2001-08-21 04:22:47 -04:00
|
|
|
|
PEP: 268
|
2001-08-20 20:02:26 -04:00
|
|
|
|
Title: Extended HTTP functionality and WebDAV
|
|
|
|
|
Version: $Revision$
|
|
|
|
|
Last-Modified: $Date$
|
|
|
|
|
Author: gstein@lyra.org (Greg Stein)
|
|
|
|
|
Status: Draft
|
|
|
|
|
Type: Standards Track
|
|
|
|
|
Created: 20-Aug-2001
|
2001-10-21 18:55:37 -04:00
|
|
|
|
Python-Version: 2.x
|
2001-08-21 16:20:22 -04:00
|
|
|
|
Post-History: 21-Aug-2001
|
2002-09-05 02:44:46 -04:00
|
|
|
|
Content-Type: text/x-rst
|
2001-08-20 20:02:26 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Abstract
|
2002-09-05 02:44:46 -04:00
|
|
|
|
========
|
2001-08-20 20:02:26 -04:00
|
|
|
|
|
|
|
|
|
This PEP discusses new modules and extended functionality for
|
2001-08-21 04:16:35 -04:00
|
|
|
|
Python's HTTP support. Notably, the addition of authenticated
|
2002-09-05 02:44:46 -04:00
|
|
|
|
requests, proxy support, authenticated proxy usage, and WebDAV_
|
2001-08-20 20:02:26 -04:00
|
|
|
|
capabilities.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Rationale
|
2002-09-05 02:44:46 -04:00
|
|
|
|
=========
|
2001-08-20 20:02:26 -04:00
|
|
|
|
|
|
|
|
|
Python has been quite popular as a result of its "batteries
|
2001-08-21 04:16:35 -04:00
|
|
|
|
included" positioning. One of the most heavily used protocols,
|
2001-08-21 04:22:47 -04:00
|
|
|
|
HTTP (see RFC 2616), has been included with Python for years
|
2002-09-05 02:44:46 -04:00
|
|
|
|
(``httplib``). However, this support has not kept up with the full
|
2001-08-21 04:22:47 -04:00
|
|
|
|
needs and requirements of many HTTP-based applications and
|
|
|
|
|
systems. In addition, new protocols based on HTTP, such as WebDAV
|
|
|
|
|
and XML-RPC, are becoming useful and are seeing increasing
|
|
|
|
|
usage. Supplying this functionality meets Python's "batteries
|
|
|
|
|
included" role and also keeps Python at the leading edge of new
|
|
|
|
|
technologies.
|
2001-08-20 20:02:26 -04:00
|
|
|
|
|
|
|
|
|
While authentication and proxy support are two very notable
|
|
|
|
|
features missing from Python's core HTTP processing, they are
|
2002-09-05 02:44:46 -04:00
|
|
|
|
minimally handled as part of Python's URL handling (``urllib`` and
|
|
|
|
|
``urllib2``). However, applications that need fine-grained or
|
2001-08-20 20:02:26 -04:00
|
|
|
|
sophisticated HTTP handling cannot make use of the features while
|
2001-08-21 04:16:35 -04:00
|
|
|
|
they reside in urllib. Refactoring these features into a location
|
2001-08-20 20:02:26 -04:00
|
|
|
|
where they can be directly associated with an HTTP connection will
|
|
|
|
|
improve their utility for both urllib and for sophisticated
|
|
|
|
|
applications.
|
|
|
|
|
|
|
|
|
|
The motivation for this PEP was from several people requesting
|
|
|
|
|
these features directly, and from a number of feature requests on
|
2001-08-21 04:16:35 -04:00
|
|
|
|
SourceForge. Since the exact form of the modules to be provided
|
2001-08-20 20:02:26 -04:00
|
|
|
|
and the classes/architecture used could be subject to debate, this
|
|
|
|
|
PEP was created to provide a focal point for those discussions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Specification
|
2002-09-05 02:44:46 -04:00
|
|
|
|
=============
|
2001-08-20 20:02:26 -04:00
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
Two modules will be added to the standard library: ``httpx`` (HTTP
|
|
|
|
|
extended functionality), and ``davlib`` (WebDAV library).
|
2001-08-21 04:16:35 -04:00
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
[ suggestions for module names are welcome; ``davlib`` has some
|
|
|
|
|
precedence, but something like ``webdav`` might be desirable ]
|
2001-08-21 04:16:35 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HTTP Authentication
|
2002-09-05 02:44:46 -04:00
|
|
|
|
-------------------
|
2001-08-21 04:16:35 -04:00
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
The ``httpx`` module will provide a mixin for performing HTTP
|
2001-08-21 04:16:35 -04:00
|
|
|
|
authentication (for both proxy and origin server
|
2002-09-05 02:44:46 -04:00
|
|
|
|
authentication). This mixin (``httpx.HandleAuthentication``) can be
|
|
|
|
|
combined with the ``HTTPConnection`` and the ``HTTPSConnection`` classes
|
2001-08-21 04:16:35 -04:00
|
|
|
|
(the mixin may possibly work with the HTTP and HTTPS compatibility
|
|
|
|
|
classes, but that is not a requirement).
|
|
|
|
|
|
|
|
|
|
The mixin will delegate the authentication process to one or more
|
|
|
|
|
"authenticator" objects, allowing multiple connections to share
|
|
|
|
|
authenticators. The use of a separate object allows for a long
|
|
|
|
|
term connection to an authentication system (e.g. LDAP). An
|
2001-08-21 16:20:22 -04:00
|
|
|
|
authenticator for the Basic and Digest mechanisms (see RFC 2617)
|
|
|
|
|
will be provided. User-supplied authenticator subclasses can be
|
|
|
|
|
registered and used by the connections.
|
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
A "credentials" object (``httpx.Credentials``) is also associated with
|
2001-08-21 16:20:22 -04:00
|
|
|
|
the mixin, and stores the credentials (e.g. username and password)
|
|
|
|
|
needed by the authenticators. Subclasses of Credentials can be
|
2001-08-21 04:16:35 -04:00
|
|
|
|
created to hold additional information (e.g. NT domain).
|
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
The mixin overrides the ``getresponse()`` method to detect ``401
|
|
|
|
|
(Unauthorized)`` and ``407 (Proxy Authentication Required)``
|
2001-08-21 04:16:35 -04:00
|
|
|
|
responses. When this is found, the response object, the
|
|
|
|
|
connection, and the credentials are passed to the authenticator
|
|
|
|
|
corresponding with the authentication scheme specified in the
|
|
|
|
|
response (multiple authenticators are tried in decreasing order of
|
|
|
|
|
security if multiple schemes are in the response). Each
|
|
|
|
|
authenticator can examine the response headers and decide whether
|
|
|
|
|
and how to resend the request with the correct authentication
|
2001-08-21 16:20:22 -04:00
|
|
|
|
headers. If no authenticator can successfully handle the
|
|
|
|
|
authentication, then an exception is raised.
|
2001-08-21 04:16:35 -04:00
|
|
|
|
|
|
|
|
|
Resending a request, with the appropriate credentials, is one of
|
|
|
|
|
the more difficult portions of the authentication system. The
|
|
|
|
|
difficulty arises in recording what was sent originally: the
|
|
|
|
|
request line, the headers, and the body. By overriding putrequest,
|
|
|
|
|
putheader, and endheaders, we can capture all but the body. Once
|
|
|
|
|
the endheaders method is called, then we capture all calls to
|
|
|
|
|
send() (until the next putrequest method call) to hold the body
|
|
|
|
|
content. The mixin will have a configurable limit for the amount
|
|
|
|
|
of data to hold in this fashion (e.g. only hold up to 100k of body
|
|
|
|
|
content). Assuming that the entire body has been stored, then we
|
|
|
|
|
can resend the request with the appropriate authentication
|
|
|
|
|
information.
|
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
If the body is too large to be stored, then the ``getresponse()``
|
2001-08-21 16:20:22 -04:00
|
|
|
|
simply returns the response object, indicating the 401 or 407
|
|
|
|
|
error. Since the authentication information has been computed and
|
|
|
|
|
cached (into the Credentials object; see below), the caller can
|
|
|
|
|
simply regenerate the request. The mixin will attach the
|
|
|
|
|
appropriate credentials.
|
|
|
|
|
|
|
|
|
|
A "protection space" (see RFC 2617, section 1.2) is defined as a
|
|
|
|
|
tuple of the host, port, and authentication realm. When a request
|
|
|
|
|
is initially sent to an HTTP server, we do not know the
|
|
|
|
|
authentication realm (the realm is only returned when
|
|
|
|
|
authentication fails). However, we do have the path from the URL,
|
|
|
|
|
and that can be useful in determining the credentials to send to
|
|
|
|
|
the server. The Basic authentication scheme is typically set up
|
2002-09-05 02:44:46 -04:00
|
|
|
|
hierarchically: the credentials for ``/path`` can be tried for
|
|
|
|
|
``/path/subpath``. The Digest authentication scheme has explicit
|
|
|
|
|
support for the hierarchical setup. The ``httpx.Credentials`` object
|
2001-08-21 16:20:22 -04:00
|
|
|
|
will store credentials for multiple protection spaces, and can be
|
|
|
|
|
looked up in two differents ways:
|
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
1) looked up using ``(host, port, path)`` -- this lookup scheme is
|
2001-08-21 16:20:22 -04:00
|
|
|
|
used when generating a request for a path where we don't know the
|
|
|
|
|
authentication realm.
|
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
2) looked up using ``(host, port, realm)`` -- this mechanism is used
|
2001-08-21 16:20:22 -04:00
|
|
|
|
during the authentication process when the server has specified
|
|
|
|
|
that the Request-URI resides within a specific realm.
|
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
The ``HandleAuthentication`` mixin will override ``putrequest()`` to
|
2001-09-10 20:34:48 -04:00
|
|
|
|
automatically insert credentials, if available. The URL from the
|
|
|
|
|
putrequest is used to determine the appropriate authentication
|
|
|
|
|
information to use.
|
2001-08-21 16:20:22 -04:00
|
|
|
|
|
|
|
|
|
It is also important to note that two sets of credentials are
|
2001-09-10 20:34:48 -04:00
|
|
|
|
used, and stored by the mixin. One set for any proxy that may be
|
|
|
|
|
used, and one used for the target origin server. Since proxies do
|
|
|
|
|
not have paths, the protection spaces in the proxy credentials
|
|
|
|
|
will always use "/" for storing and looking up via a path.
|
2001-08-21 04:16:35 -04:00
|
|
|
|
|
|
|
|
|
|
2001-08-21 16:20:22 -04:00
|
|
|
|
Proxy Handling
|
2002-09-05 02:44:46 -04:00
|
|
|
|
--------------
|
2001-08-21 04:16:35 -04:00
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
The ``httpx`` module will provide a mixin for using a proxy to perform
|
|
|
|
|
HTTP(S) operations. This mixin (``httpx.UseProxy``) can be combined
|
|
|
|
|
with the ``HTTPConnection`` and the ``HTTPSConnection`` classes (the mixin
|
2001-08-21 16:20:22 -04:00
|
|
|
|
may possibly work with the HTTP and HTTPS compatibility classes,
|
|
|
|
|
but that is not a requirement).
|
2001-08-21 04:16:35 -04:00
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
The mixin will record the ``(host, port)`` of the proxy to use. XXX
|
2001-08-21 16:20:22 -04:00
|
|
|
|
will be overridden to use this host/port combination for
|
|
|
|
|
connections and to rewrite request URLs into the absoluteURIs
|
|
|
|
|
referring to the origin server (these URIs are passed to the proxy
|
|
|
|
|
server).
|
2001-08-21 04:16:35 -04:00
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
Proxy authentication is handled by the ``httpx.HandleAuthentication``
|
|
|
|
|
class since a user may directly use ``HTTP(S)Connection`` to speak
|
2001-08-21 16:20:22 -04:00
|
|
|
|
with proxies.
|
2001-08-21 04:16:35 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
WebDAV Features
|
2002-09-05 02:44:46 -04:00
|
|
|
|
---------------
|
2001-08-21 04:16:35 -04:00
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
The ``davlib`` module will provide a mixin for sending WebDAV requests
|
|
|
|
|
to a WebDAV-enabled server. This mixin (``davlib.DAVClient``) can be
|
|
|
|
|
combined with the ``HTTPConnection`` and the ``HTTPSConnection`` classes
|
2001-08-21 16:20:22 -04:00
|
|
|
|
(the mixin may possibly work with the HTTP and HTTPS compatibility
|
|
|
|
|
classes, but that is not a requirement).
|
|
|
|
|
|
|
|
|
|
The mixin provides methods to perform the various HTTP methods
|
|
|
|
|
defined by HTTP in RFC 2616, and by WebDAV in RFC 2518.
|
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
A custom response object is used to decode ``207 (Multi-Status)``
|
2001-08-21 16:20:22 -04:00
|
|
|
|
responses. The response object will use the standard library's xml
|
|
|
|
|
package to parse the multistatus XML information, producing a
|
|
|
|
|
simple structure of objects to hold the multistatus data. Multiple
|
|
|
|
|
parsing schemes will be tried/used, in order of decreasing speed.
|
2001-08-20 20:02:26 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reference Implementation
|
2002-09-05 02:44:46 -04:00
|
|
|
|
========================
|
2001-08-20 20:02:26 -04:00
|
|
|
|
|
2001-10-21 18:55:37 -04:00
|
|
|
|
The actual (future/final) implementation is being developed in the
|
2002-09-05 02:44:46 -04:00
|
|
|
|
``/nondist/sandbox/Lib`` directory, until it is accepted and moved
|
2001-10-21 18:55:37 -04:00
|
|
|
|
into the main Lib directory.
|
2001-08-20 20:02:26 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
References
|
2002-09-05 02:44:46 -04:00
|
|
|
|
==========
|
2001-08-20 20:02:26 -04:00
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
.. _WebDAV: http://www.webdav.org/
|
2001-08-20 20:02:26 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Copyright
|
2002-09-05 02:44:46 -04:00
|
|
|
|
=========
|
2001-08-20 20:02:26 -04:00
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
This document has been placed in the public domain.
|
2001-08-20 20:02:26 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-09-05 02:44:46 -04:00
|
|
|
|
..
|
|
|
|
|
Local Variables:
|
|
|
|
|
mode: indented-text
|
|
|
|
|
indent-tabs-mode: nil
|
|
|
|
|
fill-column: 70
|
|
|
|
|
sentence-end-double-space: t
|
|
|
|
|
End:
|