header auth matching breaks with Werkzeug>=2.3.0

[alexrashed]

With Werkzeug 2.3.0 the Authorization header parsing has been refactored quite a lot: pallets/werkzeug@0bdf9ba.
Here's an excerpt from the changeset:

• Refactor the Authorization and WWWAuthenticate header data structures.
  :issue:1769, :pr:2619
  ...
  • Neither class is a dict anymore, although they still implement getting,
    setting, and deleting auth[key] and auth.key syntax, as well as
    auth.get(key) and key in auth.
    ...

Unfortunately, this means that this class does not implement the __eq__ dunder method, which breaks this equality check:

pytest-httpserver/pytest_httpserver/httpserver.py

Lines 135 to 136 in 1df798a

	def authorization_header_value_matcher(actual: Optional[str], expected: str) -> bool:
	return parse_authorization_header(actual) == parse_authorization_header(expected)

Here's an example which works with pytest-httpserver==1.0.6 and Werkzeug==2.2.3, but breaks with Werkzeug==2.3.0:

def test_httpserver(httpserver):
    test_headers = { "Authorization": "Bearer Rooooar" }
    httpserver.expect_request("/", headers=test_headers).respond_with_data("OK")
    response = requests.get(httpserver.url_for("/"), headers=test_headers)
    assert response.ok

This could either be fixed by adjusting the matcher, or by adding the __eq__ dunder method to Werkzeug's Authorization class (which might be useful for others as well?).

[csernazs]

Hi there,

Thanks for the fine bug report!
I'll probably fix this tomorrow.

Zsolt

[davidism]

I'll implement __eq__ in Werkzeug, checking if two auths are equal makes sense.

[csernazs]

thanks @davidism!

@alexrashed, are you ok with having this fix in the next release of werkzeug?

[alexrashed]

Sure! Thanks, @davidism and @csernazs for tackling it. :)
Feel free to close this issue (or to keep it open until 2.3.1 is released).

[csernazs]

2.3.1 has been released, the tests pass, so I'm closing this