From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: =?UTF-8?q?Aleix=20Conchillo=20Flaqu=C3=A9?= <aconchillo@gmail.com>
Newsgroups: gmane.lisp.guile.devel
Subject: [PATCH] web: send capitalized authorization header scheme
Date: Fri, 24 Jun 2022 09:34:53 -0700
Message-ID: <20220624163453.29859-1-aconchillo@gmail.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="16592"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: =?UTF-8?q?Aleix=20Conchillo=20Flaqu=C3=A9?= <aconchillo@gmail.com>
To: guile-devel@gnu.org
Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Fri Jun 24 18:36:28 2022
Return-path: <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>
Envelope-to: guile-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>)
	id 1o4mIF-00045O-Kv
	for guile-devel@m.gmane-mx.org; Fri, 24 Jun 2022 18:36:27 +0200
Original-Received: from localhost ([::1]:60944 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>)
	id 1o4mIE-000123-5B
	for guile-devel@m.gmane-mx.org; Fri, 24 Jun 2022 12:36:26 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:55176)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <aconchillo@gmail.com>)
 id 1o4mGq-0007yd-UM
 for guile-devel@gnu.org; Fri, 24 Jun 2022 12:35:00 -0400
Original-Received: from mail-pg1-x52d.google.com ([2607:f8b0:4864:20::52d]:46914)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <aconchillo@gmail.com>)
 id 1o4mGp-0000jU-80
 for guile-devel@gnu.org; Fri, 24 Jun 2022 12:35:00 -0400
Original-Received: by mail-pg1-x52d.google.com with SMTP id l4so2855526pgh.13
 for <guile-devel@gnu.org>; Fri, 24 Jun 2022 09:34:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=9ukVDiHPZ3mHt+cv1aq3fFH2d0LjHAp+ETQ8IOfrEnA=;
 b=g3/yfrk7uhWEx32V6dkwZ89xdn0eKVS3TpLA+qZKf4PEwFk1ji1by/yLes0AwEZD5Y
 sM/ZswKgo5hBBRmFQU7tAJyPbMV4+tSM+8JOnTNwxMkKTr/0KGmxagJM/6CUWFL4G9Vk
 G7u1ioJW5UNE4Yfz57e1gfhbIueMYnooA5uuULmJZmXnbENHgfrHbcRE8Xf67CrJzyKr
 L12YlyhzUh26bigQjjSQGiN2BWEQbJC3rUXziZu10Ao2Yp41AU1X5tj8wmz5efuwfVya
 u3lkW0ZQNW/kYyU8tpnOUnSQljs29UhYIdk3Bdnp5Ep7lMMyj0mp4PvOxeNO6xIqHRuh
 otWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=9ukVDiHPZ3mHt+cv1aq3fFH2d0LjHAp+ETQ8IOfrEnA=;
 b=aSC/JY7qoXSoe9Pgpak3L/0H0imNWyMMudsUgEkmxJGab9DGA0cSTSO4f89/uIrGQH
 9jBWk0v98NI0RMwbfHQSvf5sP82GVrtR1gDyqbrIofAYwfkzHBheLIlPTzbe5OqCrccP
 RYwdKNvZwPfA7RTD6ij/vX/KuRmBMQcM7idcTYu06szEIEnQGWKlsw9yLTNy5J8bAdYx
 GTFhane/lB3aW0HQSiZc1PY59xgcVP/cSOADB8XiaL0mdTat0fGzck/J6pE09rwjjRRS
 ln6YfRRbtKkfLLi5RTcqKF5w9OPETEhd6LgQYyfGTw7NiY+79fb+bT8qjnVpQD8AWSUc
 5jDg==
X-Gm-Message-State: AJIora8xMf9HFld72ZNz2c9duCCjaxL4aVLbfSj0f2qsc4yVylTHzSSc
 hr7WTPNxJK1TSiYMIoiApOiYr4s1ARs=
X-Google-Smtp-Source: AGRyM1t2hfwdYBRoEclWOj/aIIMyzspMxYTg4E/Jxd2lP12Le87vvSfUwLQY4fa14YAbgBaevYhU9g==
X-Received: by 2002:a65:6d0b:0:b0:408:7ced:3ca1 with SMTP id
 bf11-20020a656d0b000000b004087ced3ca1mr12749299pgb.476.1656088497269; 
 Fri, 24 Jun 2022 09:34:57 -0700 (PDT)
Original-Received: from localhost (cpe-198-72-134-0.socal.res.rr.com. [198.72.134.0])
 by smtp.gmail.com with UTF8SMTPSA id
 x199-20020a627cd0000000b00525243d0dc6sm2015133pfc.15.2022.06.24.09.34.56
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 24 Jun 2022 09:34:56 -0700 (PDT)
X-Mailer: git-send-email 2.34.1
Received-SPF: pass client-ip=2607:f8b0:4864:20::52d;
 envelope-from=aconchillo@gmail.com; helo=mail-pg1-x52d.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guile-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Developers list for Guile,
 the GNU extensibility library" <guile-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guile-devel>,
 <mailto:guile-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guile-devel>
List-Post: <mailto:guile-devel@gnu.org>
List-Help: <mailto:guile-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guile-devel>,
 <mailto:guile-devel-request@gnu.org?subject=subscribe>
Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org
Original-Sender: "guile-devel" <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.lisp.guile.devel:21239
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.devel/21239>

* module/web/http.scm (write-credentials): capitalize authorization
header scheme. The standard allows the scheme to be case-insensitive,
however most libraries out there expect the scheme to be capitalized,
which is what it is actually used in RFC
docs (e.g. https://datatracker.ietf.org/doc/html/rfc7617#section-2). Some
libraries even reject lowercase scheme making Guile incompatible.
---
 module/web/http.scm            | 14 ++++++++++++--
 test-suite/tests/web-http.test | 11 ++++++++---
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/module/web/http.scm b/module/web/http.scm
index 4276e1744..6af790384 100644
--- a/module/web/http.scm
+++ b/module/web/http.scm
@@ -962,13 +962,23 @@ as an ordered alist."
     (((? symbol?) . (? key-value-list?)) #t)
     (_ #f)))
 
+;; While according to RFC 7617 Schemes are case-insensitive:
+;;
+;; 'Note that both scheme and parameter names are matched
+;; case-insensitive'
+;;
+;; some software (*) incorrectly assumes title case for scheme
+;; names, so use the more titlecase.
+;;
+;; (*): See, e.g.,
+;; https://community.spotify.com/t5/Spotify-for-Developers/API-Authorization-header-doesn-t-follow-HTTP-spec/m-p/5397381#M4917
 (define (write-credentials val port)
   (match val
     (('basic . cred)
-     (put-string port "basic ")
+     (put-string port "Basic ")
      (put-string port cred))
     ((scheme . params)
-     (put-symbol port scheme)
+     (put-string port (string-titlecase (symbol->string scheme)))
      (put-char port #\space)
      (write-key-value-list params port))))
 
diff --git a/test-suite/tests/web-http.test b/test-suite/tests/web-http.test
index 63377349c..5c6a954b9 100644
--- a/test-suite/tests/web-http.test
+++ b/test-suite/tests/web-http.test
@@ -336,9 +336,14 @@
   (pass-if-parse authorization "Digest foooo" '(digest foooo))
   (pass-if-parse authorization "Digest foo=bar,baz=qux"
                  '(digest (foo . "bar") (baz . "qux")))
-  (pass-if-round-trip "Authorization: basic foooo\r\n")
-  (pass-if-round-trip "Authorization: digest foooo\r\n")
-  (pass-if-round-trip "Authorization: digest foo=bar, baz=qux\r\n")
+  (pass-if-parse authorization "basic foooo" '(basic . "foooo"))
+  (pass-if-parse authorization "digest foooo" '(digest foooo))
+  (pass-if-parse authorization "digest foo=bar,baz=qux"
+                 '(digest (foo . "bar") (baz . "qux")))
+  (pass-if-round-trip "Authorization: Basic foooo\r\n")
+  (pass-if-round-trip "Authorization: Bearer token\r\n")
+  (pass-if-round-trip "Authorization: Digest foooo\r\n")
+  (pass-if-round-trip "Authorization: Digest foo=bar, baz=qux\r\n")
   (pass-if-parse expect "100-continue, foo" '((100-continue) (foo)))
   (pass-if-parse from "foo@bar" "foo@bar")
   (pass-if-parse host "qux" '("qux" . #f))
-- 
2.34.1