Repairing digest authentication in handle_request

[emarley]

Digest authentication stopped working for me sometime since the 0.5 gem. It seems digest_auth needs the result from the first unauthenticated request in order to build the proper headers for digest authentication. This change moves the digest_auth call from the beginning of the second handle_request (when it can't see the results from the first request) to the end of the first handle_request (when it can).

I changed as little as possible. It might make sense to change the case statement at line 157 to something else, since there's now only one case to consider there.

[emarley]

You may have specific reasons not to want to use net-http-digest_auth directly. So I understand if you only want to pull the first commit and not the second one.

[devrandom]

Sorry for the delay.

I don't mind pulling both, but the dependency on the digest auth gem has to be declared in the Rakefile jeweler config.

[emarley]

Ah, okay. I haven't worked much with rakefiles. I'll try to sort that out this weekend. Thanks!

[devrandom]

Ping?

[emarley]

Sorry, got drowned in personal stuff. Still aim to do this soon-ish.

On Jul 6, 2012, at 1:45 PM, Dev [email protected] wrote:

Ping?

---

Reply to this email directly or view it on GitHub:
#19 (comment)

[emarley]

I think this was the change you wanted. Thanks for your patience.

[paulvt]

I had to make the following change on top of the pull request to get it to work:

@@ -179,15 +184,18 @@
           return response
         when Net::HTTPUnauthorized     then
           response.error! unless @user
-          response.error! if req['authorization']
           new_req = clone_req(req.path, req, headers)
           if response['www-authenticate'] =~ /^basic/i
             if disable_basic_auth
               raise "server requested basic auth, but that is disabled"
             end
+            response.error! if req['authorization']
             @authorization = :basic
           else
             @authorization = :digest
            # Need to set up a new digest auth.

Otherwise I got the following (premature) error:

401 "Unauthorized ( The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator.  )" (Net::HTTPServerException)
/usr/lib/ruby/2.3.0/net/http/response.rb:120:in `error!'
/usr/lib/ruby/vendor_ruby/net/dav.rb:187:in `handle_request'
/usr/lib/ruby/vendor_ruby/net/dav.rb:120:in `request_returning_body'
/usr/lib/ruby/vendor_ruby/net/dav.rb:586:in `get'