Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing support for username-only authentication #123

Closed
paulmillar opened this issue Aug 10, 2022 · 2 comments
Closed

Missing support for username-only authentication #123

paulmillar opened this issue Aug 10, 2022 · 2 comments

Comments

@paulmillar
Copy link

From inspecting the code, it seems that both the webdav_login and webdav_password options must be set to a non-empty string before the client will attempt HTTP basic authentication in its WebDAV requests. If either option is missing or an empty string then the client will not use HTTP basic authentication.

(For me, this requirement wasn't particularly clear from the documentation.)

ownCloud and NextCloud are both open-source sync-and-share software. When deployed, they allow the users to create shares. Shares are somewhat similar to directories and contain files that may be accessed by external people (those who do not already have an account). Shares may be private (requiring a shared secret) or public (requiring no authentication). In addition to providing access to public shared via their respective Web-based GUI, the shares may be accessed via WebDAV. This is true for both ownCloud and NextCloud.

Both ownCloud and NextCloud use a common scheme for handling WebDAV access to shares; specifically, the WebDAV URL is constant (usually in the form https://cloud.example.org/public.oho/webdav). The share ID is passed as the username during HTTP basic authentication. For public shares (ones requiring no password) the HTTP basic authentication should contain an empty password.

It is currently not possible to access public shares, as it is currently not possible to trigger HTTP basic authentication with only a username (see above).

There is a work-around. The Client has a requests session object, which may be manipulated directly; e.g.,

from webdav3.client import Client

client = Client({'webdav_hostname': 'https://cloud.example.org/public.php/webdav'})
client.session.auth = (share_id, "")

Nevertheless, I think it would be a good idea if the client could trigger HTTP basic authentication with only the username.
@pataquets
Copy link

Duplicate of #111?

@paulmillar
Copy link
Author

Thanks @pataquets . I think you're right: this is a dup of #111. I'll close this issue in favour of that one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paulmillar @pataquets