Issue 28291: urllib/urllib2 AbstractDigestAuthHandler locked to retried count of 5 (original) (raw)

Created on 2016-09-27 21:23 by secynic, last changed 2022-04-11 14:58 by admin.

Messages (5)
msg277549 - (view)	Author: Philip Hane (secynic) *	Date: 2016-09-27 21:23
urllib/urllib2 AbstractDigestAuthHandler is hardcoded to 5 retries (self.retried). Normally this wouldn't be an issue. Certain products link basic HTTP auth to Active Directory (yes, this shouldn't be a thing). When you have a failed login attempt lockout set on AD, this will lockout accounts on the very first failed Python basic auth attempt, if the AD lockout is set to 5 or less. In my specific use case, I was able to override request.HTTPBasicAuthHandler.__init__() and request.HTTPBasicAuthHandler.reset_retry_count() by setting self.retried=5. One way to fix this would be to add a new retry_count argument to AbstractDigestAuthHandler. I am a bit busy at the moment, but will submit a patch as soon as I get time.
msg277556 - (view)	Author: R. David Murray (r.david.murray) *	Date: 2016-09-27 22:17
For (convoluted) background, see issue 8797. A solution that uses a new would be a new feature and could only go in 3.7, but perhaps the solutions in the above issue will point to a backward compatible solution.
msg277558 - (view)	Author: Philip Hane (secynic) *	Date: 2016-09-27 22:25
It is a very limited use case; I won't gripe about 3.7+ only support. At the end of the day, even shown in the comments of that class, it shouldn't be set to a static 5 count. At least this is a very easy patch that won't affect existing code.
msg278553 - (view)	Author: orban (matorban) *	Date: 2016-10-13 09:49
Just checked (for my first contribution at cpython) this patch. For me this patch could be merge.
msg278571 - (view)	Author: R. David Murray (r.david.murray) *	Date: 2016-10-13 12:53
Well, it's missing doc changes and tests, so even if it is still applicable it isn't ready for merge yet.