Support .netrc by trust_env

[linw1995]

What do these changes do?

Support .netrc by trust_env

Are there changes in behavior for the user?

None

Related issue number

#2581

Checklist

• I think the code is well written
• Unit tests for the changes exist
• Documentation reflects the changes
• If you provide code modification, please add yourself to CONTRIBUTORS.txt
  • The format is <Name> <Surname>.
  • Please keep alphabetical order, the file is sorted by names.
• Add a new news fragment into the CHANGES folder
  • name it <issue_id>.<type> for example (588.bug)
  • if you don't have an issue_id change it to the pr id after creating the pr
  • ensure type is one of the following:
    • .feature: Signifying a new feature.
    • .bugfix: Signifying a bug fix.
    • .doc: Signifying a documentation improvement.
    • .removal: Signifying a deprecation or removal of public API.
    • .misc: A ticket has been closed, but it is not of interest to users.
  • Make sure to use full sentences with correct case and punctuation, for example: "Fix issue with non-ascii contents in doctest text files."

[asvetlov]

Could you use pathlib instead of os.path?
E.g. https://docs.python.org/3/library/pathlib.html#pathlib.Path.home for getting user home folder.

[asvetlov]

Environment names are case sensitive, according to https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html the name should be upper-cased: NETRC.

[asvetlov]

.netrc could be used not only for proxy credentials but for any resource, requests supports it.
What's about reading the file in ClientRequest.update_auth() https://github.com/aio-libs/aiohttp/blob/master/aiohttp/client_reqrep.py#L281 if no explicit auth info is provided?

[asvetlov]

Why you use tempfile module? Is tmpdir fixture functionality not enough?

[codecov-io]

Codecov Report

Merging #2584 into master will increase coverage by <.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #2584      +/-   ##
==========================================
+ Coverage   97.87%   97.88%   +<.01%     
==========================================
  Files          38       38              
  Lines        7304     7327      +23     
  Branches     1263     1268       +5     
==========================================
+ Hits         7149     7172      +23     
  Misses         51       51              
  Partials      104      104

Impacted Files	Coverage Δ
aiohttp/helpers.py	97.93% <100%> (+0.12%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f0fe923...a246e52. Read the comment docs.

[linw1995]

I'm so sorry, take so long to changes code. not familiar to pathlib, I should take more time to think then code.

[asvetlov]

No problem

[linw1995]

if I use netrc_from_env into ClientRequest.update_auth() https://github.com/aio-libs/aiohttp/blob/master/aiohttp/client_reqrep.py#L281, the ClientRequest needs to add a param trust_env. How about add it into ClientSession if no explict auth or AUTHORIZATION in headers?

aiohttp/aiohttp/client.py

Lines 252 to 265 in dbb8d9a

	if auth is None:
	auth = auth_from_url
	if auth is None:
	auth = self._default_auth
	# It would be confusing if we support explicit
	# Authorization header with auth argument
	if (headers is not None and
	auth is not None and
	hdrs.AUTHORIZATION in headers):
	raise ValueError("Cannot combine AUTHORIZATION header "
	"with AUTH argument or credentials "
	"encoded in URL")

[asvetlov]

Sorry, had no time to look on changes.
Will review tomorrow or on Tuesday.

[asvetlov]

Rename IOError to OSError -- they are aliases but OSError is the preferable name.

[asvetlov]

logins[-1] should be enough.
Please add a comment when logins[0] can be empty (file is started with tab I guess).

[linw1995]

https://github.com/requests/requests/blob/24092b11d74af0a766d9cc616622f38adb0044b9/requests/utils.py#L203-L207
Requests code shows me how to handle it, and i saw the netrc source code.
netrc.authenticators method return a (user, account, password) tuple.
I guess user and account both can be username.

        if netrc_obj and auth is None:
            auth_from_netrc = netrc_obj.authenticators(proxy.host)
            if auth_from_netrc is not None:
                # auth_from_netrc is a (`user`, `account`, `password`) tuple,
                # `user` and `account` both can be username,
                # if `user` is None, use `account`
                *logins, password = auth_from_netrc
                auth = BasicAuth(logins[0] if logins[0] else logins[-1],
                                 password)

[asvetlov]

Ok

[linw1995]

Create a .netrc or _netrc file says the netrc file should be set to at least Read (400), or Read/Write (600), unreadable to everyone else.
Is it necessity to verify that?

[asvetlov]

No, .netrc permission rules are for administration and security, no reason to raise an exception.
If user's host is not secure -- it is not aiohttp problem.

[asvetlov]

Thanks!

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a [new issue] for related bugs.
If you feel like there's important points made in this discussion, please include those exceprts into that [new issue].
[new issue]: https://github.com/aio-libs/aiohttp/issues/new