From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: =?UTF-8?Q?Aleix_Conchillo_Flaqu=C3=A9?= Newsgroups: gmane.lisp.guile.devel Subject: Re: [PATCH] web: authorization header scheme should be capitalized Date: Thu, 23 Jun 2022 13:33:52 -0700 Message-ID: References: <20220623202759.3578506-1-aconchillo@gmail.com> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="000000000000dbc25705e2235f7a" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="7634"; mail-complaints-to="usenet@ciao.gmane.io" To: guile-devel Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Thu Jun 23 22:34:28 2022 Return-path: Envelope-to: guile-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1o4TX2-0001mh-7G for guile-devel@m.gmane-mx.org; Thu, 23 Jun 2022 22:34:28 +0200 Original-Received: from localhost ([::1]:55360 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o4TX1-0004lz-5P for guile-devel@m.gmane-mx.org; Thu, 23 Jun 2022 16:34:27 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:43478) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o4TWh-0004kN-6Q for guile-devel@gnu.org; Thu, 23 Jun 2022 16:34:07 -0400 Original-Received: from mail-pf1-x42e.google.com ([2607:f8b0:4864:20::42e]:40566) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o4TWf-0005KB-B4 for guile-devel@gnu.org; Thu, 23 Jun 2022 16:34:06 -0400 Original-Received: by mail-pf1-x42e.google.com with SMTP id c205so651424pfc.7 for ; Thu, 23 Jun 2022 13:34:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=8zGv154XOf3pFoU9rqDcub+0sI2B+ni73mPHLq1+lTE=; b=Jm66jQCVjmBFstcK6dF9qMQ0Kg9E/FsFMkBV8EafiW6FllOWjd2eoezVsqD3luZ0mu sjy3I7nm4trBWj9GzYJ+hQ0Za0g1du6UnHmoJ9qx2KwdEAGjulx8j36oeBtSkss2PNGh 6gosx9lNhUYi7JsqzUy5DNSI9a2ByORDKiDtTb40gfeNZHViNOMeBp0ydAWKOWQgt8EU pMrDzxar+A0Sj1Jp2viR8HwWJdAjnwRqvqcdRrhP6M/1+t0N95djQgdDBepkuLa0H6Jc FdrjLQBBRpCbz+m+K4xofiuudsLO4agyv0X1obnIqpdvMc+9Hd1RTMV9/THWkDwqvVgJ 0ScQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=8zGv154XOf3pFoU9rqDcub+0sI2B+ni73mPHLq1+lTE=; b=EebI0DJj5hD6w20Xb+adWyyYfmqAfnwfIfNbrd7b2+f+HhXdVKIJ+6Txqx/D8zlKV+ IYoWMdqOP04IoUlz3P0alSy/ei9WlbTUskj4OncOTW1OH3i2QX5GnfH5c+oXmMlE+fwA wDPHYHGfTpC6bYX5J7C08irAaGFQOicoyCnWSqZOrRwzGQNqWr6dMGyzhUi4YsYA2Haq TGx+m7ldZHoG8IvB3boqaE0B3nt9Rfbsoxf/Z0tsIUIUk5ElO6eJLAgZ3Bpm6/fx7Hby pLccNDArEM7FjXzDKgwr3PW8qrUOX9uNWKVXx+d/rVkY5+X5BWwABkjHhjPuMcX4MHAi QY0g== X-Gm-Message-State: AJIora+g2ySunjGChGXzSQpYHnZgzVaty1pwqMCbzI8QN2eAyWg/5IWC XfMO5e7ueXz1xcN+T8T981dR1iMSaTh5yFY/avcXrVFHURk= X-Google-Smtp-Source: AGRyM1teHebP599m+qzpIaqCtHWDUyCYKP2zXPVI/evsFf9fjbeps3IhQG+U4isknRb8Ssvy0L7VUbhfpNFQHmOltRU= X-Received: by 2002:a05:6a00:114e:b0:4c8:55f7:faad with SMTP id b14-20020a056a00114e00b004c855f7faadmr42768755pfm.86.1656016443521; Thu, 23 Jun 2022 13:34:03 -0700 (PDT) In-Reply-To: <20220623202759.3578506-1-aconchillo@gmail.com> Received-SPF: pass client-ip=2607:f8b0:4864:20::42e; envelope-from=aconchillo@gmail.com; helo=mail-pf1-x42e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Original-Sender: "guile-devel" Xref: news.gmane.io gmane.lisp.guile.devel:21227 Archived-At: --000000000000dbc25705e2235f7a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sorry, forgot to fix tests in my original email. This is actually an important bug fix since some servers won't accept lowercase Authorization header schemes and there's no way around this in Guile, AFAIK. Here are a few RFC where they explicitly mention capitalized strings: "Basic" scheme: https://datatracker.ietf.org/doc/html/rfc7617#section-2 "Bearer" scheme: https://datatracker.ietf.org/doc/html/rfc6750#section-2.1 Aleix On Thu, Jun 23, 2022 at 1:28 PM Aleix Conchillo Flaqu=C3=A9 wrote: > * module/web/http.scm (write-credentials): capitalize authorization > header scheme. See, for example, > https://datatracker.ietf.org/doc/html/rfc7617#section-2 > --- > module/web/http.scm | 4 ++-- > test-suite/tests/web-http.test | 7 ++++--- > 2 files changed, 6 insertions(+), 5 deletions(-) > > diff --git a/module/web/http.scm b/module/web/http.scm > index 4276e1744..312c28934 100644 > --- a/module/web/http.scm > +++ b/module/web/http.scm > @@ -965,10 +965,10 @@ as an ordered alist." > (define (write-credentials val port) > (match val > (('basic . cred) > - (put-string port "basic ") > + (put-string port "Basic ") > (put-string port cred)) > ((scheme . params) > - (put-symbol port scheme) > + (put-string port (string-titlecase (symbol->string scheme))) > (put-char port #\space) > (write-key-value-list params port)))) > > diff --git a/test-suite/tests/web-http.test > b/test-suite/tests/web-http.test > index 63377349c..df25030de 100644 > --- a/test-suite/tests/web-http.test > +++ b/test-suite/tests/web-http.test > @@ -336,9 +336,10 @@ > (pass-if-parse authorization "Digest foooo" '(digest foooo)) > (pass-if-parse authorization "Digest foo=3Dbar,baz=3Dqux" > '(digest (foo . "bar") (baz . "qux"))) > - (pass-if-round-trip "Authorization: basic foooo\r\n") > - (pass-if-round-trip "Authorization: digest foooo\r\n") > - (pass-if-round-trip "Authorization: digest foo=3Dbar, baz=3Dqux\r\n") > + (pass-if-round-trip "Authorization: Basic foooo\r\n") > + (pass-if-round-trip "Authorization: Bearer token\r\n") > + (pass-if-round-trip "Authorization: Digest foooo\r\n") > + (pass-if-round-trip "Authorization: Digest foo=3Dbar, baz=3Dqux\r\n") > (pass-if-parse expect "100-continue, foo" '((100-continue) (foo))) > (pass-if-parse from "foo@bar" "foo@bar") > (pass-if-parse host "qux" '("qux" . #f)) > -- > 2.34.1 > > --000000000000dbc25705e2235f7a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Sorry, forgot to fix tests in my original email.
<= div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif= ">
This is actually an important bug fix since some servers won= 't accept lowercase Authorization header schemes and there's no way= around this in Guile, AFAIK.

Here are a few RFC where= they explicitly mention capitalized=C2=A0strings:


Aleix

On Thu, Jun 23, 2022 at 1= :28 PM Aleix Conchillo Flaqu=C3=A9 <aconchillo@gmail.com> wrote:
* module/web/http.scm (write-credentials): capitali= ze authorization
header scheme. See, for example,
https://datatracker.ietf.org/doc/html/rfc7617= #section-2
---
=C2=A0module/web/http.scm=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | 4 ++--=
=C2=A0test-suite/tests/web-http.test | 7 ++++---
=C2=A02 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/module/web/http.scm b/module/web/http.scm
index 4276e1744..312c28934 100644
--- a/module/web/http.scm
+++ b/module/web/http.scm
@@ -965,10 +965,10 @@ as an ordered alist."
=C2=A0(define (write-credentials val port)
=C2=A0 =C2=A0(match val
=C2=A0 =C2=A0 =C2=A0(('basic . cred)
-=C2=A0 =C2=A0 =C2=A0(put-string port "basic ")
+=C2=A0 =C2=A0 =C2=A0(put-string port "Basic ")
=C2=A0 =C2=A0 =C2=A0 (put-string port cred))
=C2=A0 =C2=A0 =C2=A0((scheme . params)
-=C2=A0 =C2=A0 =C2=A0(put-symbol port scheme)
+=C2=A0 =C2=A0 =C2=A0(put-string port (string-titlecase (symbol->string = scheme)))
=C2=A0 =C2=A0 =C2=A0 (put-char port #\space)
=C2=A0 =C2=A0 =C2=A0 (write-key-value-list params port))))

diff --git a/test-suite/tests/web-http.test b/test-suite/tests/web-http.tes= t
index 63377349c..df25030de 100644
--- a/test-suite/tests/web-http.test
+++ b/test-suite/tests/web-http.test
@@ -336,9 +336,10 @@
=C2=A0 =C2=A0(pass-if-parse authorization "Digest foooo" '(di= gest foooo))
=C2=A0 =C2=A0(pass-if-parse authorization "Digest foo=3Dbar,baz=3Dqux&= quot;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 '(digest= (foo . "bar") (baz . "qux")))
-=C2=A0 (pass-if-round-trip "Authorization: basic foooo\r\n")
-=C2=A0 (pass-if-round-trip "Authorization: digest foooo\r\n") -=C2=A0 (pass-if-round-trip "Authorization: digest foo=3Dbar, baz=3Dqu= x\r\n")
+=C2=A0 (pass-if-round-trip "Authorization: Basic foooo\r\n")
+=C2=A0 (pass-if-round-trip "Authorization: Bearer token\r\n") +=C2=A0 (pass-if-round-trip "Authorization: Digest foooo\r\n") +=C2=A0 (pass-if-round-trip "Authorization: Digest foo=3Dbar, baz=3Dqu= x\r\n")
=C2=A0 =C2=A0(pass-if-parse expect "100-continue, foo" '((100= -continue) (foo)))
=C2=A0 =C2=A0(pass-if-parse from "foo@bar" "foo@bar") =C2=A0 =C2=A0(pass-if-parse host "qux" '("qux" . #f= ))
--
2.34.1

--000000000000dbc25705e2235f7a--