Skip to content

[PR #11129/c0449bb5 backport][3.13] Add preemptive authentication support to DigestAuthMiddleware #11132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 4, 2025
Merged

[PR #11129/c0449bb5 backport][3.13] Add preemptive authentication support to DigestAuthMiddleware #11132

merged 1 commit into from
Jun 4, 2025

Conversation

patchback[bot]
Copy link
Contributor

@patchback patchback bot commented Jun 4, 2025

This is a backport of PR #11129 as merged into master (c0449bb).

What do these changes do?

It was discovered that DigestAuthMiddleware doesn't work for some servers because the original implementation didn't implement preemptive support.

This PR adds preemptive authentication support to DigestAuthMiddleware, following RFC 7616 Section 3.6. The middleware now remembers successful authentication challenges and automatically includes the Authorization header in subsequent requests to the same protection space.

Key changes:

  • Added preemptive parameter to DigestAuthMiddleware constructor (default: True)
  • Implemented protection space tracking based on the domain parameter from server challenges
  • When no domain is specified, the entire origin becomes the protection space
  • Added support for the stale parameter to handle expired nonces
  • The middleware only sends preemptive auth to URLs within the same protection space

Are there changes in behavior for the user?

Yes, but backwards compatible:

  • By default, the middleware now uses preemptive authentication (can be disabled with preemptive=False)
  • Subsequent requests to the same protection space will include the Authorization header automatically
  • This improves performance by avoiding unnecessary 401 round trips
  • Matches how modern web browsers handle digest authentication

Related issue number

Fixes #11128

@patchback patchback bot requested review from webknjaz and asvetlov as code owners June 4, 2025 08:30
@patchback patchback bot mentioned this pull request Jun 4, 2025
Merged
@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented Jun 4, 2025

CodSpeed Performance Report

Merging #11132 will not alter performance

Comparing patchback/backports/3.13/c0449bb5bfb49904afdc81fc26fa4634cbc66b40/pr-11129 (3d51b73) with 3.13 (62abd29)

Summary

✅ 59 untouched benchmarks

@codecov Codecov
Copy link

codecov bot commented Jun 4, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (3.13@6505923). Learn more about missing BASE report.

Additional details and impacted files 
@@           Coverage Diff           @@
##             3.13   #11132   +/-   ##
=======================================
  Coverage        ?   98.29%           
=======================================
  Files           ?      132           
  Lines           ?    42908           
  Branches        ?     2356           
=======================================
  Hits            ?    42176           
  Misses          ?      557           
  Partials        ?      175
Flag Coverage Δ
CI-GHA 98.18% <100.00%> (?)
OS-Linux 97.92% <100.00%> (?)
OS-Windows 95.59% <100.00%> (?)
OS-macOS 97.15% <100.00%> (?)
Py-3.10.11 96.93% <100.00%> (?)
Py-3.10.17 97.43% <100.00%> (?)
Py-3.11.12 97.61% <100.00%> (?)
Py-3.11.9 97.10% <100.00%> (?)
Py-3.12.10 97.95% <100.00%> (?)
Py-3.13.3 97.94% <100.00%> (?)
Py-3.9.13 96.82% <100.00%> (?)
Py-3.9.22 97.32% <100.00%> (?)
Py-pypy7.3.16 79.65% <100.00%> (?)
VM-macos 97.15% <100.00%> (?)
VM-ubuntu 97.92% <100.00%> (?)
VM-windows 95.59% <100.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@bdraco bdraco merged commit 72fa2d0 into 3.13 Jun 4, 2025
36 checks passed
@bdraco bdraco deleted the patchback/backports/3.13/c0449bb5bfb49904afdc81fc26fa4634cbc66b40/pr-11129 branch June 4, 2025 08:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bdraco bdraco bdraco approved these changes

@webknjaz webknjaz Awaiting requested review from webknjaz webknjaz is a code owner

@asvetlov asvetlov Awaiting requested review from asvetlov asvetlov is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bdraco