Re: [racket-users] Re: web-server http-digest-auth: nonce has \r\n
Okay. I just pushed something. I did a simple test and made sure the newlines aren't there. Can you check if it works for you in your specific scenario? Jay On Fri, May 8, 2015 at 6:31 AM, Tim Brown wrote: > Jay, > > I agree with Greg, too. For me, that involves abandoning my patch, and > a whole load of git admin the sum of which effort is greater than you > just doing it. So, please do and reject my pull request (if you can). > > Regards, > > Tim > > > On 08/05/15 11:20, Jay McCarthy wrote: >> >> I agree with Greg, that seems like the right thing. Tim, do you want >> to make a pull request or do you want me to just take care of it? >> >> Jay >> >> On Thu, May 7, 2015 at 2:59 PM, Greg Hendershott >> wrote: >>> >>> That sounds good. Although I haven't used it in awhile, I recall needing >>> to >>> slice that off more often than keeping it. >>> >>> On May 7, 2015 2:22 PM, "Tim Brown" wrote: I wonder if base64-encode should rather be patched with a #:last-newline? (Default #t) argument. Tim On 7 May 2015 17:37:18 BST, Tim Brown wrote: > > Folks, > > I've just tried to use web-server/http-digest-auth, and > it seems that make-digest-auth-header generates an invalid header > (or at least one that upsets Firefox). > > The definition of make-digest-auth-header(*) uses base64-encode > to generate the nonce. base64-encode is documented as: > >> the result always ends with a newline-bstr unless the input is >> empty. > > > So the result is generated as: > > (header > #"WWW-Authenticate" > #"Digest realm=\"Vyke!\", qop=\"auth\", >> >> nonce=\"MTQzMTAxNDc3NiBlNjFmMDY2NzgyYjcyNmFjMmIzY2RkNWQxOTU3NzIzNQ==\r\n\" > > > opaque=\"opaque\"") > > Notice the CRLF in nonce... which causes the header to be truncated > (and > therefore invalidated) by my browser. I don't know if it's actually > upsetting my call to response; but in any case it's a problem. > > I'm also not sure if there should also be a comma between the nonce and > opaque. > > I've put together a patch for your perusal. > "tim-brown-patch-1" raised for racket/web-server. > > Regards, > > Tim > > (*) in pkgs/web-server-lib/web-server/http/digest-auth.rkt l.11 -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. >>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Racket Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to racket-users+unsubscr...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >> >> >> >> > > -- > Tim Brown CEng MBCS > > City Computing Limited · www.cityc.co.uk > City House · Sutton Park Rd · Sutton · Surrey · SM1 2AE · GB > T:+44 20 8770 2110 · F:+44 20 8770 2130 > > City Computing Limited registered in London No:1767817. > Registered Office: City House, Sutton Park Road, Sutton, Surrey, SM1 2AE > VAT No: GB 918 4680 96 -- Jay McCarthy http://jeapostrophe.github.io "Wherefore, be not weary in well-doing, for ye are laying the foundation of a great work. And out of small things proceedeth that which is great." - D&C 64:33 -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [racket-users] Re: web-server http-digest-auth: nonce has \r\n
I agree with Greg, that seems like the right thing. Tim, do you want to make a pull request or do you want me to just take care of it? Jay On Thu, May 7, 2015 at 2:59 PM, Greg Hendershott wrote: > That sounds good. Although I haven't used it in awhile, I recall needing to > slice that off more often than keeping it. > > On May 7, 2015 2:22 PM, "Tim Brown" wrote: >> >> I wonder if base64-encode should rather be patched with a #:last-newline? >> (Default #t) argument. >> >> Tim >> >> On 7 May 2015 17:37:18 BST, Tim Brown wrote: >> >Folks, >> > >> >I've just tried to use web-server/http-digest-auth, and >> >it seems that make-digest-auth-header generates an invalid header >> >(or at least one that upsets Firefox). >> > >> >The definition of make-digest-auth-header(*) uses base64-encode >> >to generate the nonce. base64-encode is documented as: >> > >> >> the result always ends with a newline-bstr unless the input is >> >> empty. >> > >> >So the result is generated as: >> > >> >(header >> > #"WWW-Authenticate" >> > #"Digest realm=\"Vyke!\", qop=\"auth\", >> >> > >nonce=\"MTQzMTAxNDc3NiBlNjFmMDY2NzgyYjcyNmFjMmIzY2RkNWQxOTU3NzIzNQ==\r\n\" >> > >> >opaque=\"opaque\"") >> > >> >Notice the CRLF in nonce... which causes the header to be truncated >> >(and >> >therefore invalidated) by my browser. I don't know if it's actually >> >upsetting my call to response; but in any case it's a problem. >> > >> >I'm also not sure if there should also be a comma between the nonce and >> >opaque. >> > >> >I've put together a patch for your perusal. >> >"tim-brown-patch-1" raised for racket/web-server. >> > >> >Regards, >> > >> >Tim >> > >> >(*) in pkgs/web-server-lib/web-server/http/digest-auth.rkt l.11 >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Racket Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to racket-users+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Racket Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to racket-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Jay McCarthy http://jeapostrophe.github.io "Wherefore, be not weary in well-doing, for ye are laying the foundation of a great work. And out of small things proceedeth that which is great." - D&C 64:33 -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [racket-users] Re: web-server http-digest-auth: nonce has \r\n
Jay, Thank you. On 08/05/15 11:42, Jay McCarthy wrote: Okay. I just pushed something. I did a simple test and made sure the newlines aren't there. Can you check if it works for you in your specific scenario? That seems to do the trick for me. My web-server challenges my Firefox, which in turn challenges me. Please note that I haven't used any of the return values for authentication yet. Please could you advise me on the following (I'm still not au-fait with packages and the likes): * I have an existing racket install; with a .../share/pkgs/web-server directory * You made a change on github What *I* did on my installation was: - "git clone" into .../tmpish/web-server - mv .../pkgs/web-server .../pkgs/xx-web-server - ln -s .../tmpish/web-server .../pkgs I can easily unwind this situation (with an rm and mv)... but it seems clumsy. How should I have applied those changes (temporarily) to my install? Should I have used raco? Some fancy gittery? Regards, Tim -- Tim Brown CEng MBCS City Computing Limited · www.cityc.co.uk City House · Sutton Park Rd · Sutton · Surrey · SM1 2AE · GB T:+44 20 8770 2110 · F:+44 20 8770 2130 City Computing Limited registered in London No:1767817. Registered Office: City House, Sutton Park Road, Sutton, Surrey, SM1 2AE VAT No: GB 918 4680 96 -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [racket-users] Re: web-server http-digest-auth: nonce has \r\n
Jay, I agree with Greg, too. For me, that involves abandoning my patch, and a whole load of git admin the sum of which effort is greater than you just doing it. So, please do and reject my pull request (if you can). Regards, Tim On 08/05/15 11:20, Jay McCarthy wrote: I agree with Greg, that seems like the right thing. Tim, do you want to make a pull request or do you want me to just take care of it? Jay On Thu, May 7, 2015 at 2:59 PM, Greg Hendershott wrote: That sounds good. Although I haven't used it in awhile, I recall needing to slice that off more often than keeping it. On May 7, 2015 2:22 PM, "Tim Brown" wrote: I wonder if base64-encode should rather be patched with a #:last-newline? (Default #t) argument. Tim On 7 May 2015 17:37:18 BST, Tim Brown wrote: Folks, I've just tried to use web-server/http-digest-auth, and it seems that make-digest-auth-header generates an invalid header (or at least one that upsets Firefox). The definition of make-digest-auth-header(*) uses base64-encode to generate the nonce. base64-encode is documented as: the result always ends with a newline-bstr unless the input is empty. So the result is generated as: (header #"WWW-Authenticate" #"Digest realm=\"Vyke!\", qop=\"auth\", nonce=\"MTQzMTAxNDc3NiBlNjFmMDY2NzgyYjcyNmFjMmIzY2RkNWQxOTU3NzIzNQ==\r\n\" opaque=\"opaque\"") Notice the CRLF in nonce... which causes the header to be truncated (and therefore invalidated) by my browser. I don't know if it's actually upsetting my call to response; but in any case it's a problem. I'm also not sure if there should also be a comma between the nonce and opaque. I've put together a patch for your perusal. "tim-brown-patch-1" raised for racket/web-server. Regards, Tim (*) in pkgs/web-server-lib/web-server/http/digest-auth.rkt l.11 -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Tim Brown CEng MBCS City Computing Limited · www.cityc.co.uk City House · Sutton Park Rd · Sutton · Surrey · SM1 2AE · GB T:+44 20 8770 2110 · F:+44 20 8770 2130 City Computing Limited registered in London No:1767817. Registered Office: City House, Sutton Park Road, Sutton, Surrey, SM1 2AE VAT No: GB 918 4680 96 -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [racket-users] Re: web-server http-digest-auth: nonce has \r\n
That sounds good. Although I haven't used it in awhile, I recall needing to slice that off more often than keeping it. On May 7, 2015 2:22 PM, "Tim Brown" wrote: > I wonder if base64-encode should rather be patched with a #:last-newline? > (Default #t) argument. > > Tim > > On 7 May 2015 17:37:18 BST, Tim Brown wrote: > >Folks, > > > >I've just tried to use web-server/http-digest-auth, and > >it seems that make-digest-auth-header generates an invalid header > >(or at least one that upsets Firefox). > > > >The definition of make-digest-auth-header(*) uses base64-encode > >to generate the nonce. base64-encode is documented as: > > > >> the result always ends with a newline-bstr unless the input is > >> empty. > > > >So the result is generated as: > > > >(header > > #"WWW-Authenticate" > > #"Digest realm=\"Vyke!\", qop=\"auth\", > >nonce=\"MTQzMTAxNDc3NiBlNjFmMDY2NzgyYjcyNmFjMmIzY2RkNWQxOTU3NzIzNQ==\r\n\" > > > >opaque=\"opaque\"") > > > >Notice the CRLF in nonce... which causes the header to be truncated > >(and > >therefore invalidated) by my browser. I don't know if it's actually > >upsetting my call to response; but in any case it's a problem. > > > >I'm also not sure if there should also be a comma between the nonce and > >opaque. > > > >I've put together a patch for your perusal. > >"tim-brown-patch-1" raised for racket/web-server. > > > >Regards, > > > >Tim > > > >(*) in pkgs/web-server-lib/web-server/http/digest-auth.rkt l.11 > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > > -- > You received this message because you are subscribed to the Google Groups > "Racket Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to racket-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[racket-users] Re: web-server http-digest-auth: nonce has \r\n
I wonder if base64-encode should rather be patched with a #:last-newline? (Default #t) argument. Tim On 7 May 2015 17:37:18 BST, Tim Brown wrote: >Folks, > >I've just tried to use web-server/http-digest-auth, and >it seems that make-digest-auth-header generates an invalid header >(or at least one that upsets Firefox). > >The definition of make-digest-auth-header(*) uses base64-encode >to generate the nonce. base64-encode is documented as: > >> the result always ends with a newline-bstr unless the input is >> empty. > >So the result is generated as: > >(header > #"WWW-Authenticate" > #"Digest realm=\"Vyke!\", qop=\"auth\", >nonce=\"MTQzMTAxNDc3NiBlNjFmMDY2NzgyYjcyNmFjMmIzY2RkNWQxOTU3NzIzNQ==\r\n\" > >opaque=\"opaque\"") > >Notice the CRLF in nonce... which causes the header to be truncated >(and >therefore invalidated) by my browser. I don't know if it's actually >upsetting my call to response; but in any case it's a problem. > >I'm also not sure if there should also be a comma between the nonce and >opaque. > >I've put together a patch for your perusal. >"tim-brown-patch-1" raised for racket/web-server. > >Regards, > >Tim > >(*) in pkgs/web-server-lib/web-server/http/digest-auth.rkt l.11 -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
