[PyQt] QtNetworkAccessManager detect failed proxy authentication requests

[Paweł Miech]

Hello,

I need to provide users of my application with ability to set multiple
(possibly authenticated) network proxies. This turns out to be surprisingly
difficult and tricky.

First surprise is that NetworkAccessManager setProxy() method allows to
specify password and username when initializing QNetworkProxy object, BUT
this has NO effect on actual authentication headers. If proxy requires
authentication NAT emits signal proxyAuthenticationRequired in which you
need to explicitly set credentials on QAuthenticator object.  Now here's
where I'm stuck and confused. I can set credentials in Authenticator. If
they are correct request will go through but what if credentials are wrong?
With current implementation of this api I don't see any way to stop
processing request after requests are rejected by proxy due to bad
credentials. If user specifies bad username + password Qt will keep
retrying request till infinity with mistaken credentials.

Is there any way to stop processing requests after detecting repeated
"proxy authentication required" signal?

I was thinking about keeping some form of NAT object attribute keeping
track of proxy authentication queries, but this could be difficult to get
right - I would need to basically keep some dictionary of all requests sent
via proxy matched to number of proxy authentication required signals
emitted per request.  It seems like a hack and dirty solution.

Maybe cleaner solution would be aborting request after receiving some
signal "first proxy authentication request rejected", but this again is not
easy to do, because after receiving bad credentials proxy will just keep
responding with 407 and this response will be same no matter if this is
first or 10th request from Qt Application.

Final way is just ditching proxyAuthenticationRequired signal and setting
"Proxy-Authorization" headers manually in NAT createRequest(), this again
has the drawback of losing nice support for different authentication
methods that QAuthenticator provides. I see Authenticator supports "Basic",
"Digest-MD5", and "NLTM version 2" methods, so I'd have to write code
adding headers that would be duplicating API code to support those schemes
(I could also decide to ignore supporting those that I dont need, say
support just basic).

How would you handle problem like this? Do you think it warrants creating
some issue in Qt bug tracker? I think Qt api users should be able to easily
detect failed authentications somehow so I see lack of mechanism to detect
this as a missing feature in QT, am I right here?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.riverbankcomputing.com/pipermail/pyqt/attachments/20151220/890a029d/attachment.html>