Skip to content

[PR #10725/ab76c5a6 backport][3.12] Digest Authentication Middleware for aiohttp#10894

Merged
bdraco merged 1 commit into3.12from
patchback/backports/3.12/ab76c5a6ed2dcb133a10e6c0bf55b737d49654b9/pr-10725
May 20, 2025
Merged

[PR #10725/ab76c5a6 backport][3.12] Digest Authentication Middleware for aiohttp#10894
bdraco merged 1 commit into3.12from
patchback/backports/3.12/ab76c5a6ed2dcb133a10e6c0bf55b737d49654b9/pr-10725

Conversation

@patchback
Copy link
Copy Markdown
Contributor

@patchback patchback Bot commented May 20, 2025

This is a backport of PR #10725 as merged into master (ab76c5a).

What do these changes do?

Implementation Details

This middleware implements RFC 7616.

The implementation fully complies with the RFC specifications, including:

  • Support for all standard hash algorithms (MD5, SHA-256, SHA-512) and their session variants
  • Proper nonce counting and opaque value handling as required by the RFC
  • Support for both "auth" and "auth-int" quality of protection (qop) methods
  • Complete implementation of the authentication challenge/response flow

Changes

This PR adds:

  • A new DigestAuthMiddleware class that handles HTTP Digest Authentication
  • Support for multiple hashing algorithms (MD5, SHA-256, SHA-512)
  • Implementation of both "auth" and "auth-int" quality of protection (qop)
  • Automatic handling of authentication challenges and retries
  • Proper nonce counting and opaque value handling
  • Support for modern hashing algorithms as specified in RFC 7616

Are there changes in behavior for the user?

There are no changes to default behavior. It will continue to use BasicAuth, and existing uses of BasicAuth should be intact.

Is it a substantial burden for the maintainers to support this?

no

Related issue number

replaces and closes #2213 closes #4939

Checklist

  • I think the code is well written
  • Unit tests for the changes exist
  • Documentation reflects the changes
  • If you provide code modification, please add yourself to CONTRIBUTORS.txt
    • The format is <Name> <Surname>.
    • Please keep alphabetical order, the file is sorted by names.
  • Add a new news fragment into the CHANGES/ folder

    • name it <issue_or_pr_num>.<type>.rst (e.g. 588.bugfix.rst)

    • if you don't have an issue number, change it to the pull request
      number after creating the PR

      • .bugfix: A bug fix for something the maintainers deemed an
        improper undesired behavior that got corrected to match
        pre-agreed expectations.
      • .feature: A new behavior, public APIs. That sort of stuff.
      • .deprecation: A declaration of future API removals and breaking
        changes in behavior.
      • .breaking: When something public is removed in a breaking way.
        Could be deprecated in an earlier release.
      • .doc: Notable updates to the documentation structure or build
        process.
      • .packaging: Notes for downstreams about unobvious side effects
        and tooling. Changes in the test invocation considerations and
        runtime assumptions.
      • .contrib: Stuff that affects the contributor experience. e.g.
        Running tests, building the docs, setting up the development
        environment.
      • .misc: Changes that are hard to assign to any of the above
        categories.

    • Make sure to use full sentences with correct case and punctuation,
      for example:

      Fixed issue with non-ascii contents in doctest text files
-- by :user:`contributor-gh-handle`.

      Use the past tense or the present tense a non-imperative mood,
      referring to what's changed compared to the last released version
      of this project.

@TimMenninger @feus4177
@bdraco @Dreamsorcerer @patchback
Digest Authentication Middleware for aiohttp (#10725)
608feb0 
Co-authored-by: jf <[email protected]>
Co-authored-by: J. Nick Koston <[email protected]>
Co-authored-by: J. Nick Koston <[email protected]>
Co-authored-by: Sam Bull <[email protected]>
(cherry picked from commit ab76c5a)
@patchback patchback Bot requested review from asvetlov and webknjaz as code owners May 20, 2025 14:41
@patchback patchback Bot mentioned this pull request May 20, 2025
Merged
5 tasks
@bdraco bdraco enabled auto-merge (squash) May 20, 2025 14:45
@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented May 20, 2025

CodSpeed Performance Report

Merging #10894 will not alter performance

Comparing patchback/backports/3.12/ab76c5a6ed2dcb133a10e6c0bf55b737d49654b9/pr-10725 (608feb0) with 3.12 (1cfe028)

Summary

✅ 60 untouched benchmarks

@codecov
Copy link
Copy Markdown

codecov Bot commented May 20, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.15%. Comparing base (1cfe028) to head (608feb0).
⚠️ Report is 156 commits behind head on 3.12.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             3.12   #10894      +/-   ##
==========================================
+ Coverage   98.13%   98.15%   +0.02%     
==========================================
  Files         128      130       +2     
  Lines       38689    39129     +440     
  Branches     2177     2218      +41     
==========================================
+ Hits        37968    38408     +440     
  Misses        551      551              
  Partials      170      170
Flag Coverage Δ
CI-GHA 98.04% <100.00%> (+0.02%) ⬆️
OS-Linux 97.77% <100.00%> (+0.02%) ⬆️
OS-Windows 95.25% <100.00%> (+0.05%) ⬆️
OS-macOS 96.95% <100.00%> (+0.04%) ⬆️
Py-3.10.11 96.82% <100.00%> (+0.03%) ⬆️
Py-3.10.17 97.36% <100.00%> (+0.02%) ⬆️
Py-3.11.12 97.47% <100.00%> (+0.07%) ⬆️
Py-3.11.9 96.92% <100.00%> (+0.04%) ⬆️
Py-3.12.10 97.84% <100.00%> (+0.02%) ⬆️
Py-3.13.3 97.83% <100.00%> (+0.06%) ⬆️
Py-3.9.13 96.71% <100.00%> (+0.04%) ⬆️
Py-3.9.22 97.25% <100.00%> (+0.03%) ⬆️
Py-pypy7.3.16 84.41% <100.00%> (-8.92%) ⬇️
VM-macos 96.95% <100.00%> (+0.04%) ⬆️
VM-ubuntu 97.77% <100.00%> (+0.02%) ⬆️
VM-windows 95.25% <100.00%> (+0.05%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@bdraco bdraco merged commit ad7ee7c into 3.12 May 20, 2025
36 checks passed
@bdraco bdraco deleted the patchback/backports/3.12/ab76c5a6ed2dcb133a10e6c0bf55b737d49654b9/pr-10725 branch May 20, 2025 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bdraco bdraco bdraco approved these changes

@webknjaz webknjaz Awaiting requested review from webknjaz webknjaz is a code owner

@asvetlov asvetlov Awaiting requested review from asvetlov asvetlov is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bdraco @TimMenninger