GNU bug report logs -
#14370
[PATCH] Write out HTTP Basic auth headers correctly
Previous Next
Reported by: Atom X Zane <atomx <at> deadlyhead.com>
Date: Wed, 8 May 2013 15:48:01 UTC
Severity: normal
Tags: patch
Done: Mark H Weaver <mhw <at> netris.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 14370 in the body.
You can then email your comments to 14370 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guile <at> gnu.org:
bug#14370; Package
guile.
(Wed, 08 May 2013 15:48:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Atom X Zane <atomx <at> deadlyhead.com>:
New bug report received and forwarded. Copy sent to
bug-guile <at> gnu.org.
(Wed, 08 May 2013 15:48:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
HTTP Basic authorization headers are not output correctly, leaving off
the user credentials in the Authorization: header.
Test case:
(let ((req (build-request
(build-uri
'http
#:host "example.com")
#:headers '((authorization
basic . "dXNlcm5hbWU6cGFzc3dvcmQ=")
))))
(write-request req (current-output-port)))
Expected output:
> GET / HTTP/1.1
> Host: example.com
> Authorization: basic dXNlcm5hbWU6cGFzc3dvcmQ=
Actual output:
> GET / HTTP/1.1
> Host: example.com
> Authorization: basic
As you can see, the user credentials aren't actually written out,
causing the server to return a "401 Authorization required" response. I
have included a patch which remedies this problem.
-- Atom X Zane
* module/web/http.scm: modify write-credentials to display the
base64-encoded concatenation of username and password if the
authorization model is 'basic
---
module/web/http.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/module/web/http.scm b/module/web/http.scm
index 35169ef..0e5db5d 100644
--- a/module/web/http.scm
+++ b/module/web/http.scm
@@ -913,10 +913,10 @@ as an ordered alist."
(define (write-credentials val port)
(display (car val) port)
+ (display #\space port)
(if (pair? (cdr val))
- (begin
- (display #\space port)
- (write-key-value-list (cdr val) port))))
+ (write-key-value-list (cdr val) port)
+ (display (cdr val) port)))
;; challenges = 1#challenge
;; challenge = auth-scheme 1*SP 1#auth-param
--
1.7.10.4
Reply sent
to
Mark H Weaver <mhw <at> netris.org>:
You have taken responsibility.
(Tue, 21 Jan 2014 22:04:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Atom X Zane <atomx <at> deadlyhead.com>:
bug acknowledged by developer.
(Tue, 21 Jan 2014 22:04:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 14370-done <at> debbugs.gnu.org (full text, mbox):
Atom X Zane <atomx <at> deadlyhead.com> writes:
> HTTP Basic authorization headers are not output correctly, leaving off
> the user credentials in the Authorization: header.
Fixed in d0d8c872afcc0e3384389171ceb32dc26df8c8a6 on the stable-2.0
branch, which will become Guile 2.0.10.
Thanks!
Mark
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Wed, 19 Feb 2014 12:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 10 years and 67 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.