Ok, so this command example is in the documentation under basic
authentication (http://web2py.com/book/default/chapter/08#Access-
Control-and-Basic-Authentication):

wget --user=[username] --password=[password]     
http://.../[app]/[controller]/give_me_time

but this command won't work with basic authentication in web2py, as
web2py doesn't throw a 401 when the Authentication header is missing,
but a 403 (at least with the current version of wget).

In order for wget to work properly with basic authentication, one must
do
wget --user=[username] --password=[password] --auth-no-challenge
http://.../[app]/[controller]/give_me_time

The documentation on wget's --auth-no-challenge flag is as follows:
‘--auth-no-challenge’
If this option is given, Wget will send Basic HTTP authentication
information (plaintext username and password) for all requests, just
like Wget 1.10.2 and prior did by default.
Use of this option is not recommended, and is intended only to support
some few obscure servers, which never send HTTP authentication
challenges, but accept unsolicited auth info, say, in addition to form-
based authentication.

So my question is: Is there a way to get web2py to handle these
requests properly (return a 401 status code to prompt the client to
resend with credentials)?
(on a related note, it seems requests using urllib2 run into a similar
problem: 
http://stackoverflow.com/questions/2407126/python-urllib2-basic-auth-problem/2955687#2955687)

Reply via email to