From unknown Sat Aug 09 20:51:15 2025 X-Loop: help-debbugs@gnu.org Subject: bug#14370: [PATCH] Write out HTTP Basic auth headers correctly Resent-From: Atom X Zane Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-guile@gnu.org Resent-Date: Wed, 08 May 2013 15:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 14370 X-GNU-PR-Package: guile X-GNU-PR-Keywords: patch To: 14370@debbugs.gnu.org X-Debbugs-Original-To: bug-guile@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.136802803325337 (code B ref -1); Wed, 08 May 2013 15:48:01 +0000 Received: (at submit) by debbugs.gnu.org; 8 May 2013 15:47:13 +0000 Received: from localhost ([127.0.0.1]:34006 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1Ua6aG-0006ab-EX for submit@debbugs.gnu.org; Wed, 08 May 2013 11:47:13 -0400 Received: from eggs.gnu.org ([208.118.235.92]:47475) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1Ua1G1-0002OK-F7 for submit@debbugs.gnu.org; Wed, 08 May 2013 06:06:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Ua1Es-00040V-1S for submit@debbugs.gnu.org; Wed, 08 May 2013 06:04:49 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-100.0 required=5.0 tests=BAYES_40, RCVD_IN_DNSWL_NONE, T_DKIM_INVALID,USER_IN_WHITELIST autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([208.118.235.17]:48472) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ua1Er-00040R-Uf for submit@debbugs.gnu.org; Wed, 08 May 2013 06:04:45 -0400 Received: from eggs.gnu.org ([208.118.235.92]:58813) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ua1Eo-0003Cy-0J for bug-guile@gnu.org; Wed, 08 May 2013 06:04:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Ua1Eh-0003z3-Ug for bug-guile@gnu.org; Wed, 08 May 2013 06:04:41 -0400 Received: from caibbdcaaaaf.dreamhost.com ([208.113.200.5]:45481 helo=homiemail-a93.g.dreamhost.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ua1Eh-0003yt-Ok for bug-guile@gnu.org; Wed, 08 May 2013 06:04:35 -0400 Received: from homiemail-a93.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a93.g.dreamhost.com (Postfix) with ESMTP id 5286484065 for ; Wed, 8 May 2013 03:04:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=deadlyhead.com; h=from:to :subject:date:message-id:mime-version:content-type; s= deadlyhead.com; bh=2AMQs6IpO39zKxUg1KqoajEO3OE=; b=YWtMxzIfgb7QO 4lcDlt52C2MFBVQ271BG2t5RBRlNwWLfVC7jK/yAxsAElIcZXn+A1n0TTBr7fD/X HmU0/1QhRSbyhTPPAprmyCl98MXBLe0mEKV6PFShM1kB1qIx/QIYVH21Afci6Rur H0UZ2PPaZXsFzmQmEM5/PLPn0Vay0w= Received: from atomx.deadlyhead.home.deadlyhead.com (cpe-172-250-30-16.socal.res.rr.com [172.250.30.16]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: atom@deadlyhead.com) by homiemail-a93.g.dreamhost.com (Postfix) with ESMTPSA id 338A38405C for ; Wed, 8 May 2013 03:04:35 -0700 (PDT) From: Atom X Zane Date: Wed, 8 May 2013 01:50:15 -0700 Message-ID: <87haidvlcd.fsf@atomx.deadlyhead.home> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 208.118.235.17 X-Spam-Score: -6.9 (------) X-Mailman-Approved-At: Wed, 08 May 2013 11:47:10 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -6.9 (------) HTTP Basic authorization headers are not output correctly, leaving off the user credentials in the Authorization: header. Test case: (let ((req (build-request (build-uri 'http #:host "example.com") #:headers '((authorization basic . "dXNlcm5hbWU6cGFzc3dvcmQ=") )))) (write-request req (current-output-port))) Expected output: > GET / HTTP/1.1 > Host: example.com > Authorization: basic dXNlcm5hbWU6cGFzc3dvcmQ= Actual output: > GET / HTTP/1.1 > Host: example.com > Authorization: basic As you can see, the user credentials aren't actually written out, causing the server to return a "401 Authorization required" response. I have included a patch which remedies this problem. -- Atom X Zane * module/web/http.scm: modify write-credentials to display the base64-encoded concatenation of username and password if the authorization model is 'basic --- module/web/http.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/module/web/http.scm b/module/web/http.scm index 35169ef..0e5db5d 100644 --- a/module/web/http.scm +++ b/module/web/http.scm @@ -913,10 +913,10 @@ as an ordered alist." (define (write-credentials val port) (display (car val) port) + (display #\space port) (if (pair? (cdr val)) - (begin - (display #\space port) - (write-key-value-list (cdr val) port)))) + (write-key-value-list (cdr val) port) + (display (cdr val) port))) ;; challenges = 1#challenge ;; challenge = auth-scheme 1*SP 1#auth-param -- 1.7.10.4 From unknown Sat Aug 09 20:51:15 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.503 (Entity 5.503) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Atom X Zane Subject: bug#14370: closed (Re: bug#14370: [PATCH] Write out HTTP Basic auth headers correctly) Message-ID: References: <87d2jlngh5.fsf@netris.org> <87haidvlcd.fsf@atomx.deadlyhead.home> X-Gnu-PR-Message: they-closed 14370 X-Gnu-PR-Package: guile X-Gnu-PR-Keywords: patch Reply-To: 14370@debbugs.gnu.org Date: Tue, 21 Jan 2014 22:04:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1390341842-6371-1" This is a multi-part message in MIME format... ------------=_1390341842-6371-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #14370: [PATCH] Write out HTTP Basic auth headers correctly which was filed against the guile package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 14370@debbugs.gnu.org. --=20 14370: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D14370 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1390341842-6371-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 14370-done) by debbugs.gnu.org; 21 Jan 2014 22:03:36 +0000 Received: from localhost ([127.0.0.1]:59917 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W5jQ0-0001e6-0z for submit@debbugs.gnu.org; Tue, 21 Jan 2014 17:03:36 -0500 Received: from world.peace.net ([96.39.62.75]:55926) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W5jPx-0001dy-LJ for 14370-done@debbugs.gnu.org; Tue, 21 Jan 2014 17:03:34 -0500 Received: from 209-6-91-212.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com ([209.6.91.212] helo=yeeloong) by world.peace.net with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1W5jPq-0000q7-G4; Tue, 21 Jan 2014 17:03:26 -0500 From: Mark H Weaver To: Atom X Zane Subject: Re: bug#14370: [PATCH] Write out HTTP Basic auth headers correctly References: <87haidvlcd.fsf@atomx.deadlyhead.home> Date: Tue, 21 Jan 2014 16:59:50 -0500 In-Reply-To: <87haidvlcd.fsf@atomx.deadlyhead.home> (Atom X. Zane's message of "Wed, 8 May 2013 01:50:15 -0700") Message-ID: <87d2jlngh5.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 14370-done Cc: 14370-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Atom X Zane writes: > HTTP Basic authorization headers are not output correctly, leaving off > the user credentials in the Authorization: header. Fixed in d0d8c872afcc0e3384389171ceb32dc26df8c8a6 on the stable-2.0 branch, which will become Guile 2.0.10. Thanks! Mark ------------=_1390341842-6371-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 8 May 2013 15:47:13 +0000 Received: from localhost ([127.0.0.1]:34006 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1Ua6aG-0006ab-EX for submit@debbugs.gnu.org; Wed, 08 May 2013 11:47:13 -0400 Received: from eggs.gnu.org ([208.118.235.92]:47475) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1Ua1G1-0002OK-F7 for submit@debbugs.gnu.org; Wed, 08 May 2013 06:06:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Ua1Es-00040V-1S for submit@debbugs.gnu.org; Wed, 08 May 2013 06:04:49 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-100.0 required=5.0 tests=BAYES_40, RCVD_IN_DNSWL_NONE, T_DKIM_INVALID,USER_IN_WHITELIST autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([208.118.235.17]:48472) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ua1Er-00040R-Uf for submit@debbugs.gnu.org; Wed, 08 May 2013 06:04:45 -0400 Received: from eggs.gnu.org ([208.118.235.92]:58813) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ua1Eo-0003Cy-0J for bug-guile@gnu.org; Wed, 08 May 2013 06:04:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Ua1Eh-0003z3-Ug for bug-guile@gnu.org; Wed, 08 May 2013 06:04:41 -0400 Received: from caibbdcaaaaf.dreamhost.com ([208.113.200.5]:45481 helo=homiemail-a93.g.dreamhost.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ua1Eh-0003yt-Ok for bug-guile@gnu.org; Wed, 08 May 2013 06:04:35 -0400 Received: from homiemail-a93.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a93.g.dreamhost.com (Postfix) with ESMTP id 5286484065 for ; Wed, 8 May 2013 03:04:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=deadlyhead.com; h=from:to :subject:date:message-id:mime-version:content-type; s= deadlyhead.com; bh=2AMQs6IpO39zKxUg1KqoajEO3OE=; b=YWtMxzIfgb7QO 4lcDlt52C2MFBVQ271BG2t5RBRlNwWLfVC7jK/yAxsAElIcZXn+A1n0TTBr7fD/X HmU0/1QhRSbyhTPPAprmyCl98MXBLe0mEKV6PFShM1kB1qIx/QIYVH21Afci6Rur H0UZ2PPaZXsFzmQmEM5/PLPn0Vay0w= Received: from atomx.deadlyhead.home.deadlyhead.com (cpe-172-250-30-16.socal.res.rr.com [172.250.30.16]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: atom@deadlyhead.com) by homiemail-a93.g.dreamhost.com (Postfix) with ESMTPSA id 338A38405C for ; Wed, 8 May 2013 03:04:35 -0700 (PDT) From: Atom X Zane To: bug-guile@gnu.org Subject: [PATCH] Write out HTTP Basic auth headers correctly Date: Wed, 8 May 2013 01:50:15 -0700 Message-ID: <87haidvlcd.fsf@atomx.deadlyhead.home> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 208.118.235.17 X-Spam-Score: -6.9 (------) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Wed, 08 May 2013 11:47:10 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -6.9 (------) HTTP Basic authorization headers are not output correctly, leaving off the user credentials in the Authorization: header. Test case: (let ((req (build-request (build-uri 'http #:host "example.com") #:headers '((authorization basic . "dXNlcm5hbWU6cGFzc3dvcmQ=") )))) (write-request req (current-output-port))) Expected output: > GET / HTTP/1.1 > Host: example.com > Authorization: basic dXNlcm5hbWU6cGFzc3dvcmQ= Actual output: > GET / HTTP/1.1 > Host: example.com > Authorization: basic As you can see, the user credentials aren't actually written out, causing the server to return a "401 Authorization required" response. I have included a patch which remedies this problem. -- Atom X Zane * module/web/http.scm: modify write-credentials to display the base64-encoded concatenation of username and password if the authorization model is 'basic --- module/web/http.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/module/web/http.scm b/module/web/http.scm index 35169ef..0e5db5d 100644 --- a/module/web/http.scm +++ b/module/web/http.scm @@ -913,10 +913,10 @@ as an ordered alist." (define (write-credentials val port) (display (car val) port) + (display #\space port) (if (pair? (cdr val)) - (begin - (display #\space port) - (write-key-value-list (cdr val) port)))) + (write-key-value-list (cdr val) port) + (display (cdr val) port))) ;; challenges = 1#challenge ;; challenge = auth-scheme 1*SP 1#auth-param -- 1.7.10.4 ------------=_1390341842-6371-1--