Skip to content

[PR #11129/c0449bb5 backport][3.12] Add preemptive authentication support to DigestAuthMiddleware #11131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 4, 2025
Merged

[PR #11129/c0449bb5 backport][3.12] Add preemptive authentication support to DigestAuthMiddleware #11131

merged 1 commit into from
Jun 4, 2025

Conversation

patchback[bot]
Copy link
Contributor

@patchback patchback bot commented Jun 4, 2025

This is a backport of PR #11129 as merged into master (c0449bb).

What do these changes do?

It was discovered that DigestAuthMiddleware doesn't work for some servers because the original implementation didn't implement preemptive support.

This PR adds preemptive authentication support to DigestAuthMiddleware, following RFC 7616 Section 3.6. The middleware now remembers successful authentication challenges and automatically includes the Authorization header in subsequent requests to the same protection space.

Key changes:

  • Added preemptive parameter to DigestAuthMiddleware constructor (default: True)
  • Implemented protection space tracking based on the domain parameter from server challenges
  • When no domain is specified, the entire origin becomes the protection space
  • Added support for the stale parameter to handle expired nonces
  • The middleware only sends preemptive auth to URLs within the same protection space

Are there changes in behavior for the user?

Yes, but backwards compatible:

  • By default, the middleware now uses preemptive authentication (can be disabled with preemptive=False)
  • Subsequent requests to the same protection space will include the Authorization header automatically
  • This improves performance by avoiding unnecessary 401 round trips
  • Matches how modern web browsers handle digest authentication

Related issue number

Fixes #11128

@patchback patchback bot requested review from webknjaz and asvetlov as code owners June 4, 2025 08:29
@patchback patchback bot mentioned this pull request Jun 4, 2025
Merged
@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented Jun 4, 2025

CodSpeed Performance Report

Merging #11131 will not alter performance

Comparing patchback/backports/3.12/c0449bb5bfb49904afdc81fc26fa4634cbc66b40/pr-11129 (2c8e4d2) with 3.12 (1b9a3c6)

Summary

✅ 59 untouched benchmarks

@codecov Codecov
Copy link

codecov bot commented Jun 4, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.29%. Comparing base (1b9a3c6) to head (2c8e4d2).
Report is 1 commits behind head on 3.12.

Additional details and impacted files 
@@            Coverage Diff             @@
##             3.12   #11131      +/-   ##
==========================================
+ Coverage   98.27%   98.29%   +0.01%     
==========================================
  Files         132      132              
  Lines       42703    42908     +205     
  Branches     2342     2357      +15     
==========================================
+ Hits        41968    42176     +208     
+ Misses        560      557       -3     
  Partials      175      175
Flag Coverage Δ
CI-GHA 98.18% <100.00%> (+0.01%) ⬆️
OS-Linux 97.92% <100.00%> (+0.01%) ⬆️
OS-Windows 95.59% <100.00%> (+0.02%) ⬆️
OS-macOS 97.15% <100.00%> (+0.01%) ⬆️
Py-3.10.11 96.92% <100.00%> (+0.01%) ⬆️
Py-3.10.17 97.43% <100.00%> (+0.01%) ⬆️
Py-3.11.12 97.61% <100.00%> (+0.02%) ⬆️
Py-3.11.9 97.11% <100.00%> (+0.02%) ⬆️
Py-3.12.10 97.95% <100.00%> (+<0.01%) ⬆️
Py-3.13.3 97.94% <100.00%> (+<0.01%) ⬆️
Py-3.9.13 96.82% <100.00%> (+0.01%) ⬆️
Py-3.9.22 97.32% <100.00%> (+0.01%) ⬆️
Py-pypy7.3.16 88.88% <100.00%> (+2.24%) ⬆️
VM-macos 97.15% <100.00%> (+0.01%) ⬆️
VM-ubuntu 97.92% <100.00%> (+0.01%) ⬆️
VM-windows 95.59% <100.00%> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@bdraco bdraco merged commit 278fc1e into 3.12 Jun 4, 2025
36 checks passed
@bdraco bdraco deleted the patchback/backports/3.12/c0449bb5bfb49904afdc81fc26fa4634cbc66b40/pr-11129 branch June 4, 2025 08:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bdraco bdraco bdraco approved these changes

@webknjaz webknjaz Awaiting requested review from webknjaz webknjaz is a code owner

@asvetlov asvetlov Awaiting requested review from asvetlov asvetlov is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bdraco