When using Digest Authentication, the client resends the same request
after the server responds with the 401 "Unauthorized". However, when
doing streaming uploads, it gets stuck because the body data (a
file-like object) is already consumed at the initial request.
The patch fixes this by rewinding the file-like object before
resending the request.
In Digest Access Authentication there are two possible values (four if you
count the not-present and both cases) for authentication. We were narrowly
handling one of the four cases. Now we handle two.
Hooks sometimes have to send requests (e.g. when responding to a 401 during
authentication).
All keyword arguments should be passed along when hooks are dispatched so that
if a user wanted to use a timeout, stream, specify a cert location with the
verify flag, etc, their specification can be followed.
Related to Issue #910. Specifically, OAuth won't sign the request unless
it gets a body type that is urlencoded or multipart. This is overly
restrictive. The correct behaviour is to sign the message without
including the body as part of the signature.
Modified code to use the current fix versus the old fix, which was broken.
Co-Authored By: Timnit Gebru <tgebru@gmail.com>
Co-Authored By: Sarah Gonzalez <smar.gonz@gmail.com>
Co-Authored By: Leila Muhtasib <muhtasib@gmail.com>
Existing usage doesn't pass GET querystring parameters along to oauthlib,
so it wasn't signing those properly, which causes problems with APIs that
rely heavily on GET parameters. By passing in r.full_url instead of r.url,
oauthlib can parse out the correct parameters and sign them properly.
Currently has two issues which may be related:
- doesn't work with redirects, we try to authenticate the server a second
time with a fully completed kerberos context.
- 403 responses result in the wrong response object being returned, but
this is also true for http digest authentication due to a bug in hook
handling in general.
Cory Benfield