GNU bug report logs - #14370
[PATCH] Write out HTTP Basic auth headers correctly

Previous Next

Package: guile;

Reported by: Atom X Zane <atomx <at> deadlyhead.com>

Date: Wed, 8 May 2013 15:48:01 UTC

Severity: normal

Tags: patch

Done: Mark H Weaver <mhw <at> netris.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Atom X Zane <atomx <at> deadlyhead.com>
Subject: bug#14370: closed (Re: bug#14370: [PATCH] Write out HTTP Basic
 auth headers correctly)
Date: Tue, 21 Jan 2014 22:04:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#14370: [PATCH] Write out HTTP Basic auth headers correctly

which was filed against the guile package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 14370 <at> debbugs.gnu.org.

-- 
14370: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=14370
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Mark H Weaver <mhw <at> netris.org>
To: Atom X Zane <atomx <at> deadlyhead.com>
Cc: 14370-done <at> debbugs.gnu.org
Subject: Re: bug#14370: [PATCH] Write out HTTP Basic auth headers correctly
Date: Tue, 21 Jan 2014 16:59:50 -0500

Atom X Zane <atomx <at> deadlyhead.com> writes:
> HTTP Basic authorization headers are not output correctly, leaving off
> the user credentials in the Authorization: header.

Fixed in d0d8c872afcc0e3384389171ceb32dc26df8c8a6 on the stable-2.0
branch, which will become Guile 2.0.10.

    Thanks!
      Mark


[Message part 3 (message/rfc822, inline)]
From: Atom X Zane <atomx <at> deadlyhead.com>
To: bug-guile <at> gnu.org
Subject: [PATCH] Write out HTTP Basic auth headers correctly
Date: Wed, 8 May 2013 01:50:15 -0700

HTTP Basic authorization headers are not output correctly, leaving off
the user credentials in the Authorization: header.

Test case:

(let ((req (build-request
            (build-uri
             'http
             #:host "example.com")
            #:headers '((authorization
                         basic . "dXNlcm5hbWU6cGFzc3dvcmQ=")
                                      ))))
  (write-request req (current-output-port)))

Expected output:

> GET / HTTP/1.1
> Host: example.com
> Authorization: basic dXNlcm5hbWU6cGFzc3dvcmQ=

Actual output:

> GET / HTTP/1.1
> Host: example.com
> Authorization: basic


As you can see, the user credentials aren't actually written out,
causing the server to return a "401 Authorization required" response.  I
have included a patch which remedies this problem.

-- Atom X Zane


* module/web/http.scm: modify write-credentials to display the
  base64-encoded concatenation of username and password if the
  authorization model is 'basic
---
 module/web/http.scm |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/module/web/http.scm b/module/web/http.scm
index 35169ef..0e5db5d 100644
--- a/module/web/http.scm
+++ b/module/web/http.scm
@@ -913,10 +913,10 @@ as an ordered alist."
 
 (define (write-credentials val port)
   (display (car val) port)
+  (display #\space port)
   (if (pair? (cdr val))
-      (begin
-        (display #\space port)
-        (write-key-value-list (cdr val) port))))
+      (write-key-value-list (cdr val) port)
+      (display (cdr val) port)))
 
 ;; challenges = 1#challenge
 ;; challenge = auth-scheme 1*SP 1#auth-param
-- 
1.7.10.4
This bug report was last modified 11 years and 125 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.