Skip Menu |

This queue is for tickets about the HTTP-DAV CPAN distribution.

Report information
The Basics
Id: 47500
Status: resolved
Worked: 1 hour (60 min)
Priority: 0/
Queue: HTTP-DAV

People
Owner: Nobody in particular
Requestors: CEBJYRE [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 0.38
Fixed in: (no value)



Subject: The credentials method needs both url and realm to be effective
Using the credentials method and passing only one of the url or realm parameters does not appear to have any effect when calling open on a protected location (setting both url and realm does work however). From brief testing it looks like this is due to the call to get_basic_credentials in HTTP::DAV::Comms always settling on the result of $self->{'basic_authentication'}{$netloc}{$realm} for the auth details even when this is an empty arrayref and there are usable matches in $self->{'basic_authentication'}{default}{$realm} or $self->{'basic_authentication'}{$netloc}{default}
Did this work with HTTP::DAV 0.35 ? Please can you test with your code and report back? That would be very helpful.
On Wed Jul 22 09:27:19 2009, OPERA wrote: Show quoted text
> Did this work with HTTP::DAV 0.35 ? > Please can you test with your code and report back? > That would be very helpful.
I downloaded 0.35 from the backpan, did the standard steps up to make test (but not including the actual install) and changed my test code to have a: use lib 'HTTP-DAV-0.35/blib/lib'; line (I'm assuming this is sufficient) and this still hasn't fixed the problem. With the 0.38 version and DebugLevel of 3: the open() call gives the following output: new_resource: For [url], creating new resource Resetting user and password for [server], [realm] Using user/pass combo: . For [realm], [url] the open() call under 0.35 gives: new_resource: For [url], creating new resource Setting auth details for [server], [realm] to , and the last line is repeated 14 times. Both 0.38 and 0.35 give basically the same output for the credentials() call (only supplying user, pass and url - not realm): 0.35: Setting auth details for [server], default to [user],[pass] 0.38: Setting auth details for [server], default to '[user]', '[pass]' Thanks
From: Nick Spacek
Should have checked here first I guess, but others have had this problem. I replied to a post on perlmonks with some details: http://www.perlmonks.org/?node_id=786525
From: stoian.iovchev [...] imperia.bg
On Thu Jul 02 01:51:27 2009, CEBJYRE wrote: Show quoted text
> Using the credentials method and passing only one of the url or realm > parameters does not appear to have any effect when calling open on a > protected location (setting both url and realm does work however). > > From brief testing it looks like this is due to the call to > get_basic_credentials in HTTP::DAV::Comms always settling on the result > of $self->{'basic_authentication'}{$netloc}{$realm} for the auth details > even when this is an empty arrayref and there are usable matches in > $self->{'basic_authentication'}{default}{$realm} or > $self->{'basic_authentication'}{$netloc}{default}
I think I have the same problem and the reason for the bug seems to be that the libwww now calls credentials method in a different manner. I am not sure when that was introduced but it is present in the current version 5.834. You can see the changes in LWP::Authen::Basic (maybe in other places too). The thing is the HTTP/Dav/Comms.pm - HTTP::Dav::UserAgent overwrites some methods of LWP::UserAgent including credentials. The new implementation in LWP::Authen::Basic calls the credentials with the real realm and thus an entry {basic_authentication}->{mylocation}{realRealm} = [] is introduced. Here is line 360 of HTTP/DAV/Comms.pm (v 0.39) <code> my $cred = ($self->{basic_authentication}->{$netloc}->{$realm} ||= []); </code> that later causes a fail when calling get_basic_credentials is called. I believe that if that line is changed to something like: <code> my $cred = ($self->{basic_authentication}->{$netloc}->{$realm} ? $self->{basic_authentication}->{$netloc}->{$realm} : []); </code> everything should be OK, at least that worked for me. That way when credentials is called the realm is not autovivificied. Thanks Stoian
Subject: Comms.patch
*** /usr/local/lib/perl5/site_perl/5.8.9/HTTP/DAV/Comms.pm Tue Jan 26 19:05:28 2010 --- /tmp/Comms.pm Tue Jan 26 19:04:58 2010 *************** *** 357,363 **** } } ! my $cred = ($self->{basic_authentication}->{$netloc}->{$realm} ||= []); # Replace with new credentials (if any) if (defined $user) { --- 357,363 ---- } } ! my $cred = ($self->{basic_authentication}->{$netloc}->{$realm} ? $self->{basic_authentication}{$netloc}{$realm}:[]); # Replace with new credentials (if any) if (defined $user) {
RT-Send-CC: stoian.iovchev [...] imperia.bg
Stoian, thanks for your input. I'm rolling out v0.40 on CPAN right now. Otherwise you can test it by fetching the source code directly from the repository, http://github.com/cosimo/perl5-http-dav/tree/CPAN-v0.40 Stoian, Glenn, if you could test this release and confirm that works for you, that would be great for me. Thanks! -- Cosimo
Subject: Re: [rt.cpan.org #47500] The credentials method needs both url and realm to be effective
Date: Thu, 28 Jan 2010 16:42:45 +0200
To: bug-HTTP-DAV [...] rt.cpan.org
From: Стоян Йовчев <stoian [...] imperia.bg>
Hi Cosimo, I have just tried the latest version 0.40 and the bug seems fixed to me. Thanks you for the fast reaction. greetings Stoian Opera Software ASA via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=47500 > > > Stoian, thanks for your input. I'm rolling out v0.40 on CPAN right now. > Otherwise you can test it by fetching the source code directly from the > repository, > > http://github.com/cosimo/perl5-http-dav/tree/CPAN-v0.40 > > Stoian, Glenn, if you could test this release and confirm that works > for you, that would be great for me. Thanks! > >
-- Империя ООД | Imperia OOD ул. „Княз-Борис-I“ № 86, София 1000 | ul. "Knyaz-Boris-I" № 86, Sofia http://www.imperia.bg/
Setting to resolved.