HTTPSignatureAuth modifies `self` preventing reuse
Diggsey opened this issue · comments
The add_digest
method modifies self.headers
in-place making this class unsuitable for reuse across multiple requests.
Instances of HTTPSignatureAuth are safe for reuse as long as the request method remains the same.
- This is not true: https://github.com/pyauth/requests-http-signature/blob/master/requests_http_signature/__init__.py#L78
As you can see - even if the method stays the same, if you first make a POST request with a body, and then make a POST request without a body, then this will incorrectly try to sign the (non-existent) digest header on the second request.
- Even if what you say were true, that's not a reasonable contract for this library to have. An authentication scheme should be reusable across multiple requests regardless of what HTTP method is used.
OK, that's fair. PRs are welcome if you wish to correct this behavior.
This is no longer an issue with the latest released version. Instances of HTTPSignatureAuth are safe for reuse across any type of request.