isahc icon indicating copy to clipboard operation
isahc copied to clipboard

Published 20 hours ago verified publisher icon sagebind

Digest auth doesn't work

Open syntheticsh opened this issue 4 years ago • 7 comments

Digest authentication doesn't work with default features;

to test I wrote simple example:

use isahc::{HttpClient, RequestBuilderExt};
use isahc::auth::{Authentication, Credentials};
use isahc::prelude::Request;

#[tokio::main]
async fn main() -> std::io::Result<()> {
    let request = Request::get("https://httpbin.org/digest-auth/test/log/pass")
        .authentication(Authentication::all())
        .credentials(Credentials::new("log", "pass"))
        .body(())
        .unwrap();

    let response = HttpClient::builder().build().unwrap().send_async(request).await;

    match response {
        Err(err) => println!("err {}", err.to_string()),
        Ok(response) => {
            if response.status() == isahc::http::status::StatusCode::UNAUTHORIZED {
                println!("unauthorized");
            } else {
                println!("{:?}", response.into_body().text_async().await);
            }
        }
    }

    Ok(())
}

If I run it I always get "unauthorized". However if I run it with default features disabled like so:

isahc = { version = "0.8.2", default-features = false }

it works and returns expected output. I haven't found any mention of this in docs. So it might be a bug.

os: Debian 10 buster rust: 1.39

syntheticsh avatar Dec 09 '19 09:12 syntheticsh

One of the default features is static-curl which builds a local libcurl instead of using the system one; I'm guessing that this is the difference for some reason. Maybe the local libcurl is configured incorrectly.

sagebind avatar Dec 09 '19 16:12 sagebind

Looks like digest auth is being disabled at compile time upstream: https://github.com/alexcrichton/curl-rust/blob/65d360ff46dc2bdede7bb396b382f76a4c3fdfcd/curl-sys/build.rs#L106. I'll work on a fix upstream for this. In the meantime, using the system-wide libcurl (by disabling the static-curl feature) is the correct workaround.

sagebind avatar Dec 09 '19 16:12 sagebind

Any updates on this?

valmirjunior0088 avatar May 30 '20 14:05 valmirjunior0088

No updates yet, sorry. :cry: A workaround is still to use a system libcurl with digest support by disabling the static-curl feature.

sagebind avatar May 30 '20 18:05 sagebind

I'm still not being able to do digest auth, even though it is working using the curl command.

My Cargo.toml has isahc = { version = "0.9.3", default-features = false, features = ["http2", "text-decoding"] }.

I still get 401 with the following snippet. Do you see anything out of place?

let request = Request::get("https://httpbin.org/digest-auth/test/username/password")
    .authentication(Authentication::all())
    .credentials(Credentials::new("username", "password"))
    .body(())?;

let response = HTTP_CLIENT.send_async(request).await?;

if let false = response.status().is_success() {
    return Err(Error::UnsuccessfulHttpRequest(response));
}

valmirjunior0088 avatar Jun 01 '20 15:06 valmirjunior0088

You might not have headers for the system curl installed, in which case the curl crate may use a static build anyway. You can check if this is the case by dumping the result of isahc::version() to see which libcurl is used.

sagebind avatar Jun 01 '20 15:06 sagebind

That did solve my problem. Thanks!

valmirjunior0088 avatar Jun 01 '20 16:06 valmirjunior0088