Simple HTTP Authentication
Simple HTTP Authentication can be achieved with the following:
from requests import post
foo = post('http://natas0.natas.labs.overthewire.org', auth=('natas0', 'natas0'))
This is technically short hand for the following:
from requests import post
from requests.auth import HTTPBasicAuth
foo = post('http://natas0.natas.labs.overthewire.org', auth=HTTPBasicAuth('natas0', 'natas0'))
HTTP Digest Authentication
HTTP Digest Authentication is done in a very similar way, Requests provides a different object for this:
from requests import post
from requests.auth import HTTPDigestAuth
foo = post('http://natas0.natas.labs.overthewire.org', auth=HTTPDigestAuth('natas0', 'natas0'))
Custom Authentication
In some cases the built in authentication mechanisms may not be enough, imagine this example:
A server is configured to accept authentication if the sender has the correct user-agent string, a certain header value and supplies the correct credentials through HTTP Basic Authentication. To achieve this a custom authentication class should be prepared, subclassing AuthBase, which is the base for Requests authentication implementations:
from requests.auth import AuthBase
from requests.auth import _basic_auth_str
from requests._internal_utils import to_native_string
class CustomAuth(AuthBase):
def __init__(self, secret_header, user_agent , username, password):
# setup any auth-related data here
self.secret_header = secret_header
self.user_agent = user_agent
self.username = username
self.password = password
def __call__(self, r):
# modify and return the request
r.headers['X-Secret'] = self.secret_header
r.headers['User-Agent'] = self.user_agent
r.headers['Authorization'] = _basic_auth_str(self.username, self.password)
return r
This can then be utilized with the following code:
foo = get('http://test.com/admin', auth=CustomAuth('SecretHeader', 'CustomUserAgent', 'user', 'password' ))