-
-
Notifications
You must be signed in to change notification settings - Fork 808
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add NetRCAuth()
class.
#2535
Add NetRCAuth()
class.
#2535
Conversation
What do we think @encode/maintainers? |
httpx/_auth.py
Outdated
|
||
def auth_flow(self, request: Request) -> typing.Generator[Request, Response, None]: | ||
auth_info = self._netrc_info.authenticators(request.url.host) | ||
if auth_info is None or auth_info[2] is None: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm sorry, may I ask you why you are checking the password for None
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm asking since previously you were checking
if credentials is not None:
...
and python documentation says (link) that
If the netrc file did not contain an entry for the given host, return the tuple associated with the ‘default’ entry. If neither matching host nor default entry is available, return None.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @cdeler.
The simple version of "why" is because I was blindly following our previous implementation details here.
I've had a look into it, and I don't think the password can be None
here, but I think it can be the empty string. It looks to me like Python 3.11+ will allow the empty string for a missing password field in the netrc
file, and the previous versions will raise a parse error for missing passwords.
I think the robust thing to do here would be...
if auth_info is None or not auth_info[2]:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Demo'ing the behaviour of Python netrc
with an empty password entry...
import netrc
import tempfile
with tempfile.NamedTemporaryFile(delete=False) as t:
t.write(b"machine example.com\nlogin user\n")
t.close()
n = netrc.netrc(t.name)
print(n.authenticators("example.com"))
Python 3.11:
$ python3.11 ./example.py
('user', '', '')
Python 3.10:
$ python3.10 ./example.py
Traceback (most recent call last):
File "/Users/tomchristie/Temp/./example.py", line 8, in <module>
n = netrc.netrc(t.name)
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/netrc.py", line 31, in __init__
self._parse(file, fp, default_netrc)
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/netrc.py", line 82, in _parse
raise NetrcParseError(
netrc.NetrcParseError: malformed machine entry example.com terminated by '' (/var/folders/8s/dk9369g11yzdnsfkvbtljcjm0000gn/T/tmpipnocc0x, line 3)
Great review, thanks @cdeler - I've updated the PR to be more robust to the empty password case. |
LGTM, but have 1 small nitpick: Does it make sense to add a test + test fixture for the case when password is empty (it will add a test for the newly added check)? |
Done. |
Closes #2532
Prompted by #2532 (comment)
We currently automatically handle
netrc
authentication, which is baked directly into theClient
, and which is enabled unless the developer setstrust_env=False
.netrc
authentication.curl
command line client, which only usesnetrc
authentication if explicitly enabled.The suggest here is that we should make a behavioural change, and no longer bake
netrc
authentication directly into the client, in favor of providing an explicitNetRCAuth()
class.Some usage examples...
This would be a behavioral change and need to be part of a 0.24.0 release, but I think it's obviously more consistent and neater than our existing "netrc is a special case" behaviour.
(I had also assumed that this change would resolve issue #2088, and added a test case for this, which showed me that my assumption there was incorrect. Failing test case for that now dropped in commits ebcf77a and 02120cc.)
TODO:
netrc
auth class.NetRCAuth
class.Documentation link, for easier review... https://github.com/encode/httpx/blob/02120cccecf905a0f142b36a31cebf68974e9528/docs/advanced.md#netrc-support