Tell unittest.discover specifically what to look for instead of letting
them scan the entirety of our directory (which could have other
dependencies downloaded with their tests that will fail).
Closes#403
In this commit:
- when we see a Transfer-Encoding: chunked request, and the server is gunicorn,
we set environ wsgi.input_terminated, which is required by Werkzeug in the
absence of Content-Lenght, or it will empty the data stream.
- for chunked requests to non-gunicorn, return 501 Not Implemented.
The rate limiting code has been ping ponged several times, but
currently it's not there, so there is no reason to require
flask-limiter.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Our digest auth endpoint will once again return a fake cookie but will
only require it if the query-string parameter `require-cookie` is
present.
Further, this fixes a bug in the digest auth implementation in httpbin
where we were only considering the path portions of the request-uri in
the specification. RFC 7230 is very clear that the request-uri includes
the query-string if it is present which means it is necessary in our
digest auth handling.
As @kennethreitz likes to say:
> The use of Python 3 is highly preferred over Python 2. Consider upgrading
> your applications and infrastructure if you find yourself still using Python
> 2 in production today. If you are using Python 3, congratulations — you are
> indeed a person of excellent taste.
This reverts commit 2e94212886.
This didn't fix the problem, and caused other issues when using werkzeug
to execute httpbin, so let's remove it. See also: #340
- when authentication fails cookie „last_nonce” is set, this cookie is used to check that next
authentication is not used for next authentication attempt. If it is challenge response is send
with stale=true flag.
- first request with proper credentials is rejected with stale=true and cookie is set
to be able to detect that request was resent with new nonce value
- second request with proper credential is accepted since contains respective cookie value
as response cookie value is changed so next request will be rejected with stale=true again
Thomas Grainger
kennethreitz