Patch: (or see attachment)
--- BasicAuth.pm 2017-04-28 17:02:32.447477316 +0100
+++ BasicAuth.new.pm 2017-05-02 10:25:16.625247061 +0100
@@ -40,7 +40,7 @@
: $n eq 'RANDOM' ? \&_random_nonce
: sub { $n };
- $self->{XCWB_nonce} = $args->{nonce};
+ $self->{XCWB_nonce} = $nonce;
$self->{XCWB_wsu_id} = $args->{wsu_Id} || $args->{wsu_id};
$self->{XCWB_created} = $args->{created};
$self->{XCWB_pwformat} = $args->{pwformat} || UTP11_PTEXT;
On Tue, May 2, 2017 at 10:19 AM Bugs in XML-Compile-WSS via RT <
bug-XML-Compile-WSS@rt.cpan.org> wrote:
Show quoted text>
> Greetings,
>
> This message has been automatically generated in response to the
> creation of a trouble ticket regarding:
> "'nonce' argument not used properly by the code",
> a summary of which appears below.
>
> There is no need to reply to this message right now. Your ticket has been
> assigned an ID of [rt.cpan.org #121497]. Your ticket is accessible
> on the web at:
>
>
https://rt.cpan.org/Ticket/Display.html?id=121497
>
> Please include the string:
>
> [rt.cpan.org #121497]
>
> in the subject line of all future correspondence about this issue. To do
> so,
> you may reply to this message.
>
> Thank you,
> bug-XML-Compile-WSS@rt.cpan.org
>
> -------------------------------------------------------------------------
> in sub init($):
>
> You're setting $nonce to something depending on if it's RANDOM or a CODE
> Ref, but then you do:
>
> $self->{XCWB_nonce} = $args->{nonce};
>
> so the original value of the 'nonce' argument is used instead of the new
> value in $nonce that has properly dealt with the special-casing.
>
> This means that when using 'RANDOM', the word 'RANDOM' is literally base 64
> encoded rather than making a random nonce.
> --
> Errietta Kostala
> <errietta@errietta.me>
>
--
Errietta Kostala
<errietta@errietta.me>
