#8558 closed defect (fixed)
Authentication Failure returns invalid HTTP Response (content-length incorrect)
Reported by: | Owned by: | Jun Omae | |
---|---|---|---|
Priority: | normal | Component: | HttpAuthPlugin |
Severity: | normal | Keywords: | XmlRpc authentication content-length |
Cc: | Olemis Lang | Trac Release: | 0.12 |
Description (last modified by )
I have install XmlRpcPlugin and HttpAuthPlugin, I am not sure, where exactly is the error. when I connect by my .NET client to the XmlRpc, I get this exception from request.GetResponse() (.NET method)
I debugged it by fiddler HTTP debugger and I have found, that trac send wrong Content-Length (23bytes). It sends text "Authentication required" which is exactly 23bytes. But there is small HTML block appended, which cause, that content length is wrong. I can reproduce it with python 2.5 and python 2.7 as well. I have attached the output of fiddler, please see bellow. I find interesting, that the request is made via HTTP 1.1, but in repsonse HTTP 0.9 is mentioned.
POST http://10.250.10.55/mew/login/xmlrpc HTTP/1.1 Content-Type: text/xml User-Agent: XML-RPC.NET Host: 10.250.10.55 Cookie: trac_session=2a1a01b9d7d8bcb3db9afc27 Content-Length: 229 <?xml version="1.0"?> <methodCall> <methodName>system.methodHelp</methodName> <params> <param> <value> <string>ticket.getRecentChanges</string> </value> </param> </params> </methodCall>
HTTP/1.1 401 Unauthorized Server: tracd/0.12.2 Python/2.7 Date: Wed, 02 Mar 2011 14:07:38 GMT WWW-Authenticate: Basic realm="Control Panel" Content-Type: text/plain Pragma: no-cache Cache-control: no-cache Expires: Fri, 01 Jan 1999 00:00:00 GMT Content-Length: 23 Authentication required<head> <title>Error response</title> </head> <body> <h1>Error response</h1> <p>Error code 400. <p>Message: Bad HTTP/0.9 request type ('<?xml'). <p>Error code explanation: 400 = Bad request syntax or unsupported method. </body>
Attachments (1)
Change History (14)
comment:1 Changed 14 years ago by
Component: | XmlRpcPlugin → HttpAuthPlugin |
---|---|
Description: | modified (diff) |
Owner: | changed from osimons to Noah Kantrowitz |
comment:2 Changed 13 years ago by
I am also seeing this behavior, however I will add that if you keep retrying, it does eventually spit out the right response, but only every very rarely.
I am using a similar setup, i am running trac 0.13dev-r10668 (this was not intentional, I installed from trunk and didn't realise I would end up with 0.13 oops), tracxmlrpc 1.1.2-r9970, trachttpauth 1.1, tracaccountmanager 0.3dev-r9929.
Any suggestions would be greatly appreciated
comment:3 Changed 13 years ago by
OK I think I just fixed it for myself :)
I changed this section (starting line 57) from
if req.method != 'HEAD': req.write(auth_req_msg)
to (added a line)
if req.method != 'HEAD': req.write(auth_req_msg) req.end_response()
This seems to have fixed my issue, hope it helps someone else.
comment:4 Changed 13 years ago by
Ignore my last post, didn't get any time to check it. end_response isn't even a method ;)
Python is new to me ;)
So I have checked through the API, and the wierd thing is what coderanger has put in seems to be correct, the process_request method sends the valid response then raises the RequestDone exception which is a notification that the request has been sent and to stop processing.
However Trac seems to be still processing after the exception is raised.
However this is just a "side effect" ultimately if you want to authenticate with XML-RPC.NET you will need to manually add the header yourself, you will even note in your issue that the Request header doesn't include the Authorization header, hence HTTPAuth is trying to tell you that it is invalid.
So do this when you setup your proxy
Trac.Headers("Authorization") = "Basic " & Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(Username & ":" & Password))
Where "Trac" is the "proxy" you have created using the XmlRpcProxyGen.Create method and "Username" and "Password" are variables holding the credentials.
This should work for you, but this ticket is still valid on the grounds that if you have a "invalid" login you will receive a malformed HTTP Response. (ie. content-length not being correct)
comment:5 Changed 13 years ago by
Summary: | The server committed a protocol violation. Section=ResponseStatusLine → Authentication Failure returns invalid HTTP Response (content-length incorrect) |
---|
comment:6 follow-up: 7 Changed 12 years ago by
Note that you'll get a similar issue when you try the xmlrpclib
client example snippet:
>>> from xmlrpclib import ServerProxy >>> p = ServerProxy("http://user:pass@localhost:port/trac/login/rpc") >>> p.system.getAPIVersion() Traceback (most recent call last): ... xmlrpclib.ProtocolError: <ProtocolError for user:pass@localhost:port/trac/login/rpc: 401 Unauthorized>
And the Trac log shows:
127.0.0.1 - - [26/May/2012 10:37:35] "POST /cblaptop-trac/login/rpc HTTP/1.1" 401 - 127.0.0.1 - - [26/May/2012 10:37:35] code 400, message Bad HTTP/0.9 request type ('<?xml') 127.0.0.1 - - [26/May/2012 10:37:35] "<?xml version='1.0'?>" 400 -
This will happen if you use Digest authentication on the Trac side (with tracd
), as xmlrpclib
only supports Basic authentication.
Likewise, when using curl
for testing, don't forget to add the --digest
flag.
I haven't investigated yet if this is really a problem in Trac (more specifically tracd and the way it handles digest auth with clients which don't support it). To find out, it would be interesting to know how this behaves with the same clients but another web front-end like Apache and mod_auth_digest
.
Changed 12 years ago by
Attachment: | t8558-close-conn-trac-0.12-r11474.diff added |
---|
[PATCH] Adding Connection: close
when sending errors for Trac 0.12-stable
comment:7 Changed 12 years ago by
And the Trac log shows: ...
127.0.0.1 - - [26/May/2012 10:37:35] code 400, message Bad HTTP/0.9 request type ('<?xml')
...
I've gotten the same problem during development of fulmo.
I think that is the Trac issue. That happens if the client send POST request to tracd
with authentication using HTTP/1.1
. Because tracd
does not read the body of POST request from the client, or close the connection, before it sends 401 Authentication Required
. Therefore, it wrongly reads the body as the next request.
Here is the proposal patch, t8558-close-conn-trac-0.12-r11474.diff, for Trac 0.12-stable. It works well for me.
comment:8 Changed 12 years ago by
Jun: I don't think this plugin is being maintainer, so if you'd like commit access to push your change, just let me know.
comment:9 follow-up: 10 Changed 12 years ago by
Sorry, the patch in comment:6 is for similar issue of Trac core. I'll create a new ticket on t.e.o later.
Also, I reproduced the original issue on Trac 0.12-stable, acct_mgr 0.3.2 and httpauthplugin latest. I created the following patch to solve and confirmed the fix.
Ryan: I would like to push it. Could you please grant the commit right?
-
httpauth/filter.py
52 52 req.send_header('Cache-control', 'no-cache') 53 53 req.send_header('Expires', 'Fri, 01 Jan 1999 00:00:00 GMT') 54 54 req.send_header('Content-Length', str(len(auth_req_msg))) 55 if req.get_header('Content-Length'): 56 req.send_header('Connection', 'close') 55 57 req.end_headers() 56 58 57 59 if req.method != 'HEAD':
comment:10 follow-up: 12 Changed 12 years ago by
Owner: | changed from Noah Kantrowitz to Jun Omae |
---|
Replying to jun66j5:
[...] Ryan: I would like to push it. Could you please grant the commit right?
You should be all set now.
comment:11 Changed 12 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:12 Changed 12 years ago by
Replying to rjollos:
Ryan: I would like to push it. Could you please grant the commit right?
You should be all set now.
Thanks, Ryan! I just applied the patch.
comment:13 Changed 11 years ago by
Keywords: | authentication added; Authentication removed |
---|
Normalizing tag names.
XmlRpcPlugin is not involved in authentication at all, so moving it to that other plugin.
Hint: Use
{{{ .... }}}
blocks when pasting pre-formatted text.