<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Password-Protected Feeds — feedparser 5.1.3 documentation</title>
<link rel="stylesheet" href="_static/default.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="_static/feedparser.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '',
VERSION: '5.1.3',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="feedparser 5.1.3 documentation" href="index.html" />
<link rel="up" title="HTTP Features" href="http.html" />
<link rel="next" title="Other HTTP Headers" href="http-other.html" />
<link rel="prev" title="HTTP Redirects" href="http-redirect.html" />
</head>
<body>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="http-other.html" title="Other HTTP Headers"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="http-redirect.html" title="HTTP Redirects"
accesskey="P">previous</a> |</li>
<li><a href="index.html">feedparser 5.1.3 documentation</a> »</li>
<li><a href="http.html" accesskey="U"><abbr title="Hypertext Transfer Protocol">HTTP</abbr> Features</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<div class="section" id="password-protected-feeds">
<h1>Password-Protected Feeds<a class="headerlink" href="#password-protected-feeds" title="Permalink to this headline">¶</a></h1>
<p><strong class="program">Universal Feed Parser</strong> supports downloading and parsing
password-protected feeds that are protected by <abbr title="Hypertext Transfer Protocol">HTTP</abbr>
authentication. Both basic and digest authentication are supported.</p>
<div class="section" id="downloading-a-feed-protected-by-basic-authentication-the-easy-way">
<h2>Downloading a feed protected by basic authentication (the easy way)<a class="headerlink" href="#downloading-a-feed-protected-by-basic-authentication-the-easy-way" title="Permalink to this headline">¶</a></h2>
<p>The easiest way is to embed the username and password in the feed
<abbr title="Uniform Resource Locator">URL</abbr> itself.</p>
<p>In this example, the username is test and the password is basic.</p>
<div class="highlight-python"><div class="highlight"><pre><span class="gp">>>> </span><span class="kn">import</span> <span class="nn">feedparser</span>
<span class="gp">>>> </span><span class="n">d</span> <span class="o">=</span> <span class="n">feedparser</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="s">'http://test:basic@feedparser.org/docs/examples/basic_auth.xml'</span><span class="p">)</span>
<span class="gp">>>> </span><span class="n">d</span><span class="o">.</span><span class="n">feed</span><span class="o">.</span><span class="n">title</span>
<span class="go">u'Sample Feed'</span>
</pre></div>
</div>
<p>The same technique works for digest authentication. (Technically,
<strong class="program">Universal Feed Parser</strong> will attempt basic authentication first, but
if that fails and the server indicates that it requires digest authentication,
<strong class="program">Universal Feed Parser</strong> will automatically re-request the feed with
the appropriate digest authentication headers. <em>This means that this technique
will send your password to the server in an easily decryptable form.</em>)</p>
</div>
<div class="section" id="downloading-a-feed-protected-by-digest-authentication-the-easy-but-horribly-insecure-way">
<span id="example-auth-inline-digest"></span><h2>Downloading a feed protected by digest authentication (the easy but horribly insecure way)<a class="headerlink" href="#downloading-a-feed-protected-by-digest-authentication-the-easy-but-horribly-insecure-way" title="Permalink to this headline">¶</a></h2>
<p>In this example, the username is test and the password is digest.</p>
<div class="highlight-python"><div class="highlight"><pre><span class="gp">>>> </span><span class="kn">import</span> <span class="nn">feedparser</span>
<span class="gp">>>> </span><span class="n">d</span> <span class="o">=</span> <span class="n">feedparser</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="s">'http://test:digest@feedparser.org/docs/examples/digest_auth.xml'</span><span class="p">)</span>
<span class="gp">>>> </span><span class="n">d</span><span class="o">.</span><span class="n">feed</span><span class="o">.</span><span class="n">title</span>
<span class="go">u'Sample Feed'</span>
</pre></div>
</div>
<p>You can also construct a HTTPBasicAuthHandler that contains the password
information, then pass that as a handler to the <tt class="docutils literal"><span class="pre">parse</span></tt> function.
HTTPBasicAuthHandler is part of the standard <a class="reference external" href="http://docs.python.org/lib/module-urllib2.html">urllib2</a> module.</p>
</div>
<div class="section" id="downloading-a-feed-protected-by-http-basic-authentication-the-hard-way">
<h2>Downloading a feed protected by <abbr title="Hypertext Transfer Protocol">HTTP</abbr> basic authentication (the hard way)<a class="headerlink" href="#downloading-a-feed-protected-by-http-basic-authentication-the-hard-way" title="Permalink to this headline">¶</a></h2>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">urllib2</span><span class="o">,</span> <span class="nn">feedparser</span>
<span class="c"># Construct the authentication handler</span>
<span class="n">auth</span> <span class="o">=</span> <span class="n">urllib2</span><span class="o">.</span><span class="n">HTTPBasicAuthHandler</span><span class="p">()</span>
<span class="c"># Add password information: realm, host, user, password.</span>
<span class="c"># A single handler can contain passwords for multiple sites;</span>
<span class="c"># urllib2 will sort out which passwords get sent to which sites</span>
<span class="c"># based on the realm and host of the URL you're retrieving</span>
<span class="n">auth</span><span class="o">.</span><span class="n">add_password</span><span class="p">(</span><span class="s">'BasicTest'</span><span class="p">,</span> <span class="s">'feedparser.org'</span><span class="p">,</span> <span class="s">'test'</span><span class="p">,</span> <span class="s">'basic'</span><span class="p">)</span>
<span class="c"># Pass the authentication handler to the feed parser.</span>
<span class="c"># handlers is a list because there might be more than one</span>
<span class="c"># type of handler (urllib2 defines lots of different ones,</span>
<span class="c"># and you can build your own)</span>
<span class="n">d</span> <span class="o">=</span> <span class="n">feedparser</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="s">'http://feedparser.org/docs/examples/basic_auth.xml'</span><span class="p">,</span>
<span class="n">handlers</span><span class="o">=</span><span class="p">[</span><span class="n">auth</span><span class="p">])</span>
</pre></div>
</div>
<p>Digest authentication is handled in much the same way, by constructing an
HTTPDigestAuthHandler and populating it with the necessary realm, host, user,
and password information. This is more secure than
<a class="reference internal" href="#example-auth-inline-digest"><em>stuffing the username and password in the URL</em></a>,
since the password will be encrypted before being sent to the server.</p>
</div>
<div class="section" id="downloading-a-feed-protected-by-http-digest-authentication-the-secure-way">
<h2>Downloading a feed protected by <abbr title="Hypertext Transfer Protocol">HTTP</abbr> digest authentication (the secure way)<a class="headerlink" href="#downloading-a-feed-protected-by-http-digest-authentication-the-secure-way" title="Permalink to this headline">¶</a></h2>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">urllib2</span><span class="o">,</span> <span class="nn">feedparser</span>
<span class="n">auth</span> <span class="o">=</span> <span class="n">urllib2</span><span class="o">.</span><span class="n">HTTPDigestAuthHandler</span><span class="p">()</span>
<span class="n">auth</span><span class="o">.</span><span class="n">add_password</span><span class="p">(</span><span class="s">'DigestTest'</span><span class="p">,</span> <span class="s">'feedparser.org'</span><span class="p">,</span> <span class="s">'test'</span><span class="p">,</span> <span class="s">'digest'</span><span class="p">)</span>
<span class="n">d</span> <span class="o">=</span> <span class="n">feedparser</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="s">'http://feedparser.org/docs/examples/digest_auth.xml'</span><span class="p">,</span>
<span class="n">handlers</span><span class="o">=</span><span class="p">[</span><span class="n">auth</span><span class="p">])</span>
</pre></div>
</div>
<p>The examples so far have assumed that you know in advance that the feed is
password-protected. But what if you don’t know?</p>
<p>If you try to download a password-protected feed without sending all the proper
password information, the server will return an
<abbr title="Hypertext Transfer Protocol">HTTP</abbr> status code <tt class="docutils literal"><span class="pre">401</span></tt>.
<strong class="program">Universal Feed Parser</strong> makes this status code available in
<tt class="docutils literal"><span class="pre">d.status</span></tt>.</p>
<p>Details on the authentication scheme are in <tt class="docutils literal"><span class="pre">d.headers['www-authenticate']</span></tt>.
<strong class="program">Universal Feed Parser</strong> does not do any further parsing on this field;
you will need to parse it yourself. Everything before the first space is the
type of authentication (probably <tt class="docutils literal"><span class="pre">Basic</span></tt> or <tt class="docutils literal"><span class="pre">Digest</span></tt>), which controls which
type of handler you’ll need to construct. The realm name is given as
realm=”foo” – so foo would be your first argument to auth.add_password. Other
information in the www-authenticate header is probably safe to ignore; the
<tt class="file docutils literal"><span class="pre">urllib2</span></tt> module will handle it for you.</p>
</div>
<div class="section" id="determining-that-a-feed-is-password-protected">
<h2>Determining that a feed is password-protected<a class="headerlink" href="#determining-that-a-feed-is-password-protected" title="Permalink to this headline">¶</a></h2>
<div class="highlight-python"><div class="highlight"><pre><span class="gp">>>> </span><span class="kn">import</span> <span class="nn">feedparser</span>
<span class="gp">>>> </span><span class="n">d</span> <span class="o">=</span> <span class="n">feedparser</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="s">'http://feedparser.org/docs/examples/basic_auth.xml'</span><span class="p">)</span>
<span class="gp">>>> </span><span class="n">d</span><span class="o">.</span><span class="n">status</span>
<span class="go">401</span>
<span class="gp">>>> </span><span class="n">d</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s">'www-authenticate'</span><span class="p">]</span>
<span class="go">'Basic realm="Use test/basic"'</span>
<span class="gp">>>> </span><span class="n">d</span> <span class="o">=</span> <span class="n">feedparser</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="s">'http://feedparser.org/docs/examples/digest_auth.xml'</span><span class="p">)</span>
<span class="gp">>>> </span><span class="n">d</span><span class="o">.</span><span class="n">status</span>
<span class="go">401</span>
<span class="gp">>>> </span><span class="n">d</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s">'www-authenticate'</span><span class="p">]</span>
<span class="go">'Digest realm="DigestTest",</span>
<span class="go">nonce="+LV/uLLdAwA=5d77397291261b9ef256b034e19bcb94f5b7992a",</span>
<span class="go">algorithm=MD5,</span>
<span class="go">qop="auth"'</span>
</pre></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<h3><a href="index.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">Password-Protected Feeds</a><ul>
<li><a class="reference internal" href="#downloading-a-feed-protected-by-basic-authentication-the-easy-way">Downloading a feed protected by basic authentication (the easy way)</a></li>
<li><a class="reference internal" href="#downloading-a-feed-protected-by-digest-authentication-the-easy-but-horribly-insecure-way">Downloading a feed protected by digest authentication (the easy but horribly insecure way)</a></li>
<li><a class="reference internal" href="#downloading-a-feed-protected-by-http-basic-authentication-the-hard-way">Downloading a feed protected by <abbr title="Hypertext Transfer Protocol">HTTP</abbr> basic authentication (the hard way)</a></li>
<li><a class="reference internal" href="#downloading-a-feed-protected-by-http-digest-authentication-the-secure-way">Downloading a feed protected by <abbr title="Hypertext Transfer Protocol">HTTP</abbr> digest authentication (the secure way)</a></li>
<li><a class="reference internal" href="#determining-that-a-feed-is-password-protected">Determining that a feed is password-protected</a></li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="http-redirect.html"
title="previous chapter"><abbr title="Hypertext Transfer Protocol">HTTP</abbr> Redirects</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="http-other.html"
title="next chapter">Other <abbr title="Hypertext Transfer Protocol">HTTP</abbr> Headers</a></p>
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="_sources/http-authentication.txt"
rel="nofollow">Show Source</a></li>
</ul>
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="http-other.html" title="Other HTTP Headers"
>next</a> |</li>
<li class="right" >
<a href="http-redirect.html" title="HTTP Redirects"
>previous</a> |</li>
<li><a href="index.html">feedparser 5.1.3 documentation</a> »</li>
<li><a href="http.html" ><abbr title="Hypertext Transfer Protocol">HTTP</abbr> Features</a> »</li>
</ul>
</div>
<div class="footer">
© Copyright 2004-2008 Mark Pilgrim, 2010-2012 Kurt McKee.
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
</div>
</body>
</html>
