%)	⬇️
Py-pypy7.3.10	?
Py-pypy7.3.11	94.15% <84.37%> (?)
Py-pypy7.3.9	?
VM-macos	96.50% <95.31%> (-0.01%)	⬇️
VM-ubuntu	96.93% <95.31%> (-0.02%)	⬇️
VM-windows	95.34% <95.23%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
aiohttp/helpers.py	95.09% <86.66%> (-0.29%)	⬇️
tests/conftest.py	95.90% <87.50%> (-0.59%)	⬇️
aiohttp/client.py	94.38% <100.00%> (+0.21%)	⬆️
aiohttp/client_reqrep.py	97.74% <100.00%> (+0.01%)	⬆️
tests/test_client_request.py	99.58% <100.00%> (+<0.01%)	⬆️
tests/test_helpers.py	98.99% <100.00%> (+0.03%)	⬆️
tests/autobahn/test_autobahn.py	98.33% <0.00%> (-1.67%)	⬇️
tests/test_web_functional.py	98.04% <0.00%> (-0.07%)	⬇️
aiohttp/web.py	99.18% <0.00%> (ø)
aiohttp/http.py	100.00% <0.00%> (ø)
... and 2 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[yuvipanda]

@Dreamsorcerer I really appreciate all the code clarity suggestions, thank you. I've implemented all of them, and tried to keep clarifying comments as well.

I've also added three unit tests. I'm not sure if test_netrc_from_env is redundant, happy to remove it if you think so.

[yuvipanda]

I also appreciate the checklist in the PR body template, and believe I have ticked all the boxes.

[yuvipanda]

I do not know what the correct version this is to be added in. I'd love to see this released sooner than later (:D) - would that be 3.8.4 or 3.9 or 4.x? It probably is either 3.9 or 4.x, but I am not sure what the next release is to be...

[webknjaz]

3.9 if backoported.

[yuvipanda]

I see two relevant errors perhaps in make mypy:

aiohttp/helpers.py:273: error: Argument 1 to "BasicAuth" has incompatible type "Optional[str]"; expected "str"  [arg-type]
aiohttp/client_reqrep.py:443: error: Argument 2 to "basicauth_from_netrc" has incompatible type "Optional[str]"; expected "str"  [arg-type]

Both of these are things we guard against with an if and an intermediate variable, but mypy doesn't seem to detect that. I've this PR to my PR open that fixes these yuvipanda#3.

However, these intermediate bools were added at your explicit request, @webknjaz (see #7131 (comment)). I personally find what mypy want, without intermediate boolean variables, a lot more readable as well. However, at this juncture I'll basically do whatever it is that you want to get this PR merged - so if you can point me to a way to make mypy happy while also keeping your intermediate variables I'll do so :)

[Dreamsorcerer]

However, these intermediate bools were added at your explicit request, @webknjaz (see #7131 (comment)). I personally find what mypy want, without intermediate boolean variables, a lot more readable as well.

Yeah, I don't think the second one improves readability at all. The first one is also scheduled for removal in a few years anyway, so I personally am not bothered about keeping them.

[yuvipanda]

@Dreamsorcerer i've hence merged in yuvipanda#3 so mypy should pass now!

[yuvipanda]

yay, all tests seem to pass now!

[yuvipanda]

Just wanted to check-in on this again, @Dreamsorcerer and @webknjaz :)

[yuvipanda]

The windows test failures seem unrelated? And the missing code coverage result is due to differences in python versions, so I hope that's ok.

[yuvipanda]

This time there's a macos test failure :) So i'd imagine those are flakes.

the codecov warning is one missed line, and that's due to differing behavior in versions of python. I hope that's ok to ignore.

[Dreamsorcerer]

This time there's a macos test failure :) So i'd imagine those are flakes.

Not flaky, they just don't work yet. If check has passed, then that means the tests are passing correctly.

the codecov warning is one missed line, and that's due to differing behavior in versions of python. I hope that's ok to ignore.

Hmm, that's not right. We run on Python 3.7-3.11, so if there was test coverage, it would have run. However, that code doesn't seem important and will be removed in a future version, so I'm not going to bother investigating.

[Dreamsorcerer]

If @webknjaz is happy to resolve his comments, then I'll merge it in.

[yuvipanda]

We run on Python 3.7-3.11, so if there was test coverage, it would have run.

Ah, hmm. I'm not sure why that's happening then :|

However, that code doesn't seem important and will be removed in a future version, so I'm not going to bother investigating.

I agree wholeheartedly!

[yuvipanda]

I'm going on vacation from tuesday for 15 days, and wanted to check-in and see if there is anything I can do before I go :)

[yuvipanda]

Just another gentle ping, as I slowly pick up back from vacation @Dreamsorcerer @webknjaz :)

[webknjaz]

However, at this juncture I'll basically do whatever it is that you want to get this PR merged - so if you can point me to a way to make mypy happy while also keeping your intermediate variables I'll do so :)

I suppose you're talking about this 524c04d (#7131). I don't like complex clauses but if this bothers mypy, it's probably fine to do what you did for now. Wonder if explicit annotations on the vars would help...

[patchback]

Backport to 3.9: 💔 cherry-picking failed — conflicts found

❌ Failed to cleanly apply 6da0469 on top of patchback/backports/3.9/6da04694fd87a39af9c3856048c9ff23ca815f88/pr-7131

Backporting merged PR #7131 into master

1. Ensure you have a local repo clone of your fork. Unless you cloned it
   from the upstream, this would be your origin remote.
2. Make sure you have an upstream repo added as a remote too. In these
   instructions you'll refer to it by the name upstream. If you don't
   have it, here's how you can add it:

   $ git remote add upstream https://github.com/aio-libs/aiohttp.git

3. Ensure you have the latest copy of upstream and prepare a branch
   that will hold the backported code:

   $ git fetch upstream
   $ git checkout -b patchback/backports/3.9/6da04694fd87a39af9c3856048c9ff23ca815f88/pr-7131 upstream/3.9

4. Now, cherry-pick PR Support using netrc for non-proxy HTTP credentials #7131 contents into that branch:

   $ git cherry-pick -x 6da04694fd87a39af9c3856048c9ff23ca815f88

   If it'll yell at you with something like fatal: Commit 6da04694fd87a39af9c3856048c9ff23ca815f88 is a merge but no -m option was given., add -m 1 as follows instead:

   $ git cherry-pick -m1 -x 6da04694fd87a39af9c3856048c9ff23ca815f88

5. At this point, you'll probably encounter some merge conflicts. You must
   resolve them in to preserve the patch from PR Support using netrc for non-proxy HTTP credentials #7131 as close to the
   original as possible.
6. Push this branch to your fork on GitHub:

   $ git push origin patchback/backports/3.9/6da04694fd87a39af9c3856048c9ff23ca815f88/pr-7131

7. Create a PR, ensure that the CI is green. If it's not — update it so that
   the tests and any other checks pass. This is it!
   Now relax and wait for the maintainers to process your pull request
   when they have some cycles to do reviews. Don't worry — they'll tell you if
   any improvements are necessary when the time comes!

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[webknjaz]

@yuvipanda looks like manual cherry-picking is needed