Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mech performing a Basic auth on a Digest auth only server when sending a PUT request. #316

Open
rthawkcom opened this issue Nov 25, 2020 · 5 comments
Open

Mech performing a Basic auth on a Digest auth only server when sending a PUT request. #316

rthawkcom opened this issue Nov 25, 2020 · 5 comments

Comments

@rthawkcom
Copy link

I have a web device that only allows Digest authentication. If I use a GET request, it works just fine:
** GET http://10.1.2.61/restapi/relay/user_lines/ ==> 401 Unauthorized
** GET http://10.1.2.61/restapi/relay/user_lines/ ==> 200 OK
$VAR1 = '["hi!"," Active! "]';

However, when I do a PUT request, it attempts a Basic auth and fails:
** PUT http://10.1.2.61/restapi/relay/beep_sequence/ ==> 401 Unauthorized
** PUT http://10.1.2.61/restapi/relay/beep_sequence/ ==> 401 Unauthorized
Error PUTing http://10.1.2.61/restapi/relay/beep_sequence/: Unauthorized at /usr/local/share/perl/5.30.0/LWP/Authen/Basic.pm line 77.
@oalders
Copy link
Member

oalders commented Dec 15, 2020

If someone could put together a test case to demonstrate this, that would be helpful.

@simbabque
Copy link
Contributor

I've created a test and it seems to work on current master with LWP::UserAgent on 6.49 and HTTP::Message on 6.29. The Plack script requires Plack::Middleware::Auth::Digest to be installed.

Plack server, run with plackup foo.pl:

use Plack::Builder;

my $app = sub { return [ 200, [ 'Content-Type' => 'text/plain' ], [ "Hello" ] ] };

builder {
    enable "Auth::Digest", realm => "Secured", secret => "bar",
    authenticator => sub {
        my ($username, $env) = @_;
        return 'password';
    };

    $app;
};

Test script, run with prove -lv t/99-put.t.

use strict;
use warnings;
use Test::More;
use WWW::Mechanize;
#use LWP::ConsoleLogger::Everywhere;

my $mech = WWW::Mechanize->new;
$mech->credentials('username', 'password');

$mech->put('http://localhost:5000/');
like $mech->res->request->header('Authorization'), qr/Digest/, 'Digest header sent';
is $mech->content, 'Hello', 'Content correct';

done_testing;

The test passes with both GET and PUT for me.

@rthawkcom can you please tell us which versions of WWW::Mechanize and LWP::UserAgent you are running? The easiest way of getting them is to run this and check in the error message. Thank you.

$ perl -MWWW::Mechanize\ 9
WWW::Mechanize version 9 required--this is only version 2.00.
BEGIN failed--compilation aborted.

@rthawkcom
Copy link
Author

rthawkcom commented Dec 22, 2020 via email

@simbabque
Copy link
Contributor

@rthawkcom thanks. Could you please also check your LWP::UserAgent version, and get LWP::ConsoleLogger and use LWP::ConsoleLogger::Everywhere to dump the headers of the requests your code sends with both GET and POST, and include these along with the server responses (should be two and two for each verb) as well. I am pretty sure this has to do with either something in your tool chain being a little out of date, or that this appliance is sending strange headers. We will look at them, and find a way of making this work.

As a last resort, you can always create your own authentication header and include it in the request manually.

Thank you.

@rthawkcom
Copy link
Author

rthawkcom commented Dec 22, 2020 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@oalders @simbabque @rthawkcom