Error 500 on digest-auth with qop='auth-int' #307

Closed
felixpalta opened this Issue Oct 19, 2016 · 2 comments

Projects

None yet

1 participant

@felixpalta
Contributor

This is NOT a duplicate of #162

Steps to reproduce the problem:

  • run httpbin locally

gunicorn httpbin:app

  • Attempt to access digest authorization test, using qop='auth-int'

curl http://localhost:8000/digest-auth/auth-int/user/pass --digest -u user:pass -v

Result:

GET /digest-auth/auth-int/user/pass HTTP/1.1
User-Agent: curl/7.35.0
Host: localhost:8000
Accept: /

< HTTP/1.1 401 UNAUTHORIZED
< Server: gunicorn/19.6.0
< Date: Wed, 19 Oct 2016 12:05:41 GMT
< Connection: close
< Content-Type: text/html; charset=utf-8
< Content-Length: 0
< WWW-Authenticate: Digest nonce="b93e7a83b26a02875c89f2dda4a7169e", realm="me@kennethreitz.com", algorithm=MD5, opaque="b6d3c9f2db6b642bfd451c1ca32a5bcb", qop="auth-int"
< Set-Cookie: fake=fake_value
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
<

GET /digest-auth/auth-int/user/pass HTTP/1.1
Authorization: Digest username="user", realm="me@kennethreitz.com", nonce="b93e7a83b26a02875c89f2dda4a7169e", uri="/digest-auth/auth-int/user/pass", cnonce="Y2NlMjRhNDNjNjc0ODAwMzAwMGMxNGM5MDAwNTJjNTU=", nc=00000001, qop=auth-int, response="73d0d9ad422d57e72a2820d6d3f85c78", opaque="b6d3c9f2db6b642bfd451c1ca32a5bcb", algorithm="MD5"
User-Agent: curl/7.35.0
Host: localhost:8000
Accept: /

< HTTP/1.1 500 INTERNAL SERVER ERROR
< Server: gunicorn/19.6.0
< Date: Wed, 19 Oct 2016 12:05:41 GMT
< Connection: close
< Content-Type: text/html
< Content-Length: 291
<

<title>500 Internal Server Error</title>

Internal Server Error

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

Logs:

ERROR in app: Exception on /digest-auth/auth-int/user/pass [GET]
Traceback (most recent call last):
File "/home/felix/Public/repos/py/httpbin/env/local/lib/python2.7/site-packages/flask/app.py", line 1988, in wsgi_app
response = self.full_dispatch_request()
File "/home/felix/Public/repos/py/httpbin/env/local/lib/python2.7/site-packages/flask/app.py", line 1641, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/home/felix/Public/repos/py/httpbin/env/local/lib/python2.7/site-packages/flask/app.py", line 1544, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/home/felix/Public/repos/py/httpbin/env/local/lib/python2.7/site-packages/flask/app.py", line 1639, in full_dispatch_request
rv = self.dispatch_request()
File "/home/felix/Public/repos/py/httpbin/env/local/lib/python2.7/site-packages/flask/app.py", line 1625, in dispatch_request
return self.view_functionsrule.endpoint
File "/home/felix/Public/repos/py/httpbin/httpbin/core.py", line 416, in digest_auth_md5
return digest_auth(qop, user, passwd, "MD5")
File "/home/felix/Public/repos/py/httpbin/httpbin/core.py", line 426, in digest_auth
not check_digest_auth(user, passwd) or
File "/home/felix/Public/repos/py/httpbin/httpbin/helpers.py", line 354, in check_digest_auth
method=request.method))
File "/home/felix/Public/repos/py/httpbin/httpbin/helpers.py", line 322, in response
HA2_value = HA2(credentails, request, algorithm)
File "/home/felix/Public/repos/py/httpbin/httpbin/helpers.py", line 297, in HA2
H(request['body'])), algorithm)
TypeError: H() takes exactly 2 arguments (1 given)

Source of the problem:
It is a simple typo in HA2() function definition, when passing parameters to H() function.

NOTE: For some reason it is NOT reproducible with httpbin.org, only with local instance of httpbin.

@felixpalta
Contributor

Created a PR: #308

@felixpalta felixpalta added a commit to felixpalta/httpbin that referenced this issue Oct 19, 2016
@felixpalta felixpalta Pass algorithm parameter to H()
This fixes error 500 on digest-auth test with qop='auth-int' (#307)
cc2fc5e
@felixpalta
Contributor

Closed due to successful merge of PR #308

@felixpalta felixpalta closed this Jan 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment