subject:"Re\: \[PATCH\] lfs\: add the 'Authorization' property to the Batch API response, if present"

Re: [PATCH] lfs: add the 'Authorization' property to the Batch API response, if present

2018-04-17 Thread Matt Harbison


> On Apr 17, 2018, at 7:40 AM, Yuya Nishihara  wrote:
> 
>> On Mon, 16 Apr 2018 08:22:13 -0400, Matt Harbison wrote:
>> 
 On Apr 16, 2018, at 7:58 AM, Yuya Nishihara  wrote:
 
 On Sun, 15 Apr 2018 19:41:32 -0400, Matt Harbison wrote:
 # HG changeset patch
 # User Matt Harbison 
 # Date 1523027627 14400
 #  Fri Apr 06 11:13:47 2018 -0400
 # Node ID 6d8c47590030244033d51c2d0b390d2ee6337dea
 # Parent  acd5a25c179269df689b8799aa7cbc52d5451251
 lfs: add the 'Authorization' property to the Batch API response, if present
 
 The client copies all of these properties under 'header' to the HTTP 
 Headers of
 the subsequent GET or PUT request that it performs.  That allows the Basic 
 HTTP
 authentication used to authorize the Batch API request to also authorize 
 the
 upload/download action.
>>> 
>>> I'm not pretty sure, but I think it's up to the client to resend an
>>> Authorization header depending on the realm provided by the server. Doesn't
>>> the server request authentication for batch requests?
>> 
>> It does request authentication for batch requests, but doesn’t for the 
>> transfer, which surprised me.  Somewhere I think I read that the 
>> authentication request is also tied to the URI, which would explain why the 
>> client isn’t resending on its own.
> 
> Queued, but can you investigate further why the server doesn't send 401
> response?

Will do.  There’s more to look at in this area in general, and the lfs spec in 
this area is a bit vague, at least to me.

>> I wireshark traced git-lfs to a couple of different servers, and this seemed 
>> to be what it was doing.  That gitbucket footnote shows it rolling its own 
>> authorization token that it expects on transfer, so I thought this was by 
>> design.
> 
> Sending new token might make some sense, but echoing back the original
> Authorization header seems a bit weird.
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Re: [PATCH] lfs: add the 'Authorization' property to the Batch API response, if present

2018-04-16 Thread Matt Harbison

> On Apr 16, 2018, at 7:58 AM, Yuya Nishihara  wrote:
> 
>> On Sun, 15 Apr 2018 19:41:32 -0400, Matt Harbison wrote:
>> # HG changeset patch
>> # User Matt Harbison 
>> # Date 1523027627 14400
>> #  Fri Apr 06 11:13:47 2018 -0400
>> # Node ID 6d8c47590030244033d51c2d0b390d2ee6337dea
>> # Parent  acd5a25c179269df689b8799aa7cbc52d5451251
>> lfs: add the 'Authorization' property to the Batch API response, if present
>> 
>> The client copies all of these properties under 'header' to the HTTP Headers 
>> of
>> the subsequent GET or PUT request that it performs.  That allows the Basic 
>> HTTP
>> authentication used to authorize the Batch API request to also authorize the
>> upload/download action.
> 
> I'm not pretty sure, but I think it's up to the client to resend an
> Authorization header depending on the realm provided by the server. Doesn't
> the server request authentication for batch requests?

It does request authentication for batch requests, but doesn’t for the 
transfer, which surprised me.  Somewhere I think I read that the authentication 
request is also tied to the URI, which would explain why the client isn’t 
resending on its own.

I wireshark traced git-lfs to a couple of different servers, and this seemed to 
be what it was doing.  That gitbucket footnote shows it rolling its own 
authorization token that it expects on transfer, so I thought this was by 
design.
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Re: [PATCH] lfs: add the 'Authorization' property to the Batch API response, if present

2018-04-16 Thread Yuya Nishihara

On Sun, 15 Apr 2018 19:41:32 -0400, Matt Harbison wrote:
> # HG changeset patch
> # User Matt Harbison 
> # Date 1523027627 14400
> #  Fri Apr 06 11:13:47 2018 -0400
> # Node ID 6d8c47590030244033d51c2d0b390d2ee6337dea
> # Parent  acd5a25c179269df689b8799aa7cbc52d5451251
> lfs: add the 'Authorization' property to the Batch API response, if present
> 
> The client copies all of these properties under 'header' to the HTTP Headers 
> of
> the subsequent GET or PUT request that it performs.  That allows the Basic 
> HTTP
> authentication used to authorize the Batch API request to also authorize the
> upload/download action.

I'm not pretty sure, but I think it's up to the client to resend an
Authorization header depending on the realm provided by the server. Doesn't
the server request authentication for batch requests?
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Re: [PATCH] lfs: add the 'Authorization' property to the Batch API response, if present

Re: [PATCH] lfs: add the 'Authorization' property to the Batch API response, if present

Re: [PATCH] lfs: add the 'Authorization' property to the Batch API response, if present

3 matches

Site Navigation

Mail list logo

Footer information