Fix infinite loop on wrong Digest Authentication

2026-06-05 22:50:18 +00:00 · 2012-04-12 16:33:15 +02:00
parent 8a055c5d42
commit c3e6c41fc1
3 changed files with 28 additions and 1 deletions
@@ -56,6 +56,8 @@ class HTTPDigestAuth(AuthBase):
    def handle_401(self, r):
        """Takes the given response and tries digest-auth, if needed."""

+        r.request.deregister_hook('response', self.handle_401)
+
        s_auth = r.headers.get('www-authenticate', '')

        if 'digest' in s_auth.lower():
@@ -408,7 +408,18 @@ class Request(object):
    def register_hook(self, event, hook):
        """Properly register a hook."""

-        return self.hooks[event].append(hook)
+        self.hooks[event].append(hook)
+
+    def deregister_hook(self,event,hook):
+        """Deregister a previously registered hook.
+        Returns True if the hook existed, False if not.
+        """
+
+        try:
+            self.hooks[event].remove(hook)
+            return True
+        except ValueError:
+            return False

    def send(self, anyway=False, prefetch=False):
        """Sends the request. Returns True of successful, False if not.
@@ -272,6 +272,20 @@ class RequestsTestSuite(TestSetup, unittest.TestCase):
            r = get(url, session=s)
            self.assertEqual(r.status_code, 200)

+    def test_DIGESTAUTH_WRONG_HTTP_401_GET(self):
+
+        for service in SERVICES:
+
+            auth = HTTPDigestAuth('user', 'wrongpass')
+            url = service('digest-auth', 'auth', 'user', 'pass')
+
+            r = get(url, auth=auth)
+            self.assertEqual(r.status_code, 401)
+
+            s = requests.session(auth=auth)
+            r = get(url, session=s)
+            self.assertEqual(r.status_code, 401)
+
    def test_POSTBIN_GET_POST_FILES(self):

        for service in SERVICES: