axis 68__tar.gz → 70__tar.gz

{axis-68 → axis-70}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: axis
-Version: 68
+Version: 70
 Summary: A Python library for communicating with devices from Axis Communications
 Author-email: Robert Svensson <Kane610@users.noreply.github.com>
 License: MIT
@@ -19,27 +19,24 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: aiohttp>=3.12
 Requires-Dist: faust-cchardet>=2.1.18
-Requires-Dist: httpx>=0.26
 Requires-Dist: orjson>3.9
 Requires-Dist: packaging>23
 Requires-Dist: xmltodict>=0.13.0
 Provides-Extra: requirements
 Requires-Dist: aiohttp==3.13.5; extra == "requirements"
-Requires-Dist: httpx==0.28.1; extra == "requirements"
-Requires-Dist: orjson==3.11.8; extra == "requirements"
-Requires-Dist: packaging==26.0; extra == "requirements"
+Requires-Dist: orjson==3.11.9; extra == "requirements"
+Requires-Dist: packaging==26.2; extra == "requirements"
 Requires-Dist: xmltodict==1.0.4; extra == "requirements"
 Provides-Extra: requirements-test
-Requires-Dist: mypy==1.20.0; extra == "requirements-test"
-Requires-Dist: pytest==9.0.2; extra == "requirements-test"
+Requires-Dist: mypy==2.0.0; extra == "requirements-test"
+Requires-Dist: pytest==9.0.3; extra == "requirements-test"
 Requires-Dist: pytest-aiohttp==1.1.0; extra == "requirements-test"
 Requires-Dist: pytest-asyncio==1.3.0; extra == "requirements-test"
 Requires-Dist: pytest-cov==7.1.0; extra == "requirements-test"
-Requires-Dist: respx==0.22.0; extra == "requirements-test"
-Requires-Dist: ruff==0.15.9; extra == "requirements-test"
-Requires-Dist: types-xmltodict==v1.0.1.20260113; extra == "requirements-test"
+Requires-Dist: ruff==0.15.12; extra == "requirements-test"
+Requires-Dist: types-xmltodict==v1.0.1.20260408; extra == "requirements-test"
 Provides-Extra: requirements-dev
-Requires-Dist: pre-commit==4.5.1; extra == "requirements-dev"
+Requires-Dist: pre-commit==4.6.0; extra == "requirements-dev"
 Dynamic: license-file
 
 # axis

{axis-68 → axis-70}/axis/__main__.py

@@ -113,11 +113,7 @@ async def main(
         device.stream.stop()
 
     finally:
-        session = device.config.session
-        if not isinstance(session, aiohttp.ClientSession):
-            message = "Configured session is not an aiohttp ClientSession"
-            raise RuntimeError(message)
-        await close_session(session)
+        await close_session(device.config.session)
         device.stream.stop()
 
 

axis-70/axis/interfaces/aiohttp_digest.py

@@ -0,0 +1,266 @@
+"""Aiohttp digest authentication handler.
+
+Implements library-managed RFC 2617 digest authentication for aiohttp requests
+to handle special characters in request parameters that break middleware-based auth.
+"""
+
+from __future__ import annotations
+
+import hashlib
+import logging
+import re
+import secrets
+from typing import TYPE_CHECKING, Any, cast
+from urllib.parse import quote, urlsplit
+
+from ..models.configuration import AuthScheme
+
+if TYPE_CHECKING:
+    from ..device import AxisDevice
+
+LOGGER = logging.getLogger(__name__)
+TIME_OUT = 15
+
+
+class AiohttpDigestAuth:
+    """Manages digest authentication for aiohttp requests."""
+
+    def __init__(self, device: AxisDevice) -> None:
+        """Initialize digest auth handler."""
+        self.device = device
+        self._nonce: str | None = None
+        self._nonce_count = 0
+
+    def should_use_library_digest(self, http_client: str, has_basic_auth: bool) -> bool:
+        """Return if aiohttp requests should use library-managed digest auth.
+
+        Args:
+            http_client: Name of HTTP client.
+            has_basic_auth: Whether basic auth is configured.
+
+        Returns:
+            True if library-managed digest should be used.
+
+        """
+        return (
+            http_client == "aiohttp"
+            and not has_basic_auth
+            and self.device.config.auth_scheme != AuthScheme.BASIC
+        )
+
+    def request_target(
+        self, url: str, params: dict[str, str] | None, should_encode: bool
+    ) -> tuple[str, dict[str, str] | None]:
+        """Return request URL and params for aiohttp request.
+
+        With library-managed digest auth, pre-encode params into the URL so the
+        signed URI exactly matches the request-target on the wire.
+
+        Args:
+            url: Base request URL.
+            params: Optional query parameters.
+            should_encode: Whether to pre-encode params for digest signing.
+
+        Returns:
+            Tuple of (request_url, request_params) to use in actual request.
+
+        """
+        if params is None or not should_encode:
+            return url, params
+
+        separator = "&" if "?" in url else "?"
+        encoded_parts = [
+            f"{quote(k, safe='')}={quote(v, safe='')}" for k, v in params.items()
+        ]
+        encoded_query = "&".join(encoded_parts)
+        encoded_url = f"{url}{separator}{encoded_query}"
+        return encoded_url, None
+
+    def extract_challenge(self, headers: Any) -> str | None:
+        """Return digest challenge header when present.
+
+        Args:
+            headers: Response headers (dict-like or aiohttp MultiDictProxy).
+
+        Returns:
+            Digest challenge string if present, None otherwise.
+
+        """
+        candidates: list[str] = []
+        if hasattr(headers, "getall"):
+            candidates.extend(cast("list[str]", headers.getall("WWW-Authenticate", [])))
+        else:
+            for name, value in cast("dict[str, str]", headers).items():
+                if name.lower() == "www-authenticate":
+                    candidates.append(value)
+
+        for value in candidates:
+            if value.lower().startswith("digest "):
+                return value
+        return None
+
+    def build_authorization(
+        self,
+        method: str,
+        request_url: str,
+        digest_challenge: str,
+    ) -> str | None:
+        """Build digest authorization header from challenge and request URI.
+
+        Args:
+            method: HTTP method (GET, POST, etc.).
+            request_url: Full request URL (will extract path + query).
+            digest_challenge: Digest challenge string from WWW-Authenticate header.
+
+        Returns:
+            Authorization header value or None if digest cannot be built.
+
+        """
+        challenge_values = {
+            key.lower(): value.strip('"')
+            for key, value in re.findall(
+                r"(\w+)=((?:\"[^\"]*\")|(?:[^,]+))", digest_challenge
+            )
+        }
+
+        realm = challenge_values.get("realm")
+        nonce = challenge_values.get("nonce")
+        if realm is None or nonce is None:
+            return None
+
+        algorithm = challenge_values.get("algorithm", "MD5").upper()
+        if algorithm != "MD5":
+            LOGGER.debug("Unsupported digest algorithm for aiohttp path: %s", algorithm)
+            return None
+
+        uri = self._digest_uri(request_url)
+        qop = None
+        if qop_header := challenge_values.get("qop"):
+            qop_values = [value.strip() for value in qop_header.split(",")]
+            if "auth" in qop_values:
+                qop = "auth"
+
+        username = self.device.config.username
+        password = self.device.config.password
+        ha1 = hashlib.md5(f"{username}:{realm}:{password}".encode()).hexdigest()
+        ha2 = hashlib.md5(f"{method.upper()}:{uri}".encode()).hexdigest()
+
+        parts = [
+            f'username="{username}"',
+            f'realm="{realm}"',
+            f'nonce="{nonce}"',
+            f'uri="{uri}"',
+            'algorithm="MD5"',
+        ]
+
+        if opaque := challenge_values.get("opaque"):
+            parts.append(f'opaque="{opaque}"')
+
+        if qop == "auth":
+            if nonce != self._nonce:
+                self._nonce = nonce
+                self._nonce_count = 0
+
+            self._nonce_count += 1
+            nc = f"{self._nonce_count:08x}"
+            cnonce = secrets.token_hex(8)
+            response = hashlib.md5(
+                f"{ha1}:{nonce}:{nc}:{cnonce}:{qop}:{ha2}".encode()
+            ).hexdigest()
+            parts.extend(
+                [
+                    f'response="{response}"',
+                    f"qop={qop}",
+                    f"nc={nc}",
+                    f'cnonce="{cnonce}"',
+                ]
+            )
+        else:
+            response = hashlib.md5(f"{ha1}:{nonce}:{ha2}".encode()).hexdigest()
+            parts.append(f'response="{response}"')
+
+        return f"Digest {', '.join(parts)}"
+
+    def _digest_uri(self, request_url: str) -> str:
+        """Return path + query request-target URI for digest signing.
+
+        Args:
+            request_url: Full request URL.
+
+        Returns:
+            Path and query string for digest signature.
+
+        """
+        split_result = urlsplit(request_url)
+        if split_result.query:
+            return f"{split_result.path}?{split_result.query}"
+        return split_result.path
+
+    async def perform_request(
+        self,
+        session: Any,
+        method: str,
+        url: str,
+        request_data: bytes | dict[str, str] | None,
+        headers: dict[str, str] | None,
+        params: dict[str, str] | None,
+    ) -> tuple[int, dict[str, str], bytes]:
+        """Execute aiohttp request with digest auth handling.
+
+        Args:
+            session: aiohttp ClientSession.
+            method: HTTP method.
+            url: Request URL.
+            request_data: Request body (bytes or form data).
+            headers: Request headers.
+            params: Query parameters.
+
+        Returns:
+            Tuple of (status_code, response_headers, response_content).
+
+        """
+        request_url, request_params = self.request_target(url, params, True)
+        request_headers = dict(headers) if headers is not None else {}
+
+        # First attempt without auth to get challenge
+        async with session.request(
+            method,
+            request_url,
+            data=request_data,
+            headers=request_headers,
+            params=request_params,
+            auth=None,
+            timeout=TIME_OUT,
+        ) as response:
+            response_content = await response.read()
+            response_headers = dict(response.headers)
+            if response.status != 401:
+                return response.status, response_headers, response_content
+
+            digest_challenge = self.extract_challenge(response.headers)
+            if digest_challenge is None:
+                return response.status, response_headers, response_content
+
+        # Build digest auth and retry
+        digest_authorization = self.build_authorization(
+            method=method,
+            request_url=request_url,
+            digest_challenge=digest_challenge,
+        )
+        if digest_authorization is None:
+            return 401, {}, b""
+
+        retry_headers = dict(request_headers)
+        retry_headers["Authorization"] = digest_authorization
+
+        async with session.request(
+            method,
+            request_url,
+            data=request_data,
+            headers=retry_headers,
+            params=request_params,
+            auth=None,
+            timeout=TIME_OUT,
+        ) as response:
+            response_content = await response.read()
+            return response.status, dict(response.headers), response_content

{axis-68 → axis-70}/axis/interfaces/vapix.py

@@ -7,11 +7,11 @@ import logging
 from typing import TYPE_CHECKING, Any, cast
 
 import aiohttp
-import httpx
 
 from ..errors import RequestError, raise_error
 from ..models.configuration import AuthScheme
 from ..models.pwdgrp_cgi import SecondaryGroup
+from .aiohttp_digest import AiohttpDigestAuth
 from .api_discovery import ApiDiscoveryHandler
 from .api_handler import ApiHandler, HandlerGroup
 from .applications import ApplicationsHandler
@@ -54,19 +54,14 @@ class Vapix:
     def __init__(self, device: AxisDevice) -> None:
         """Store local reference to device config."""
         self.device = device
-        self._http_client = self._client_name()
         self._aiohttp_digest_middleware: Any | None = None
+        self._aiohttp_digest_auth = AiohttpDigestAuth(device)
 
-        if self._http_client == "aiohttp":
-            if device.config.auth_scheme == AuthScheme.BASIC:
-                self.auth = self._aiohttp_basic_auth()
-            else:
-                self.auth = None
-                self._aiohttp_digest_middleware = self._aiohttp_digest_middleware_obj()
-        elif device.config.auth_scheme == AuthScheme.BASIC:
-            self.auth = httpx.BasicAuth(device.config.username, device.config.password)
+        if device.config.auth_scheme == AuthScheme.BASIC:
+            self.auth = self._aiohttp_basic_auth()
         else:
-            self.auth = httpx.DigestAuth(device.config.username, device.config.password)
+            self.auth = None
+            self._aiohttp_digest_middleware = self._aiohttp_digest_middleware_obj()
 
         # Grouped handlers are registered in handler-construction order.
         # Handlers with empty handler_groups are intentionally excluded.
@@ -325,20 +320,6 @@ class Vapix:
                 params=params,
             )
 
-        except httpx.TimeoutException as errt:
-            message = "Timeout"
-            raise RequestError(message) from errt
-
-        except httpx.TransportError as errc:
-            LOGGER.debug("%s", errc)
-            message = f"Connection error: {errc}"
-            raise RequestError(message) from errc
-
-        except httpx.RequestError as err:
-            LOGGER.debug("%s", err)
-            message = f"Unknown error: {err}"
-            raise RequestError(message) from err
-
         except TimeoutError as errt:
             message = "Timeout"
             raise RequestError(message) from errt
@@ -389,17 +370,8 @@ class Vapix:
         headers: dict[str, str] | None,
         params: dict[str, str] | None,
     ) -> tuple[int, dict[str, str], bytes]:
-        """Execute request and normalize responses from supported HTTP clients."""
-        if self._http_client == "aiohttp":
-            return await self._perform_aiohttp_request(
-                method=method,
-                url=url,
-                content=content,
-                data=data,
-                headers=headers,
-                params=params,
-            )
-        return await self._perform_httpx_request(
+        """Execute request and normalize responses."""
+        return await self._perform_aiohttp_request(
             method=method,
             url=url,
             content=content,
@@ -408,29 +380,6 @@ class Vapix:
             params=params,
         )
 
-    async def _perform_httpx_request(
-        self,
-        method: str,
-        url: str,
-        content: bytes | None,
-        data: dict[str, str] | None,
-        headers: dict[str, str] | None,
-        params: dict[str, str] | None,
-    ) -> tuple[int, dict[str, str], bytes]:
-        """Execute request with a httpx session."""
-        session = self._httpx_session()
-        response = await session.request(
-            method,
-            url,
-            content=content,
-            data=data,
-            headers=headers,
-            params=params,
-            auth=self._httpx_auth(),
-            timeout=TIME_OUT,
-        )
-        return response.status_code, dict(response.headers), response.content
-
     async def _perform_aiohttp_request(
         self,
         method: str,
@@ -445,6 +394,15 @@ class Vapix:
             content if content is not None else data
         )
         session = self._aiohttp_session()
+
+        if (
+            not self._aiohttp_auth()
+            and self.device.config.auth_scheme != AuthScheme.BASIC
+        ):
+            return await self._aiohttp_digest_auth.perform_request(
+                session, method, url, request_data, headers, params
+            )
+
         request_kwargs: dict[str, Any] = {
             "data": request_data,
             "headers": headers,
@@ -459,17 +417,9 @@ class Vapix:
             response_content = await response.read()
             return response.status, dict(response.headers), response_content
 
-    def _httpx_session(self) -> httpx.AsyncClient:
-        """Return session cast to a httpx client."""
-        return cast("httpx.AsyncClient", self.device.config.session)
-
     def _aiohttp_session(self) -> ClientSession:
         """Return session cast to an aiohttp client."""
-        return cast("ClientSession", self.device.config.session)
-
-    def _httpx_auth(self) -> httpx.Auth | None:
-        """Return auth cast for httpx requests."""
-        return cast("httpx.Auth | None", self.auth)
+        return self.device.config.session
 
     def _aiohttp_auth(self) -> AiohttpBasicAuth | None:
         """Return auth cast for aiohttp requests."""
@@ -497,10 +447,8 @@ class Vapix:
         )
 
     def _basic_auth(self) -> object:
-        """Create basic auth object for configured HTTP client."""
-        if self._http_client == "aiohttp":
-            return self._aiohttp_basic_auth()
-        return httpx.BasicAuth(self.device.config.username, self.device.config.password)
+        """Create basic auth object."""
+        return self._aiohttp_basic_auth()
 
     def _aiohttp_basic_auth(self) -> object:
         """Create aiohttp basic auth object."""
@@ -508,12 +456,6 @@ class Vapix:
             self.device.config.username, self.device.config.password
         )
 
-    def _client_name(self) -> str:
-        """Return normalized client name from configured session object."""
-        if isinstance(self.device.config.session, aiohttp.ClientSession):
-            return "aiohttp"
-        return "httpx"
-
     def _should_retry_with_basic(
         self, headers: dict[str, str], allow_auto_basic_retry: bool
     ) -> bool:
@@ -524,9 +466,6 @@ class Vapix:
         if self.device.config.auth_scheme != AuthScheme.AUTO:
             return False
 
-        if self._http_client == "httpx" and not isinstance(self.auth, httpx.DigestAuth):
-            return False
-
         expected_auth = ""
         for header_name, header_value in headers.items():
             if header_name.lower() == "www-authenticate":

{axis-68 → axis-70}/axis/models/api_discovery.py

@@ -18,16 +18,22 @@ LOGGER = logging.getLogger(__name__)
 class ApiId(enum.StrEnum):
     """The API discovery ID."""
 
+    AIR_QUALITY = "airquality"
     ANALYTICS_METADATA_CONFIG = "analytics-metadata-config"
     API_DISCOVERY = "api-discovery"
+    APPLICATION = "application"
     AUDIO_ANALYTICS = "audio-analytics"
     AUDIO_DEVICE_CONTROL = "audio-device-control"
     AUDIO_MIXER = "audio-mixer"
     AUDIO_STREAMING_CAPABILITIES = "audio-streaming-capabilities"
+    AUDIT_LOG = "audit-log"
     BASIC_DEVICE_INFO = "basic-device-info"
     CAPTURE_MODE = "capture-mode"
     CUSTOM_HTTP_HEADER = "customhttpheader"
     CUSTOM_FIRMWARE_CERTIFICATE = "custom-firmware-certificate"
+    DAY_NIGHT = "daynight"
+    DEVICE_CONFIG = "device-config"
+    DEVICE_SELF_TEST = "device-self-test"
     DISK_MANAGEMENT = "disk-management"
     DISK_NETWORK_SHARE = "disk-network-share"
     DISK_PROPERTIES = "disk-properties"
@@ -40,6 +46,7 @@ class ApiId(enum.StrEnum):
     IMAGE_SIZE = "image-size"
     IO_PORT_MANAGEMENT = "io-port-management"
     LIGHT_CONTROL = "light-control"
+    MEDIA_CGI = "media-cgi"
     MEDIA_CLIP = "mediaclip"
     MDNS_SD = "mdnssd"
     MQTT_CLIENT = "mqtt-client"
@@ -48,10 +55,12 @@ class ApiId(enum.StrEnum):
     NTP = "ntp"
     OAK = "oak"
     ON_SCREEN_CONTROLS = "onscreencontrols"
+    OPTICS_CONTROL = "optics-control"
     OVERLAY_IMAGE = "overlayimage"
     PACKAGE_MANAGER = "packagemanager"
     PARAM_CGI = "param-cgi"
     PIR_SENSOR_CONFIGURATION = "pir-sensor-configuration"
+    POWER_SETTINGS = "power-settings"
     PRIVACY_MASK = "privacy-mask"
     PTZ_CONTROL = "ptz-control"
     RECORDING = "recording"
@@ -61,17 +70,23 @@ class ApiId(enum.StrEnum):
     REMOTE_SERVICE = "remoteservice"
     REMOTE_SYSLOG = "remote-syslog"
     RTSP_OVER_WEBSOCKET = "rtsp-over-websocket"
+    SERIAL_PORT = "serial-port"
     SHUTTERGAIN_CGI = "shuttergain-cgi"
     SIGNED_VIDEO = "signed-video"
     SIP = "sip"
     SSH = "ssh"
+    STRAIGHTEN_IMAGE = "straightenimage"
     STREAM_PROFILES = "stream-profiles"
+    STREAM_STATUS = "streamstatus"
+    SUPERVISED_IO = "supervised-io"
     SYSTEM_READY = "systemready"
     TEMPERATURE_CONTROL = "temperaturecontrol"
     TIME_SERVICE = "time-service"
     UPNP = "upnp"
     USER_MANAGEMENT = "user-management"
+    VIDEO_STREAMING_INDICATOR = "video-streaming-indicator"
     VIEW_AREA = "view-area"
+    WIDGET_OVERLAY = "widget-overlay"
     ZIP_STREAM = "zipstream"
 
     UNKNOWN = "unknown"

{axis-68 → axis-70}/axis/models/configuration.py

@@ -7,9 +7,8 @@ from typing import TYPE_CHECKING
 
 if TYPE_CHECKING:
     from aiohttp import ClientSession
-    from httpx import AsyncClient
 
-    type HTTPSession = AsyncClient | ClientSession
+    type HTTPSession = ClientSession
 
 
 LOGGER = logging.getLogger(__name__)

{axis-68 → axis-70}/axis/stream_manager.py

@@ -37,6 +37,7 @@ class StreamManager:
         self.background_tasks: set[asyncio.Task[None]] = set()
         self.retry_timer: asyncio.TimerHandle | None = None
         self._starting = False
+        self._websocket_temporarily_disabled = False
 
     @property
     def stream_url(self) -> str:
@@ -84,6 +85,11 @@ class StreamManager:
         """Use websocket transport when event websocket API is available."""
         if not self.event:
             return False
+        if (
+            self._websocket_temporarily_disabled
+            and not self.device.config.websocket_force
+        ):
+            return False
         if self.device.config.websocket_force:
             return True
         return (
@@ -91,6 +97,25 @@ class StreamManager:
             and WebSocketClient.supported_by_device(self.device)
         )
 
+    def _handle_websocket_failure(self) -> None:
+        """Disable websocket for runtime when TLS certificate validation fails."""
+        if self.device.config.websocket_force:
+            return
+
+        if self.stream is None:
+            return
+
+        if not getattr(self.stream, "should_disable_runtime_websocket", False):
+            return
+
+        if not self._websocket_temporarily_disabled:
+            _LOGGER.warning(
+                "Disabling websocket events for %s until restart after certificate verification failure",
+                self.device.config.host,
+            )
+
+        self._websocket_temporarily_disabled = True
+
     @property
     def _is_stream_stopped(self) -> bool:
         """Return True when stream is missing or currently stopped."""
@@ -124,6 +149,7 @@ class StreamManager:
             self.device.event.handler(self.data)
 
         elif signal == Signal.FAILED:
+            self._handle_websocket_failure()
             self.retry()
 
         if signal in (Signal.PLAYING, Signal.FAILED):