"Jeremy Howard" <[EMAIL PROTECTED]> writes:
> I found that using LWP::Authen::Digest with an incorrect password causes
> infinite recursion. This is because the auth string changes each time as the
> nonce changes. Patch follows. It can be applied with:
This patch breaks the test suite. The reason is that it prevents
retrials with the same username, but with different passwords. I have
applied the following patch instead. Can you check that it works for
you?
Index: lib/LWP/Authen/Digest.pm
===================================================================
RCS file: /cvsroot/libwww-perl/lwp5/lib/LWP/Authen/Digest.pm,v
retrieving revision 1.5
diff -u -p -u -r1.5 Digest.pm
--- lib/LWP/Authen/Digest.pm 2001/11/27 16:37:46 1.5
+++ lib/LWP/Authen/Digest.pm 2002/02/07 05:43:21
@@ -69,8 +69,8 @@ sub authenticate
# Need to check this isn't a repeated fail!
my $r = $response;
while ($r) {
- my $auth = $r->request->header($auth_header);
- if ($auth && $auth eq $auth_value) {
+ my $u = $r->request->{digest_user_pass};
+ if ($u && $u->[0] eq $user && $u->[1] eq $pass) {
# here we know this failed before
$response->header("Client-Warning" =>
"Credentials for '$user' failed before");
@@ -81,6 +81,9 @@ sub authenticate
my $referral = $request->clone;
$referral->header($auth_header => $auth_value);
+ # we shouldn't really do this, but...
+ $referral->{digest_user_pass} = [$user, $pass];
+
return $ua->request($referral, $arg, $size, $response);
}
Regards,
Gisle
> # patch -l -p0 < lwp-authen.diff
> (assuming you name the attached "lwp-authen.diff")
> --------
>
> --- Authen/Digest.pm Wed Nov 28 03:35:35 2001
> +++ Authen/Digest.pm.new Wed Jan 23 11:04:39 2002
> @@ -70,11 +70,17 @@
> my $r = $response;
> while ($r) {
> my $auth = $r->request->header($auth_header);
> - if ($auth && $auth eq $auth_value) {
> - # here we know this failed before
> - $response->header("Client-Warning" =>
> - "Credentials for '$user' failed before");
> - return $response;
> + if ($auth) {
> + my ($thisuser, $thisrealm, $thisuri) =
> + ($auth =~ /username="(.*?)".*realm="(.*?)".*uri="(.*?)"/);
> + my ($lastuser, $lastrealm, $lasturi) =
> + ($auth_value =~ /username="(.*?)".*realm="(.*?)".*uri="(.*?)"/);
> + if ($thisuser eq $lastuser && $thisrealm eq $lastrealm && $thisuri eq $lasturi)
>{
> + # here we know this failed before
> + $response->header("Client-Warning" =>
> + "Credentials for '$user' failed before");
> + return $response;
> + }
> }
> $r = $r->previous;
> }
> ----
