Welcome to the "trac"-ing site of http-access2!
[soap4r] [httpclient] [openpgp4u] [pkcs1] [logger] [csv] [vtr]

Ticket #159 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

[PATCH] Authentication schemes should be case-insensitive

Reported by: user Assigned to: nahi
Priority: highest Milestone: 2.0.9
Component: core Version: 2.0
Keywords: Cc:

Description

The authentication schemes should be case insensitive, so "Basic", "BASIC", "BaSiC", etc. should all work. Currently, when the server responds with a challenge, http-access2 will only recognize the challenge if it is exactly "Basic"

I am referencing the HTTP authentication docs here: http://www.ietf.org/rfc/rfc2617.txt

Section 1.2 talks about the case-insensitivity.

If you have any questions, please update the ticket and notify me at mwedeme:@:emory edu

Attachments

http_access_scheme_downcase.diff (1.1 kB) - added by user on 07/03/07 03:03:50.
Downcase the authorization scheme prior to comparison.

Change History

07/03/07 02:50:08 changed by user

Note, I'm working on a patch right now. I hope to have it completed very soon.

07/03/07 03:03:50 changed by user

  • attachment http_access_scheme_downcase.diff added.

Downcase the authorization scheme prior to comparison.

07/03/07 04:43:15 changed by user

Is there any way I could convince you to put this fix into a bugfix release along with a gem? I'm developing a Ruby on Rails plugin that depends on this and I would like to be able to list the gem as a requirement, rather than trying to include a hacked version as part of the plugin.

07/03/07 04:43:27 changed by user

  • summary changed from Authentication schemes should be case-insensitive to [PATCH] Authentication schemes should be case-insensitive.

07/03/07 11:08:33 changed by nahi

  • priority changed from normal to highest.
  • milestone changed from undefined to 2.0.9.

07/04/07 16:18:58 changed by nahi

  • status changed from new to closed.
  • resolution set to fixed.

(In [161]) * fix the BasicAuth? regression problem in 2.0.8. A server may return "BASIC" as an authenticate scheme label instead of "Basic". It must be treated as a case-insensitive token according to RFC2617 section 1.2. Thanks to mwedeme for contributing the patch. closes #159.