Indy icon indicating copy to clipboard operation
Indy copied to clipboard
verified publisher icon IndySockets

Http client digest auth bug

Open WhiteWind opened this issue 8 years ago • 1 comments

I'm using Delphi 10.1.

When TIdHTTP makes request with Digest authentication, first response is 401 with nonce. TIdHTTP should make a second request with Digest response, but under some circumstances TIdDigestAuthentication is destroyed before the second request.

This bug does not happen when debugging step by step.

TIdCustomHTTP.CheckAndConnect:

 if not AResponse.KeepAlive then
    Disconnect;

TIdTCPConnection.Disconnect:

  if Connected then // <- Look here
    DisconnectNotifyPeer;

When debugging step by step, TCP socket is able to close before this moment, and DisconnectNotifyPeer is not called. When running normally, TCP socket is still connected at this point, and Indy tries to disconnect, thus destroying Request.Authentication object, which holds digest params:

TIdTCPConnection.DisconnectNotifyPeer:

  DoOnDisconnected();

DoOnDisconnected:

  if Assigned(Request.Authentication) and
    (Request.Authentication.CurrentStep = Request.Authentication.Steps) then
    Request.Authentication.Free;

Authentication.Steps is 1 and Authentication.CurrentStep is 1 at this point.

Maybe, TIdDigestAuthentication.GetSteps should return 2?

WhiteWind avatar Aug 18 '17 13:08 WhiteWind

I am having exactly the same problem. Any info when this issue will be fixed?

mlinc avatar Jan 18 '19 10:01 mlinc