Hi,
I found the problem checking
/usr/lib/python2.5/site-packages/authkit/authenticate/digest.py file. The
problem is when I use the method url_for to generate the urls into my pylons
project. Url_for uses quote method to encode the url. Into digest.py, on
line 223 has this two lines to make the digest authentication:
fullpath = SCRIPT_NAME(environ) + PATH_INFO(environ)
authorization = AUTHORIZATION(environ)
This is my environtment var:
{'HTTP_AUTHORIZATION': 'Digest username="fulltracksrest",
realm="fulltracksrest", nonce="004498a72a059b690e7f224124028b5b",
uri="/artists/Juanes/albums/Me%20enamora",
response="50c920c9fc60a159184c4fdc5051be08",
opaque="86b75877cc80e450c4b394a6fa01af2f", qop=auth, nc=00000006,
cnonce="5970c01874832772"', 'HTTP_REFERER': '
http://127.0.0.1:5000/artists/Juanes/albums', 'authkit.intercept': ['401'],
'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET', 'PATH_INFO':
'/artists/Juanes/albums/Me enamora', 'SERVER_PROTOCOL': 'HTTP/1.1',
'QUERY_STRING': '', 'CONTENT_LENGTH': '0', 'HTTP_ACCEPT_CHARSET':
'ISO-8859-1,utf-8;q=0.7,*;q=0.7', 'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; U;
Linux i686; ca; rv:1.9.0.9) Gecko/2009042115 Fedora/3.0.9-1.fc10
Firefox/3.0.9', 'HTTP_CONNECTION': 'keep-alive', 'SERVER_NAME': '127.0.0.1',
'REMOTE_ADDR': '127.0.0.1', 'wsgi.url_scheme': 'http', 'SERVER_PORT':
'5000', 'authkit.users': <fulltracksrest.lib.auth.users.UsersFromDatabase
object at 0x974cd4c>, 'wsgi.input': <socket._fileobject object at 0x975eb54
length=0>, 'HTTP_HOST': '127.0.0.1:5000', 'wsgi.multithread': True,
'authkit.config': {}, 'HTTP_ACCEPT':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'wsgi.version': (1, 0), 'paste.registry': <paste.registry.Registry object at
0x97c0c6c>, 'authkit.authenticate': True, 'wsgi.run_once': False,
'wsgi.errors': <open file '<stderr>', mode 'w' at 0xb7ffd0b0>,
'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
'ca,en-us;q=0.7,en;q=0.3', 'CONTENT_TYPE': '',
'paste.httpserver.thread_pool': <paste.httpserver.ThreadPool object at
0x8c807cc>, 'HTTP_ACCEPT_ENCODING': 'gzip,deflate', 'HTTP_KEEP_ALIVE':
'300'}
You can see that uri="/artists/Juanes/albums/Me%20enamora" is a quote url
generated by url_for into my pylons project, but 'PATH_INFO':
'/artists/Juanes/albums/Me enamora' isn't, it's an unquote url. This is the
problem because to validate the digest authenticaion makes (on line 136):
assert authpath.split("?",1)[0] in path
And this line returns 'False' because the two urls aren't equal (uri is a
quote url and PATH_INFO is an unquote url). To resolve it I have to change
line 223 and put: (wiht import urllib on top)
fullpath = SCRIPT_NAME(environ) +
urllib.quote(PATH_INFO(environ))
With this change into this line, the digest authentication run with all urls
with a quote special characters. I think that is a bug into authkit lib.
Thanks for your help!
Ernest
2009/4/27 eRnest FE <[email protected]>
> I tested with Basic Authentication and Cookie Authentication and I don't
> have any problem, all urls are running correctly. Urls tested with basic and
> cookie authentication are: /artists/u2/albums/Achtung%2BBaby,
> /artists/U2/albums/October and
> /artists/Juanes/albums/Me%2BEnamora%2B%252FFijate%2BBien,
> /artists/Madonna/albums/I%25C2%25B4m%2Bgoing%2Bto%2Btell%2Byou%2Ba%2Bsecret
> ...
>
> I think that is a digest implementation problem because when in the uri
> param appears any special character (with % character) doesn't works.
>
> Thanks for your help!
> Ernest
>
> Thanks for
>
> 2009/4/26 Jason Reid <[email protected]>
>
>
>> Do you get the same problems when you use Basic Authentication?
>>
>> On Apr 25, 4:48 am, eRnest FE <[email protected]> wrote:
>> > Hi Jason,
>> >
>> > thanks for your help, I change space characters with '+' character but I
>> > have the same problem because into our albums name we have some albums
>> with
>> > '/' character inside and we need to convert to '%2F'. We have the same
>> > problem with all other special characters when we make a quote_plus to
>> > convert the strings.
>> >
>> > Thanks!
>> > Ernest
>> >
>> > 2009/4/24 Jason Reid <[email protected]>
>> >
>> >
>> >
>> > > You could get rid of that special character. I beleive that is a
>> > > space. You should never use spaces in your URL. THey are okay as GET
>> > > parameters but shouldn't really be apart of your URL.
>> >
>> > > Try making it so instead of a space you enter get-together (this is
>> > > the way most sites represent spaces; ie wordpress). Then in your
>> > > controller you can just replace the `-` out for a space.
>> >
>> > > On Apr 23, 7:56 am, eRnest <[email protected]> wrote:
>> > > > Hi,
>> >
>> > > > we are developing a fulltracks rest service using pylons, and we
>> need
>> > > > to control the access to our service using digest authentication,
>> but
>> > > > we detect a problem with the urls containing some special character
>> > > > like %20. All the urls are validated correctly with digest but when
>> in
>> > > > the uri appears some special character, the authentication fails
>> every
>> > > > time. These are the headers for the two tests we made:
>> >
>> > > > 1) Headers without any special character
>> (uri="/artists/Madonna/albums/
>> > > > Jump"):
>> >
>> > > >http://devel.dis.ct:5000/artists/Madonna/albums/Jump
>> >
>> > > > GET /artists/Madonna/albums/Jump HTTP/1.1
>> > > > Host: devel.dis.ct:5000
>> > > > User-Agent: Mozilla/5.0 (X11; U; Linux i686; ca; rv:1.9.0.9) Gecko/
>> > > > 2009042115 Fedora/3.0.9-1.fc10 Firefox/3.0.9
>> > > > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
>> > > > *;q=0.8
>> > > > Accept-Language: ca,en-us;q=0.7,en;q=0.3
>> > > > Accept-Encoding: gzip,deflate
>> > > > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> > > > Keep-Alive: 300
>> > > > Connection: keep-alive
>> > > > Referer:http://devel.dis.ct:5000/artists/madonna/albums
>> >
>> > > > HTTP/1.x 401 Unauthorized
>> > > > Server: PasteWSGIServer/0.5 Python/2.5.2
>> > > > Date: Thu, 23 Apr 2009 11:43:35 GMT
>> > > > WWW-Authenticate: Digest nonce="81fd8fe59d3093f5cd6754c216b6a691",
>> > > > opaque="24f8a3f3ffeb65f607f526ce049ff613", realm="fulltracksrest",
>> > > > qop="auth"
>> > > > Content-Type: text/html
>> > > > Connection: close
>> > > > ----------------------------------------------------------
>> > >http://devel.dis.ct:5000/artists/Madonna/albums/Jump
>> >
>> > > > GET /artists/Madonna/albums/Jump HTTP/1.1
>> > > > Host: devel.dis.ct:5000
>> > > > User-Agent: Mozilla/5.0 (X11; U; Linux i686; ca; rv:1.9.0.9) Gecko/
>> > > > 2009042115 Fedora/3.0.9-1.fc10 Firefox/3.0.9
>> > > > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
>> > > > *;q=0.8
>> > > > Accept-Language: ca,en-us;q=0.7,en;q=0.3
>> > > > Accept-Encoding: gzip,deflate
>> > > > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> > > > Keep-Alive: 300
>> > > > Connection: keep-alive
>> > > > Referer:http://devel.dis.ct:5000/artists/madonna/albums
>> > > > Authorization: Digest username="fulltracksrest",
>> > > > realm="fulltracksrest", nonce="81fd8fe59d3093f5cd6754c216b6a691",
>> > > > uri="/artists/Madonna/albums/Jump",
>> > > > response="3ede27e69cdef6f151df34092812577d",
>> > > > opaque="24f8a3f3ffeb65f607f526ce049ff613", qop=auth, nc=00000001,
>> > > > cnonce="25688454bbdc2b73"
>> >
>> > > > HTTP/1.x 200 OK
>> > > > Server: PasteWSGIServer/0.5 Python/2.5.2
>> > > > Date: Thu, 23 Apr 2009 11:43:37 GMT
>> > > > Content-Type: text/html; charset=utf-8
>> > > > Pragma: no-cache
>> > > > Cache-Control: no-cache
>> > > > Content-Length: 696
>> >
>> > > > 1) Headers without some special character (uri="/artists/Madonna/
>> > > > albums/Get%20Together"):
>> >
>> > > >http://devel.dis.ct:5000/artists/Madonna/albums/Get%20Together
>> >
>> > > > GET /artists/Madonna/albums/Get%20Together HTTP/1.1
>> > > > Host: devel.dis.ct:5000
>> > > > User-Agent: Mozilla/5.0 (X11; U; Linux i686; ca; rv:1.9.0.9) Gecko/
>> > > > 2009042115 Fedora/3.0.9-1.fc10 Firefox/3.0.9
>> > > > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
>> > > > *;q=0.8
>> > > > Accept-Language: ca,en-us;q=0.7,en;q=0.3
>> > > > Accept-Encoding: gzip,deflate
>> > > > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> > > > Keep-Alive: 300
>> > > > Connection: keep-alive
>> > > > Referer:http://devel.dis.ct:5000/artists/madonna/albums
>> > > > Authorization: Digest username="fulltracksrest",
>> > > > realm="fulltracksrest", nonce="81fd8fe59d3093f5cd6754c216b6a691",
>> > > > uri="/artists/Madonna/albums/Get%20Together",
>> > > > response="66790e79267339ea7a350161424ee6a7",
>> > > > opaque="24f8a3f3ffeb65f607f526ce049ff613", qop=auth, nc=00000003,
>> > > > cnonce="bb1cae0aa112008b"
>> >
>> > > > HTTP/1.x 401 Unauthorized
>> > > > Server: PasteWSGIServer/0.5 Python/2.5.2
>> > > > Date: Thu, 23 Apr 2009 11:44:57 GMT
>> > > > WWW-Authenticate: Digest nonce="90cb88613731aeffb828f17bf9054220",
>> > > > opaque="bf6fa6be063aec25e7e49f70893786fd", realm="fulltracksrest",
>> > > > qop="auth"
>> > > > Content-Type: text/html
>> > > > Connection: close
>> >
>> > > > We try to change digest authentication to cookie authentication, the
>> > > > problem disapear and all urls were running fine. I think that maybe
>> > > > can be a authkit bug. Anybody can help me?
>> >
>> > > > Thanks for your help!
>> > > > Ernest
>> >>
>>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
