| Subject: | Handling failed authentication when multiple auth methods are possible |
| Date: | Fri, 26 Feb 2016 22:08:49 +0000 |
| To: | "bug-libwww-perl [...] rt.cpan.org" <bug-libwww-perl [...] rt.cpan.org> |
| From: | Slava Goltser <Slava.Goltser [...] ipsoft.com> |
Below patch addresses the issue present in LWP::UserAgent 6.15 where if LWP::UserAgent::request successfully loads the first LWP::Authen submodule, all others are ignored, even if the first module fails.
The specific situation is when a server (in this case IIS) returns the following header:
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
If both LWP::Authen::Negotiate and LWP::Authen::NTLM are present, LWP::UserAgent will try to load the first one and once (in this case) LWP::Authen::Negotiate fails, LWP::UserAgent returns that response without trying the other authentication modules/methods. In this case, the credentials were given for NTLM authentication which do work.
--- a/LWP/UserAgent.pm 2015-12-05 05:57:39.000000000 +0000
+++ b/lib/LWP/UserAgent.pm 2016-02-26 19:16:55.893851729 +0000
@@ -392,8 +392,13 @@
"Unsupported authentication scheme '$scheme'");
next CHALLENGE;
}
- return $class->authenticate($self, $proxy, $challenge, $response,
+ $response = $class->authenticate($self, $proxy, $challenge, $response,
$request, $arg, $size);
+ # Try next challenge type if current failed
+ if (!$response->is_success) {
+ next CHALLENGE;
+ }
+ return $response;
}
return $response;
}
--
Slava Goltser
IPsoft, Inc.
slava.goltser@ipsoft.com