Skip Menu |
 

This queue is for tickets about the libwww-perl CPAN distribution.

Report information
The Basics
Id: 120047
Status: resolved
Priority: 0/
Queue: libwww-perl

People
Owner: Nobody in particular
Requestors: Ladygin [...] srt-web.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Fwd: LWP small fix required
Date: Tue, 31 Jan 2017 11:43:15 +0300
To: bug-libwww-perl [...] rt.cpan.org
From: Ivan Ladygin <ladygin [...] srt-web.com>
Download (untitled) / with headers
text/plain 1.1k
LWP Digest authorisation small bag, in case response contents 2 (or more) fields WWW-Authentificate like this: /Server: Apache-Coyote/1.1// //Vary: Accept-Encoding// //WWW-Authenticate: Digest realm="1Realm", qop="auth", nonce="1485848015167:56976:56060fb913a12670c39d700055b7679d", opaque="ca05e8a9b744eb6c91c624ef9c61fb97"// //WWW-Authenticate: Digest realm="2Realm", qop="auth", nonce="1485848015167:96504:777475a2092ab30b6a23349cdb139e75", opaque="ca05e8a9b744eb6c91c624ef9c61fb97"// //Content-Length: 92// //Content-Type: text/xml;charset=UTF-8/ in this case LWP will use first realm only, so if user provide "2realm" credentials this will be ignored by LWP. (bad authorization attempt) My fix(add to LWP::UserAgent after line 393 in "sub request", before "return $class->authenticate"): / unless ($self->{basic_authentication}{$request->uri_canonical->host_port}{$$challenge{realm}}){// // $response->header("Client-Warning" =>"Undefined authentication realm '$$challenge{realm}'");// // next CHALLENGE;// // }/ this fix fill compare user defined credentials with server first response and use it only if realm name is same. Ivan Ladygin
Download (untitled) / with headers
text/plain 1.3k
On Tue Jan 31 03:43:46 2017, Ladygin@srt-web.com wrote: Show quoted text
> LWP Digest authorisation small bag, in case response contents 2 (or > more) fields WWW-Authentificate like this: > > /Server: Apache-Coyote/1.1// > //Vary: Accept-Encoding// > //WWW-Authenticate: Digest realm="1Realm", qop="auth", > nonce="1485848015167:56976:56060fb913a12670c39d700055b7679d", > opaque="ca05e8a9b744eb6c91c624ef9c61fb97"// > //WWW-Authenticate: Digest realm="2Realm", qop="auth", > nonce="1485848015167:96504:777475a2092ab30b6a23349cdb139e75", > opaque="ca05e8a9b744eb6c91c624ef9c61fb97"// > //Content-Length: 92// > //Content-Type: text/xml;charset=UTF-8/ > > in this case LWP will use first realm only, so if user provide > "2realm" > credentials this will be ignored by LWP. (bad authorization attempt) > > My fix(add to LWP::UserAgent after line 393 in "sub request", before > "return $class->authenticate"): > > / unless > ($self->{basic_authentication}{$request->uri_canonical-
> >host_port}{$$challenge{realm}}){//
> // $response->header("Client-Warning" =>"Undefined > authentication > realm '$$challenge{realm}'");// > // next CHALLENGE;// > // }/ > > this fix fill compare user defined credentials with server first > response and use it only if realm name is same. > > Ivan Ladygin
Hi Ivan, Are you able to submit a pull request for this at https://github.com/libwww-perl/libwww-perl ? Thanks, Olaf


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.