HTTP Digest authentication support

[jameshilliard]

This is basically just #111 cherry-picked with merge conflicts fixed and POST Digest Authentication fixed.

[codecov-io]

Codecov Report

Merging #131 into master will decrease coverage by 0.93%.
The diff coverage is 88.1%.

@@            Coverage Diff             @@
##           master     #131      +/-   ##
==========================================
- Coverage   98.86%   97.92%   -0.94%     
==========================================
  Files          26       26              
  Lines        2285     2510     +225     
  Branches      165      183      +18     
==========================================
+ Hits         2259     2458     +199     
- Misses         14       32      +18     
- Partials       12       20       +8

Impacted Files	Coverage Δ
src/treq/test/test_treq_integration.py	96.56% <100%> (+1.27%)	⬆️
src/treq/test/test_auth.py	100% <100%> (ø)	⬆️
src/treq/auth.py	84.65% <82.46%> (-15.35%)	⬇️
src/treq/client.py	98.47% <0%> (+0.5%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2d45c82...e0d7208. Read the comment docs.

[dreid]

This shouldn't be public, if it needs to share data with the agent it should probably just be a private method on the agent.

[dreid]

The tests fail on Python 3, looks like you're trying to use a str as the header instead of a bytes.

[jameshilliard]

@dreid How would I got about fixing the issue with the header being a str instead of bytes? I'm having trouble debugging that.

[dreid]

This self (and the agent argument in _build_digest_authentication_header are redundant.

[dreid]

@jameshilliard

How would I got about fixing the issue with the header being a str instead of bytes? I'm having trouble debugging that.

Start by using byte strings (b"") everywhere internally.

[jameshilliard]

@dreid I think I've got everything converted to using byte strings, now I'm getting 401 errors instead(I verified against a production server to confirm it's not just the tests that are failing) for python 3. Any idea what might be causing authentication to fail?

[twm]

Thank you for reviving this! I did just a quick skim, no verification of the algorithms. I'm not feeling well so sorry if my comments are terse, but I wanted to get you some quick feedback.

[twm]

🎉

[glyph]

Sorry, I still have a few concerns about security here that I want to make sure are addressed in a comment or something. And we should really avoid adding new magic byte sequences without an accompanying Enum somewhere so that callers can type-check their invocations.

[jameshilliard]

Sorry, I still have a few concerns about security here that I want to make sure are addressed in a comment or something.

I refactored the header builder based on the latest version in requests so it shouldn't be any worse than that version and appears to be unlikely to be a viable attack vector in practice here in general.

And we should really avoid adding new magic byte sequences without an accompanying Enum somewhere so that callers can type-check their invocations.

I changed algorithm to use an Enum.

[jameshilliard]

@glyph Merge conflicts fixed.

[glyph]

Thanks for updating this @jameshilliard !

[jameshilliard]

@glyph Is this good to merge now?