<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Password-Protected Feeds — feedparser 5.1.3 documentation</title> <link rel="stylesheet" href="_static/default.css" type="text/css" /> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/feedparser.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '', VERSION: '5.1.3', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="_static/jquery.js"></script> <script type="text/javascript" src="_static/underscore.js"></script> <script type="text/javascript" src="_static/doctools.js"></script> <link rel="top" title="feedparser 5.1.3 documentation" href="index.html" /> <link rel="up" title="HTTP Features" href="http.html" /> <link rel="next" title="Other HTTP Headers" href="http-other.html" /> <link rel="prev" title="HTTP Redirects" href="http-redirect.html" /> </head> <body> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="http-other.html" title="Other HTTP Headers" accesskey="N">next</a> |</li> <li class="right" > <a href="http-redirect.html" title="HTTP Redirects" accesskey="P">previous</a> |</li> <li><a href="index.html">feedparser 5.1.3 documentation</a> »</li> <li><a href="http.html" accesskey="U"><abbr title="Hypertext Transfer Protocol">HTTP</abbr> Features</a> »</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <div class="section" id="password-protected-feeds"> <h1>Password-Protected Feeds<a class="headerlink" href="#password-protected-feeds" title="Permalink to this headline">¶</a></h1> <p><strong class="program">Universal Feed Parser</strong> supports downloading and parsing password-protected feeds that are protected by <abbr title="Hypertext Transfer Protocol">HTTP</abbr> authentication. Both basic and digest authentication are supported.</p> <div class="section" id="downloading-a-feed-protected-by-basic-authentication-the-easy-way"> <h2>Downloading a feed protected by basic authentication (the easy way)<a class="headerlink" href="#downloading-a-feed-protected-by-basic-authentication-the-easy-way" title="Permalink to this headline">¶</a></h2> <p>The easiest way is to embed the username and password in the feed <abbr title="Uniform Resource Locator">URL</abbr> itself.</p> <p>In this example, the username is test and the password is basic.</p> <div class="highlight-python"><div class="highlight"><pre><span class="gp">>>> </span><span class="kn">import</span> <span class="nn">feedparser</span> <span class="gp">>>> </span><span class="n">d</span> <span class="o">=</span> <span class="n">feedparser</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="s">'http://test:basic@feedparser.org/docs/examples/basic_auth.xml'</span><span class="p">)</span> <span class="gp">>>> </span><span class="n">d</span><span class="o">.</span><span class="n">feed</span><span class="o">.</span><span class="n">title</span> <span class="go">u'Sample Feed'</span> </pre></div> </div> <p>The same technique works for digest authentication. (Technically, <strong class="program">Universal Feed Parser</strong> will attempt basic authentication first, but if that fails and the server indicates that it requires digest authentication, <strong class="program">Universal Feed Parser</strong> will automatically re-request the feed with the appropriate digest authentication headers. <em>This means that this technique will send your password to the server in an easily decryptable form.</em>)</p> </div> <div class="section" id="downloading-a-feed-protected-by-digest-authentication-the-easy-but-horribly-insecure-way"> <span id="example-auth-inline-digest"></span><h2>Downloading a feed protected by digest authentication (the easy but horribly insecure way)<a class="headerlink" href="#downloading-a-feed-protected-by-digest-authentication-the-easy-but-horribly-insecure-way" title="Permalink to this headline">¶</a></h2> <p>In this example, the username is test and the password is digest.</p> <div class="highlight-python"><div class="highlight"><pre><span class="gp">>>> </span><span class="kn">import</span> <span class="nn">feedparser</span> <span class="gp">>>> </span><span class="n">d</span> <span class="o">=</span> <span class="n">feedparser</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="s">'http://test:digest@feedparser.org/docs/examples/digest_auth.xml'</span><span class="p">)</span> <span class="gp">>>> </span><span class="n">d</span><span class="o">.</span><span class="n">feed</span><span class="o">.</span><span class="n">title</span> <span class="go">u'Sample Feed'</span> </pre></div> </div> <p>You can also construct a HTTPBasicAuthHandler that contains the password information, then pass that as a handler to the <tt class="docutils literal"><span class="pre">parse</span></tt> function. HTTPBasicAuthHandler is part of the standard <a class="reference external" href="http://docs.python.org/lib/module-urllib2.html">urllib2</a> module.</p> </div> <div class="section" id="downloading-a-feed-protected-by-http-basic-authentication-the-hard-way"> <h2>Downloading a feed protected by <abbr title="Hypertext Transfer Protocol">HTTP</abbr> basic authentication (the hard way)<a class="headerlink" href="#downloading-a-feed-protected-by-http-basic-authentication-the-hard-way" title="Permalink to this headline">¶</a></h2> <div class="highlight-python"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">urllib2</span><span class="o">,</span> <span class="nn">feedparser</span> <span class="c"># Construct the authentication handler</span> <span class="n">auth</span> <span class="o">=</span> <span class="n">urllib2</span><span class="o">.</span><span class="n">HTTPBasicAuthHandler</span><span class="p">()</span> <span class="c"># Add password information: realm, host, user, password.</span> <span class="c"># A single handler can contain passwords for multiple sites;</span> <span class="c"># urllib2 will sort out which passwords get sent to which sites</span> <span class="c"># based on the realm and host of the URL you're retrieving</span> <span class="n">auth</span><span class="o">.</span><span class="n">add_password</span><span class="p">(</span><span class="s">'BasicTest'</span><span class="p">,</span> <span class="s">'feedparser.org'</span><span class="p">,</span> <span class="s">'test'</span><span class="p">,</span> <span class="s">'basic'</span><span class="p">)</span> <span class="c"># Pass the authentication handler to the feed parser.</span> <span class="c"># handlers is a list because there might be more than one</span> <span class="c"># type of handler (urllib2 defines lots of different ones,</span> <span class="c"># and you can build your own)</span> <span class="n">d</span> <span class="o">=</span> <span class="n">feedparser</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="s">'http://feedparser.org/docs/examples/basic_auth.xml'</span><span class="p">,</span> <span class="n">handlers</span><span class="o">=</span><span class="p">[</span><span class="n">auth</span><span class="p">])</span> </pre></div> </div> <p>Digest authentication is handled in much the same way, by constructing an HTTPDigestAuthHandler and populating it with the necessary realm, host, user, and password information. This is more secure than <a class="reference internal" href="#example-auth-inline-digest"><em>stuffing the username and password in the URL</em></a>, since the password will be encrypted before being sent to the server.</p> </div> <div class="section" id="downloading-a-feed-protected-by-http-digest-authentication-the-secure-way"> <h2>Downloading a feed protected by <abbr title="Hypertext Transfer Protocol">HTTP</abbr> digest authentication (the secure way)<a class="headerlink" href="#downloading-a-feed-protected-by-http-digest-authentication-the-secure-way" title="Permalink to this headline">¶</a></h2> <div class="highlight-python"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">urllib2</span><span class="o">,</span> <span class="nn">feedparser</span> <span class="n">auth</span> <span class="o">=</span> <span class="n">urllib2</span><span class="o">.</span><span class="n">HTTPDigestAuthHandler</span><span class="p">()</span> <span class="n">auth</span><span class="o">.</span><span class="n">add_password</span><span class="p">(</span><span class="s">'DigestTest'</span><span class="p">,</span> <span class="s">'feedparser.org'</span><span class="p">,</span> <span class="s">'test'</span><span class="p">,</span> <span class="s">'digest'</span><span class="p">)</span> <span class="n">d</span> <span class="o">=</span> <span class="n">feedparser</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="s">'http://feedparser.org/docs/examples/digest_auth.xml'</span><span class="p">,</span> <span class="n">handlers</span><span class="o">=</span><span class="p">[</span><span class="n">auth</span><span class="p">])</span> </pre></div> </div> <p>The examples so far have assumed that you know in advance that the feed is password-protected. But what if you don’t know?</p> <p>If you try to download a password-protected feed without sending all the proper password information, the server will return an <abbr title="Hypertext Transfer Protocol">HTTP</abbr> status code <tt class="docutils literal"><span class="pre">401</span></tt>. <strong class="program">Universal Feed Parser</strong> makes this status code available in <tt class="docutils literal"><span class="pre">d.status</span></tt>.</p> <p>Details on the authentication scheme are in <tt class="docutils literal"><span class="pre">d.headers['www-authenticate']</span></tt>. <strong class="program">Universal Feed Parser</strong> does not do any further parsing on this field; you will need to parse it yourself. Everything before the first space is the type of authentication (probably <tt class="docutils literal"><span class="pre">Basic</span></tt> or <tt class="docutils literal"><span class="pre">Digest</span></tt>), which controls which type of handler you’ll need to construct. The realm name is given as realm=”foo” – so foo would be your first argument to auth.add_password. Other information in the www-authenticate header is probably safe to ignore; the <tt class="file docutils literal"><span class="pre">urllib2</span></tt> module will handle it for you.</p> </div> <div class="section" id="determining-that-a-feed-is-password-protected"> <h2>Determining that a feed is password-protected<a class="headerlink" href="#determining-that-a-feed-is-password-protected" title="Permalink to this headline">¶</a></h2> <div class="highlight-python"><div class="highlight"><pre><span class="gp">>>> </span><span class="kn">import</span> <span class="nn">feedparser</span> <span class="gp">>>> </span><span class="n">d</span> <span class="o">=</span> <span class="n">feedparser</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="s">'http://feedparser.org/docs/examples/basic_auth.xml'</span><span class="p">)</span> <span class="gp">>>> </span><span class="n">d</span><span class="o">.</span><span class="n">status</span> <span class="go">401</span> <span class="gp">>>> </span><span class="n">d</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s">'www-authenticate'</span><span class="p">]</span> <span class="go">'Basic realm="Use test/basic"'</span> <span class="gp">>>> </span><span class="n">d</span> <span class="o">=</span> <span class="n">feedparser</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="s">'http://feedparser.org/docs/examples/digest_auth.xml'</span><span class="p">)</span> <span class="gp">>>> </span><span class="n">d</span><span class="o">.</span><span class="n">status</span> <span class="go">401</span> <span class="gp">>>> </span><span class="n">d</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s">'www-authenticate'</span><span class="p">]</span> <span class="go">'Digest realm="DigestTest",</span> <span class="go">nonce="+LV/uLLdAwA=5d77397291261b9ef256b034e19bcb94f5b7992a",</span> <span class="go">algorithm=MD5,</span> <span class="go">qop="auth"'</span> </pre></div> </div> </div> </div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <h3><a href="index.html">Table Of Contents</a></h3> <ul> <li><a class="reference internal" href="#">Password-Protected Feeds</a><ul> <li><a class="reference internal" href="#downloading-a-feed-protected-by-basic-authentication-the-easy-way">Downloading a feed protected by basic authentication (the easy way)</a></li> <li><a class="reference internal" href="#downloading-a-feed-protected-by-digest-authentication-the-easy-but-horribly-insecure-way">Downloading a feed protected by digest authentication (the easy but horribly insecure way)</a></li> <li><a class="reference internal" href="#downloading-a-feed-protected-by-http-basic-authentication-the-hard-way">Downloading a feed protected by <abbr title="Hypertext Transfer Protocol">HTTP</abbr> basic authentication (the hard way)</a></li> <li><a class="reference internal" href="#downloading-a-feed-protected-by-http-digest-authentication-the-secure-way">Downloading a feed protected by <abbr title="Hypertext Transfer Protocol">HTTP</abbr> digest authentication (the secure way)</a></li> <li><a class="reference internal" href="#determining-that-a-feed-is-password-protected">Determining that a feed is password-protected</a></li> </ul> </li> </ul> <h4>Previous topic</h4> <p class="topless"><a href="http-redirect.html" title="previous chapter"><abbr title="Hypertext Transfer Protocol">HTTP</abbr> Redirects</a></p> <h4>Next topic</h4> <p class="topless"><a href="http-other.html" title="next chapter">Other <abbr title="Hypertext Transfer Protocol">HTTP</abbr> Headers</a></p> <h3>This Page</h3> <ul class="this-page-menu"> <li><a href="_sources/http-authentication.txt" rel="nofollow">Show Source</a></li> </ul> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="http-other.html" title="Other HTTP Headers" >next</a> |</li> <li class="right" > <a href="http-redirect.html" title="HTTP Redirects" >previous</a> |</li> <li><a href="index.html">feedparser 5.1.3 documentation</a> »</li> <li><a href="http.html" ><abbr title="Hypertext Transfer Protocol">HTTP</abbr> Features</a> »</li> </ul> </div> <div class="footer"> © Copyright 2004-2008 Mark Pilgrim, 2010-2012 Kurt McKee. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. </div> </body> </html>