Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: process headers correctly in Digest Auth and other updates #4494

Merged
merged 5 commits into from
Oct 30, 2024
Merged

fix: process headers correctly in Digest Auth and other updates #4494

merged 5 commits into from
Oct 30, 2024

Conversation

jamesgeorge007
Copy link
Member

@jamesgeorge007 jamesgeorge007 commented Oct 30, 2024
edited
Loading

What's changed

This PR includes a couple of updates to how the resultant headers were computed for Digest Authorization, ensuring the request is transmitted in the expected format:

  • Only include the path and query parameters in the URI.
  • Account for the opted algorithm (additional implementation for MD5-sess) while hashing username, realm and password.
  • Include an entity (request) body hash when qop is set to auth-init. For content types like multipart/form-data where the request body is not a string, it falls back to an empty string while hashing for now.

Additionally, it includes the following changes:

  • Account for the www-authenticate header received from the server in the initial response in a case-insensitive manner. Previously, if the server responded with the WWW-Authenticate header, the initial response would be marked with an unexpected response since www-authenticate was referred to straightaway.
  • Removes the Disable Retrying Requests for the time being until a mechanism is in place to handle failed requests gracefully in such a case. CLI will still support this.
  • The CLI behaviour has been updated so that any failures reported in the pre/post scripts and request execution will result in a non-zero exit code. Previously, this behaviour was exclusive to failed test assertions.
  • CLI test suite updates.

Notes to reviewers

Ensure the request succeeds every time. Also, export the collection and run it via the CLI. Specify disableRetry: true in the exported collection under auth for the request and observe the request failing with a suitable message.

@jamesgeorge007
fix: process headers correctly in Digest Auth
a16f343
@jamesgeorge007
chore: ensure CLI fails with non-zero exit code when appropriate
8206482 
Ensure failures reported in pre/post request scripts and request execution results in the CLI failing with a non-zero exit code.
@jamesgeorge007
chore: remove the ability to disable retrying requests
c9dbd64 
To be brought back when a mechanism to handle errors gracefully in such a case is in place.
@jamesgeorge007 jamesgeorge007 merged commit 8ac9345 into next Oct 30, 2024
1 check passed
@jamesgeorge007 jamesgeorge007 deleted the fix/digest-auth branch October 30, 2024 11:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CuriousCorrelation CuriousCorrelation CuriousCorrelation approved these changes

@anwarulislam anwarulislam Awaiting requested review from anwarulislam

@nivedin nivedin Awaiting requested review from nivedin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jamesgeorge007 @CuriousCorrelation