Skip Menu |

This queue is for tickets about the Catalyst-Authentication-Credential-HTTP CPAN distribution.

Report information
The Basics
Id: 63669
Status: resolved
Priority: 0/
Queue: Catalyst-Authentication-Credential-HTTP
People
Owner: EDENC [...] cpan.org
Requestors: rjk@tamias.net (no email address)
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 1.012
Fixed in: (no value)

History Show all quoted text
  Mon Dec 06 10:49:15 2010 rjk [...] tamias.net - Ticket created
Subject: store_digest_authorization_nonce() bypassed by authenticate_digest()
authenticate_digest() calls $c->cache->set() directly, instead of calling $self->store_digest_authorization_nonce(). This invalidates the suggestion in the documentation to override get_digest_authorization_nonce() and store_digest_authorization_nonce() to change how the nonces are stored. Patch attached.
Subject: cat_auth_cred_http.patch
--- lib/Catalyst/Authentication/Credential/HTTP.pm (revision 13791) +++ lib/Catalyst/Authentication/Credential/HTTP.pm (working copy) @@ -183,8 +183,8 @@ $A2_digest ); my $rq_digest = Digest::MD5::md5_hex($digest_in); $nonce->nonce_count($nonce_count); - $c->cache->set( __PACKAGE__ . '::opaque:' . $nonce->opaque, - $nonce ); + my $key = __PACKAGE__ . '::opaque:' . $nonce->opaque; + $self->store_digest_authorization_nonce( $c, $key, $nonce ); if ($rq_digest eq $res{response}) { return $user_obj; }
  Mon Oct 17 11:25:32 2011 EDENC [...] cpan.org - Taken
  Mon Oct 17 11:25:35 2011 EDENC [...] cpan.org - Status changed from 'new' to 'open'
  Wed Jun 27 17:50:07 2012 bobtfish [...] bobtfish.net - Correspondence added
This is now fixed!
  Wed Jun 27 17:50:11 2012 bobtfish [...] bobtfish.net - Status changed from 'open' to 'resolved'