quote qop options in Digest Auth

[bicycle1885]

Based on RFC2617 (http://tools.ietf.org/html/rfc2617), the value of
'qop-options' directive should be quoted with double quotes:

qop-options
     This directive is optional, but is made so only for backward
     compatibility with RFC 2069 [6]; it SHOULD be used by all
     implementations compliant with this version of the Digest
     scheme. If present, it is a quoted string of one or more
     tokens indicating the "quality of protection" values supported by
     the server.  The value "auth" indicates authentication; the
     value "auth-int" indicates authentication with
     integrity protection; see the

curl comamnd-line tool also appends these quotes. You can see this
by curl -v --digest --user user:passwd http://example.com/digest-auth.
Unfortunately, some minor server-side implementations seem to be sensitive
on this difference.

[bicycle1885]

These are packet dumps from wireshark. Please note the difference of quotes around the value of qop options.

curl:

0050  69 3f 6d 6f 64 65 3d 31 20 48 54 54 50 2f 31 2e   i?mode=1 HTTP/1.
0060  31 0d 0a 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e   1..Authorization
0070  3a 20 44 69 67 65 73 74 20 75 73 65 72 6e 61 6d   : Digest usernam
0080  65 3d 22 61 64 6d 69 6e 22 2c 20 72 65 61 6c 6d   e="admin", realm
0090  3d 22 2f 73 65 74 75 70 2f 22 2c 20 6e 6f 6e 63   ="/setup/", nonc
00a0  65 3d 22 63 36 33 38 30 35 63 39 30 36 36 65 31   e="c63805c9066e1
00b0  65 63 35 63 30 66 66 39 32 61 32 33 35 38 34 62   ec5c0ff92a23584b
00c0  63 38 66 22 2c 20 75 72 69 3d 22 2f 73 65 74 75   c8f", uri="/setu
00d0  70 2f 66 69 6c 65 64 6f 77 6e 6c 6f 61 64 2e 63   p/filedownload.c
00e0  67 69 3f 6d 6f 64 65 3d 31 22 2c 20 63 6e 6f 6e   gi?mode=1", cnon
00f0  63 65 3d 22 4d 54 4d 34 4e 54 59 7a 22 2c 20 6e   ce="MTM4NTYz", n
0100  63 3d 30 30 30 30 30 30 30 31 2c 20 71 6f 70 3d   c=00000001, qop=
0110  22 61 75 74 68 22 2c 20 72 65 73 70 6f 6e 73 65   "auth", response
0120  3d 22 64 32 33 31 62 32 33 32 31 63 30 39 37 35   ="d231b2321c0975
0130  37 34 39 30 31 33 32 30 37 38 30 63 33 63 39 61   74901320780c3c9a
0140  32 66 22 2c 20 61 6c 67 6f 72 69 74 68 6d 3d 22   2f", algorithm="
0150  4d 44 35 22 0d 0a 55 73 65 72 2d 41 67 65 6e 74   MD5"..User-Agent
0160  3a 20 63 75 72 6c 2f 37 2e 32 31 2e 34 20 28 75   : curl/7.21.4 (u
0170  6e 69 76 65 72 73 61 6c 2d 61 70 70 6c 65 2d 64   niversal-apple-d
0180  61 72 77 69 6e 31 31 2e 30 29 20 6c 69 62 63 75   arwin11.0) libcu
0190  72 6c 2f 37 2e 32 31 2e 34 20 4f 70 65 6e 53 53   rl/7.21.4 OpenSS
01a0  4c 2f 30 2e 39 2e 38 79 20 7a 6c 69 62 2f 31 2e   L/0.9.8y zlib/1.
01b0  32 2e 35 0d 0a 48 6f 73 74 3a 20 74 65 73 74 30   2.5..Host: test0

requests:

0080  6a 70 0d 0a 41 75 74 68 6f 72 69 7a 61 74 69 6f   jp..Authorizatio
0090  6e 3a 20 44 69 67 65 73 74 20 75 73 65 72 6e 61   n: Digest userna
00a0  6d 65 3d 22 61 64 6d 69 6e 22 2c 20 72 65 61 6c   me="admin", real
00b0  6d 3d 22 2f 73 65 74 75 70 2f 22 2c 20 6e 6f 6e   m="/setup/", non
00c0  63 65 3d 22 39 33 36 61 62 62 36 31 32 64 66 34   ce="936abb612df4
00d0  35 38 62 38 66 32 65 63 30 61 33 38 66 64 64 32   58b8f2ec0a38fdd2
00e0  34 38 34 65 22 2c 20 75 72 69 3d 22 2f 73 65 74   484e", uri="/set
00f0  75 70 2f 66 69 6c 65 64 6f 77 6e 6c 6f 61 64 2e   up/filedownload.
0100  63 67 69 3f 6d 6f 64 65 3d 31 22 2c 20 72 65 73   cgi?mode=1", res
0110  70 6f 6e 73 65 3d 22 66 64 31 30 66 31 39 64 36   ponse="fd10f19d6
0120  63 37 35 36 32 34 36 34 32 35 33 63 62 64 31 66   c7562464253cbd1f
0130  33 34 37 39 36 62 33 22 2c 20 61 6c 67 6f 72 69   34796b3", algori
0140  74 68 6d 3d 22 4d 44 35 22 2c 20 71 6f 70 3d 61   thm="MD5", qop=a
0150  75 74 68 2c 20 6e 63 3d 30 30 30 30 30 30 30 31   uth, nc=00000001
0160  2c 20 63 6e 6f 6e 63 65 3d 22 33 35 33 63 62 31   , cnonce="353cb1
0170  39 61 30 39 30 30 39 36 62 33 22 0d 0a 41 63 63   9a090096b3"..Acc
0180  65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 7a   ept-Encoding: gz
0190  69 70 2c 20 64 65 66 6c 61 74 65 2c 20 63 6f 6d   ip, deflate, com
01a0  70 72 65 73 73 0d 0a 41 63 63 65 70 74 3a 20 2a   press..Accept: *
01b0  2f 2a 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20   /*..User-Agent: 
01c0  70 79 74 68 6f 6e 2d 72 65 71 75 65 73 74 73 2f   python-requests/
01d0  32 2e 30 2e 31 20 43 50 79 74 68 6f 6e 2f 32 2e   2.0.1 CPython/2.
01e0  37 2e 35 20 44 61 72 77 69 6e 2f 31 31 2e 34 2e   7.5 Darwin/11.4.
01f0  32 0d 0a 0d 0a                                    2....

[Lukasa]

Yeah, the RFC is consistent:

      qop-options       = "qop" "=" <"> 1#qop-value <">
      qop-value         = "auth" | "auth-int" | token

We should have literal quotes there. Good spot!

[Lukasa]

Fix prepared at #1766. Thanks for reporting this! 🍰

[bicycle1885]

I hope the next release include this fix, because I'm avoiding this auth problem with my ad-hoc patch :)

[Lukasa]

@bicycle1885 Sorry, I didn't spot this was a Pull Request! Do you want to add the test I wrote in #1766 to this PR, and I'll close the other one?

[sigmavirus24]

@Lukasa if you rebase your branch off of his, you can give him credit for the fix, while adding the test yourself. You kill two birds with one stone. You both get credit for the work you did.

[Lukasa]

Ignore that, I merged your changes into #1766 so you still get the credit for your work. =)

[Lukasa]

Let's close this and track on #1766 so we don't have too many PRs for this issue.

[sigmavirus24]

👍 Thanks for taking care of that @Lukasa

[bicycle1885]

Thanks for your attention @sigmavirus24.
And I can save the cost to write a test code thanks to @Lukasa's job!