Error 500 on digest-auth with qop='auth-int' #307

felixpalta opened this Issue Oct 19, 2016 · 2 comments


None yet

1 participant


This is NOT a duplicate of #162

Steps to reproduce the problem:

  • run httpbin locally

gunicorn httpbin:app

  • Attempt to access digest authorization test, using qop='auth-int'

curl http://localhost:8000/digest-auth/auth-int/user/pass --digest -u user:pass -v


GET /digest-auth/auth-int/user/pass HTTP/1.1
User-Agent: curl/7.35.0
Host: localhost:8000
Accept: /

< Server: gunicorn/19.6.0
< Date: Wed, 19 Oct 2016 12:05:41 GMT
< Connection: close
< Content-Type: text/html; charset=utf-8
< Content-Length: 0
< WWW-Authenticate: Digest nonce="b93e7a83b26a02875c89f2dda4a7169e", realm="", algorithm=MD5, opaque="b6d3c9f2db6b642bfd451c1ca32a5bcb", qop="auth-int"
< Set-Cookie: fake=fake_value
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true

GET /digest-auth/auth-int/user/pass HTTP/1.1
Authorization: Digest username="user", realm="", nonce="b93e7a83b26a02875c89f2dda4a7169e", uri="/digest-auth/auth-int/user/pass", cnonce="Y2NlMjRhNDNjNjc0ODAwMzAwMGMxNGM5MDAwNTJjNTU=", nc=00000001, qop=auth-int, response="73d0d9ad422d57e72a2820d6d3f85c78", opaque="b6d3c9f2db6b642bfd451c1ca32a5bcb", algorithm="MD5"
User-Agent: curl/7.35.0
Host: localhost:8000
Accept: /

< Server: gunicorn/19.6.0
< Date: Wed, 19 Oct 2016 12:05:41 GMT
< Connection: close
< Content-Type: text/html
< Content-Length: 291

<title>500 Internal Server Error</title>

Internal Server Error

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.


ERROR in app: Exception on /digest-auth/auth-int/user/pass [GET]
Traceback (most recent call last):
File "/home/felix/Public/repos/py/httpbin/env/local/lib/python2.7/site-packages/flask/", line 1988, in wsgi_app
response = self.full_dispatch_request()
File "/home/felix/Public/repos/py/httpbin/env/local/lib/python2.7/site-packages/flask/", line 1641, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/home/felix/Public/repos/py/httpbin/env/local/lib/python2.7/site-packages/flask/", line 1544, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/home/felix/Public/repos/py/httpbin/env/local/lib/python2.7/site-packages/flask/", line 1639, in full_dispatch_request
rv = self.dispatch_request()
File "/home/felix/Public/repos/py/httpbin/env/local/lib/python2.7/site-packages/flask/", line 1625, in dispatch_request
return self.view_functionsrule.endpoint
File "/home/felix/Public/repos/py/httpbin/httpbin/", line 416, in digest_auth_md5
return digest_auth(qop, user, passwd, "MD5")
File "/home/felix/Public/repos/py/httpbin/httpbin/", line 426, in digest_auth
not check_digest_auth(user, passwd) or
File "/home/felix/Public/repos/py/httpbin/httpbin/", line 354, in check_digest_auth
File "/home/felix/Public/repos/py/httpbin/httpbin/", line 322, in response
HA2_value = HA2(credentails, request, algorithm)
File "/home/felix/Public/repos/py/httpbin/httpbin/", line 297, in HA2
H(request['body'])), algorithm)
TypeError: H() takes exactly 2 arguments (1 given)

Source of the problem:
It is a simple typo in HA2() function definition, when passing parameters to H() function.

NOTE: For some reason it is NOT reproducible with, only with local instance of httpbin.


Created a PR: #308

@felixpalta felixpalta added a commit to felixpalta/httpbin that referenced this issue Oct 19, 2016
@felixpalta felixpalta Pass algorithm parameter to H()
This fixes error 500 on digest-auth test with qop='auth-int' (#307)

Closed due to successful merge of PR #308

@felixpalta felixpalta closed this Jan 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment