Avoid requests automatic auth (#279)

ryanhiebert · singingwolfboy · commit e859dbd15b84 · 2019-01-13T15:03:23.000+01:00
diff --git a/HISTORY.rst b/HISTORY.rst
@@ -4,7 +4,7 @@ History
 UNRELEASED
 ++++++++++
 
-nothing yet
+- Avoid automatic netrc authentication for OAuth2Session.
 
 v1.1.0 (9 January 2019)
 +++++++++++++++++++++++
diff --git a/requests_oauthlib/oauth2_session.py b/requests_oauthlib/oauth2_session.py
@@ -74,6 +74,10 @@ def __init__(self, client_id=None, client=None, auto_refresh_url=None,
         self.auto_refresh_kwargs = auto_refresh_kwargs or {}
         self.token_updater = token_updater
 
+        # Ensure that requests doesn't do any automatic auth. See #278.
+        # The default behavior can be re-enabled by setting auth to None.
+        self.auth = lambda r: r
+
         # Allow customizations for non compliant providers through various
         # hooks to adjust requests and responses.
         self.compliance_hook = {
diff --git a/tests/test_oauth2_session.py b/tests/test_oauth2_session.py
@@ -1,6 +1,9 @@
 from __future__ import unicode_literals
 import json
 import time
+import tempfile
+import shutil
+import os
 from base64 import b64encode
 from copy import deepcopy
 from unittest import TestCase
@@ -242,3 +245,36 @@ def fake_send(r, **kwargs):
             self.assertIs(sess.authorized, False)
             sess.fetch_token(url)
             self.assertIs(sess.authorized, True)
+
+
+class OAuth2SessionNetrcTest(OAuth2SessionTest):
+    """Ensure that there is no magic auth handling.
+
+    By default, requests sessions have magic handling of netrc files,
+    which is undesirable for this library because it will take
+    precedence over manually set authentication headers.
+    """
+
+    def setUp(self):
+        # Set up a temporary home directory
+        self.homedir = tempfile.mkdtemp()
+        self.prehome = os.environ.get('HOME', None)
+        os.environ['HOME'] = self.homedir
+
+        # Write a .netrc file that will cause problems
+        netrc_loc = os.path.expanduser('~/.netrc')
+        with open(netrc_loc, 'w') as f:
+            f.write(
+                'machine i.b\n'
+                '  password abc123\n'
+                '  login spam@eggs.co\n'
+            )
+
+        super(OAuth2SessionNetrcTest, self).setUp()
+
+    def tearDown(self):
+        super(OAuth2SessionNetrcTest, self).tearDown()
+
+        if self.prehome is not None:
+            os.environ['HOME'] = self.prehome
+        shutil.rmtree(self.homedir)
