Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there something different in the Digest Auth than in A4? #78

Open
felixvelariusbos opened this issue Dec 6, 2019 · 1 comment
Open

Is there something different in the Digest Auth than in A4? #78

felixvelariusbos opened this issue Dec 6, 2019 · 1 comment
Labels
Question Need some information Resolved The issue is resolved or got answered

Comments

@felixvelariusbos
Copy link
Contributor

Hello,

I keep running into this issue for this assignment: Digest authentication.
All of my A4 Digest tests pass...however all of the tests in A5 that require Digest authentication fail, saying not authorized. (for one specifically, there's test_put_success_auth_digest)

As far as I can tell, the correct nonce is being used, as is a good user...but the response I generated is not the same as yours. I'm not sure if the passwords match, given it's all md5ed...but I assume it does.

Obviously I'm doing something incorrect...but I can't tell what it is, especially since I'm still passing all the authentications from A4.

If it helps, this is the result of the test:

Request:

PUT http://cs531-cheinich/a5-test/limited4/foo/barbar.txt HTTP/1.1
Host: cs531-cheinich:80
Authorization: Digest username="bda", realm="Colonial Place", uri="http://cs531-cheinich/a5-test/limited4/foo/barbar.txt", qop=auth, nonce="0xf49f02112f516d0a427ec41af", nc=00000001, cnonce="014a54548c61ba03827ef6a4dc2f7b4c", response="8294dd6238e42d5e49cb1d5222f1815f"
Connection: close
Content-Type: text/plain
Content-Length: 65

here comes a PUT method

in text/plain format

hooray for PUT!!!

Response

HTTP/1.1 401 Unauthorized
Date: Fri, 06 Dec 2019 01:28:20 GMT
Server: TinaServer/1.0 (Ubuntu)
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
WWW-Authenticate: Digest realm="Colonial Place", nonce="0xf49f02112f516d0a427ec41af", algorithm=MD5, qop="auth"

12
<html>
    <body>

aa
        <h1>401</h1>
        <p>[Errno 401] Unable to auth you. DIGEST!:Digest realm="Colonial Place", nonce="0xf49f02112f516d0a427ec41af", algorithm=MD5, qop="auth"</p>

14
    </body>
</html>

0
@ibnesayeed
Copy link
Collaborator

The test_put_success_auth_digest test case first makes a GET request without any authentication headers that is expected to return 401 with WWW-Authenticate header. Tester script then consumes it and constructs necessary authorization header in the subsequent PUT request. One possibility of failure could be if you are generating nonce differently for different request methods then the information about the GET method might not be applicable to PUT method. However, while looking at your response, it looks like the nonce returned in the PUT attempt is the same as the one in the GET, so perhaps you have some other issues in your authentication validation process.

@ibnesayeed ibnesayeed added Question Need some information Resolved The issue is resolved or got answered labels Dec 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Question Need some information Resolved The issue is resolved or got answered
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ibnesayeed @felixvelariusbos