-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mech performing a Basic auth on a Digest auth only server when sending a PUT request. #316
Comments
If someone could put together a test case to demonstrate this, that would be helpful. |
I've created a test and it seems to work on current master with LWP::UserAgent on 6.49 and HTTP::Message on 6.29. The Plack script requires Plack::Middleware::Auth::Digest to be installed. Plack server, run with use Plack::Builder;
my $app = sub { return [ 200, [ 'Content-Type' => 'text/plain' ], [ "Hello" ] ] };
builder {
enable "Auth::Digest", realm => "Secured", secret => "bar",
authenticator => sub {
my ($username, $env) = @_;
return 'password';
};
$app;
}; Test script, run with use strict;
use warnings;
use Test::More;
use WWW::Mechanize;
#use LWP::ConsoleLogger::Everywhere;
my $mech = WWW::Mechanize->new;
$mech->credentials('username', 'password');
$mech->put('http://localhost:5000/');
like $mech->res->request->header('Authorization'), qr/Digest/, 'Digest header sent';
is $mech->content, 'Hello', 'Content correct';
done_testing; The test passes with both GET and PUT for me. @rthawkcom can you please tell us which versions of WWW::Mechanize and LWP::UserAgent you are running? The easiest way of getting them is to run this and check in the error message. Thank you.
|
WWW::Mechanize version 9 required--this is only version 2.02.
My work around was to just use curl off the command line:
return `curl -s -u $pass -X $req -H 'X-CSRF: Perl;' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --digest $data '$url' `;
That works perfectly with no issues. I'm up and running, but not happy since this is not a pure Perl solution. Would prefer to use Mech if I can.
This is the appliance I built an API for that Mech is having problems with:
[https://www.amazon.com/Web-Power-Switch-Pro-Model/dp/B0765NCB2L/](https://www.amazon.com/Web-Power-Switch-Pro-Model/dp/B0765NCB2L/ref=sr_1_2?crid=3C894SPC5H29Q&dchild=1&keywords=web+power+switch&qid=1608644408&sprefix=web+power%2Caps%2C343&sr=8-2)
If you are up for a small investment, they are really nice durable units! Great for home automation, not just rebooting servers.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
…On Tuesday, December 22, 2020 4:48 AM, Julien Fiegehenn ***@***.***> wrote:
I've created a test and it seems to work on current master with LWP::UserAgent on 6.49 and HTTP::Message on 6.29. The Plack script requires Plack::Middleware::Auth::Digest to be installed.
Plack server, run with plackup foo.pl:
use
Plack::Builder;
my
$app
=
sub
{
return
[ 200, [
'
Content-Type
'
=>
'
text/plain
'
], [
"
Hello
"
] ] };
builder {
enable
"
Auth::Digest
"
,
realm
=>
"
Secured
"
,
secret
=>
"
bar
"
,
authenticator
=>
sub
{
my
(
$username
,
$env
) =
@_
;
return
'
password
'
;
};
$app
;
};
Test script, run with prove -lv t/99-put.t.
use
strict;
use
warnings;
use
Test::More;
use
WWW::Mechanize;
#
use LWP::ConsoleLogger::Everywhere;
my
$mech
= WWW::Mechanize
->
new;
$mech
->
credentials(
'
username
'
,
'
password
'
);
$mech
->
put(
'
http://localhost:5000/
'
);
like
$mech
->
res
->
request
->
header(
'
Authorization
'
),
qr
/
Digest
/
,
'
Digest header sent
'
;
is
$mech
->
content,
'
Hello
'
,
'
Content correct
'
;
done_testing;
The test passes with both GET and PUT for me.
***@***.***(https://github.com/rthawkcom) can you please tell us which versions of WWW::Mechanize and LWP::UserAgent you are running? The easiest way of getting them is to run this and check in the error message. Thank you.
$ perl -MWWW::Mechanize\ 9
WWW::Mechanize version 9 required--this is only version 2.00.
BEGIN failed--compilation aborted.
—
You are receiving this because you were mentioned.
Reply to this email directly, [view it on GitHub](#316 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AIYXHEOJDL7C57JJHZWDVB3SWB2ODANCNFSM4UCXT3NQ).
|
@rthawkcom thanks. Could you please also check your LWP::UserAgent version, and get LWP::ConsoleLogger and use LWP::ConsoleLogger::Everywhere to dump the headers of the requests your code sends with both GET and POST, and include these along with the server responses (should be two and two for each verb) as well. I am pretty sure this has to do with either something in your tool chain being a little out of date, or that this appliance is sending strange headers. We will look at them, and find a way of making this work. As a last resort, you can always create your own authentication header and include it in the request manually. Thank you. |
LWP::UserAgent version 9 required--this is only version 6.49.
Sure thing. Give me some time and I'll set up Wire Shark and dump the stream as well.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
…On Tuesday, December 22, 2020 8:12 AM, Julien Fiegehenn ***@***.***> wrote:
***@***.***(https://github.com/rthawkcom) thanks. Could you please also check your LWP::UserAgent version, and get LWP::ConsoleLogger and use [LWP::ConsoleLogger::Everywhere](https://metacpan.org/pod/LWP::ConsoleLogger::Everywhere) to dump the headers of the requests your code sends with both GET and POST, and include these along with the server responses (should be two and two for each verb) as well. I am pretty sure this has to do with either something in your tool chain being a little out of date, or that this appliance is sending strange headers. We will look at them, and find a way of making this work.
As a last resort, you can always create your own authentication header and include it in the request manually.
Thank you.
—
You are receiving this because you were mentioned.
Reply to this email directly, [view it on GitHub](#316 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AIYXHEOVX2O2GT2IN4HQZ6DSWCSLBANCNFSM4UCXT3NQ).
|
I have a web device that only allows Digest authentication. If I use a GET request, it works just fine:
** GET http://10.1.2.61/restapi/relay/user_lines/ ==> 401 Unauthorized
** GET http://10.1.2.61/restapi/relay/user_lines/ ==> 200 OK
$VAR1 = '["hi!"," Active! "]';
However, when I do a PUT request, it attempts a Basic auth and fails:
** PUT http://10.1.2.61/restapi/relay/beep_sequence/ ==> 401 Unauthorized
** PUT http://10.1.2.61/restapi/relay/beep_sequence/ ==> 401 Unauthorized
Error PUTing http://10.1.2.61/restapi/relay/beep_sequence/: Unauthorized at /usr/local/share/perl/5.30.0/LWP/Authen/Basic.pm line 77.
The text was updated successfully, but these errors were encountered: