requests/auth: Handle an empty 'qop' attribute in a Authenticate challenge

Some malfunctioning HTTP servers may return a qop directive with no token, as opposed to correctly omitting the qop directive completely. For example: header: WWW-Authenticate: Digest realm="foobar_api_auth", qop="", nonce="a12059eaaad0b86ece8f62f04cbafed6", algorithm="MD5", stale="false" Prior to this patch, requests would respond with a 'None' Authorization header. While the server is certainly incorrect, this patch updates requests to be more tolerant to this kind of shenaniganry. If we receive an empty string for the value of the qop attribute, we instead treat that as if the qop attribute was simply not provided. Closes #2916
author: Matt Jordan <mjordan@digium.com> 2015-12-05 09:47:00 -0600
committer: Matt Jordan <mjordan@digium.com> 2015-12-05 16:14:52 -0600
commit: 5c19d3e07b68145c7af9ad70dcaa2e48dd06b0b5 (patch)
tree: 37efa1ad4cc4f08f176ef8791dc85fbdd78d64d4 /requests/auth.py
parent: 40ce36671cfaa0ef4710638e3242561a3c7d2bb9 (diff)
download: python-requests-5c19d3e07b68145c7af9ad70dcaa2e48dd06b0b5.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/requests/auth.py b/requests/auth.py
index 8c4e847f..2af55fb5 100644
--- a/requests/auth.py
+++ b/requests/auth.py
@@ -136,7 +136,7 @@ class HTTPDigestAuth(AuthBase):
         if _algorithm == 'MD5-SESS':
             HA1 = hash_utf8('%s:%s:%s' % (HA1, nonce, cnonce))
 
-        if qop is None:
+        if not qop:
             respdig = KD(HA1, "%s:%s" % (nonce, HA2))
         elif qop == 'auth' or 'auth' in qop.split(','):
             noncebit = "%s:%s:%s:%s:%s" % (
author	Matt Jordan <mjordan@digium.com>	2015-12-05 09:47:00 -0600
committer	Matt Jordan <mjordan@digium.com>	2015-12-05 16:14:52 -0600
commit	5c19d3e07b68145c7af9ad70dcaa2e48dd06b0b5 (patch)
tree	37efa1ad4cc4f08f176ef8791dc85fbdd78d64d4 /requests/auth.py
parent	40ce36671cfaa0ef4710638e3242561a3c7d2bb9 (diff)
download	python-requests-5c19d3e07b68145c7af9ad70dcaa2e48dd06b0b5.tar.gz