Basic and Digest HTTP-Auth Implementation.

[David Reid]

Twisted currently has a server side HTTP-AUTH implementation in 
twisted.protocols.sip, this should be cleaned up and moved to a more approprate 
location, possibly twisted.python.digest or twisted.cred.digest

[David Reid]

Branched to dreid/http-auth-1475

[Glyph]

Since it's auth, cred seems more appropriate to me.

[David Reid]

Currently it's checked in as twisted/web2/httpauth.py there was some question as
to it's general usefulness and applicability to other protocols (such as SMTP
and IMAP DIGEST-MD5) and SIP.  I personally don't see any reason why there
should be any problems, except that SIP seems a little more liberal with certain
parts of the response, and SMTP and IMAP require that challenges and responses
be base64 encoded.  All of which seem to be able to be provided by subclasses of
the provided api.

The one big problem is the ICredentialFactory (both in name and what it does)
unfortunately it is a necessary object for doing http as it serves the purpose
of remembering challenges across requests.

[David Reid]

Merged forward and reorganized in http-auth-1475-2, there is still some question as to wether or not the appropriately reusable parts should be pulled out of web2, so i'm shelving that issue for a later time. Reassigning for review.

[jknight]

How do you set up a server which supports more than one kind of authentication (e.g. accepts either digest or basic?)

[David Reid]

Currently you don't. Atleast not with the same http auth wrapper. I wanted it to be as simple as possible and didn't deam multiple credential factories a worthwhile effort (at that time.) Though now that I look at the implementation it should be reasonably simple.

[radix]

• I notice there is some commented-out Auth code in http.py. now that your code obsoletes the ideas behind it, it should be deleted.
• ICredentialFactory.getChallenge is documented as requiring a 'str' return value, but both implementations return (scheme, {...}).
• ICredentialFactory.decode should probably be documented as able to raise error.LoginFailed.
• I don't think it's worth pretending DigestCalcResponse and DigestCalcHA1 are classes (I assume that's what the intenion behind their capitalization was).
• Shouldn't DigestCredentialFactory.outstanding have some occasional cleanup? Probably no need for a reactory-timer, just a check in getChallenge or decode to see if it's been so long since an item was added.
• I am slightly unhappy about checking for iter on the credentialFactories object and wrapping it in a list if it doesn't have one. But that is not a big deal.

In wrapper.py:

        self.credentialFactories = dict([(factory.scheme, factory) \
                                         for factory in credentialFactories])

• Man, you don't need no backslash! That is so C. Does C even require that? I don't know.
• What would make this branch so totally hot and awesome is if it added an example to the documentation.

[edsuom]

I'd really like to see this finished and approved.

[oubiwann]

I'm going to work on the docs, and then I'll pass it back to dreid.

[Wilfredo Sánchez Vega]

oops

[PenguinOfDoom]

Typo in authentication.xhtml -- s/propogate/propagate/

[PenguinOfDoom]

Unauthorized.Resource.init docstring describes parameter wwwAuthenticate, but init takes "factories" as the only argument.

[PenguinOfDoom]

ICredentialFactory.getChallenge should probably take the request as the argument. The request includes the peer address as well as any other information a hypothetical authentication method might need.

[edsuom]

Patch with some readability and stylistic edits

[David Reid]

(In [16848]) Merge http-auth-1475-3

Author: dreid Review: PenguinOfDoom Fixes #1475

RFC 2617 implementation of Basic and Digest authentication, with unittests and documentation.

[hawkowl]

[mass edit] Removing review from closed tickets.