Digest authentification

[Elithrin]

Hello,

Sorry for my english. I have activate digest auth

ENABLE_AUTH = True # If enabled, add user credentials below USERS = { "admin": "password", }

But curl say "Unauthorized Access" with this command :

curl -u admin:password http://127.0.0.1:5000/servers/ -v --digest

How do i call the server ?

Thanks Regards

[Elithrin]

Here the detail

curl -u admin:password http://127.0.0.1:5000/servers/ -v

• Hostname was NOT found in DNS cache
• Trying 127.0.0.1...
• Connected to 127.0.0.1 (127.0.0.1) port 5000 (#0)
• Server auth using Basic with user 'admin'

  GET /servers/ HTTP/1.1 Authorization: Basic YWRtaW46cGFzc3dvcmQ= User-Agent: curl/7.35.0 Host: 127.0.0.1:5000 Accept: /

• HTTP 1.0, assume close after body < HTTP/1.0 401 UNAUTHORIZED < Content-Type: text/html; charset=utf-8 < Content-Length: 19 < WWW-Authenticate: Digest realm="Authentication Required",nonce="c4b0bd313976f2b6417ac40d81becb79",opaque="d037c49fb7263daa71a09c54a71aa9e2" < Set-Cookie: session=.eJyrVkosLcmIz8vPS05VsqpWUkhSslKKrArK9HX3yvatcq3yD0k2isryyvTLCqzwM3LL8nNxyvZ3ccuMCvfL9KvKtlWq1YEYkV-QWFiKMCPKxbHKz8jXwD88CqjO08jXKCgjMiS5IjLE0TSyKtQAzA53NY0K8QSaUQsADpIskw.CidR3A.LmZXrLjJmDacmJ9iSRScw81tkpw; HttpOnly; Path=/ < Server: Werkzeug/0.11.10 Python/2.7.6 < Date: Wed, 25 May 2016 15:10:20 GMT <
• Closing connection 0 Unauthorized Acces

[Elithrin]

The same with --digest

curl -u admin:password http://127.0.0.1:5000/servers/ -v --digest

• Hostname was NOT found in DNS cache
• Trying 127.0.0.1...
• Connected to 127.0.0.1 (127.0.0.1) port 5000 (#0)
• Server auth using Digest with user 'admin'

  GET /servers/ HTTP/1.1 User-Agent: curl/7.35.0 Host: 127.0.0.1:5000 Accept: /

• HTTP 1.0, assume close after body < HTTP/1.0 401 UNAUTHORIZED < Content-Type: text/html; charset=utf-8 < Content-Length: 19 < WWW-Authenticate: Digest realm="Authentication Required",nonce="505dc8a3e7cab821fcaffd9f98aee3d9",opaque="0022896c76e2ad847db1901883242c84" < Set-Cookie: session=.eJyrVkosLcmIz8vPS05VsqpWUkhSslLyC3E0jHL3NYkM8cvxM_LLiMxKr_QNj8qKDI_KjXLJyfUPyciICg-tinLJtlWq1YEYkV-QWFiKMMPXxbHSNyvd1C_X19gvN7QyMjzQxM8lJTsyy9XU18XVxN_Ft9LPxSvL3yUQaEYtAPxQLF0.CidSOw.l1SUPzm0jlXM1pVU5mrlgdtpd3Q; HttpOnly; Path=/ < Server: Werkzeug/0.11.10 Python/2.7.6 < Date: Wed, 25 May 2016 15:11:55 GMT <
• Closing connection 0
• Issue another request to this URL: 'http://127.0.0.1:5000/servers/'
• Hostname was found in DNS cache
• Trying 127.0.0.1...
• Connected to 127.0.0.1 (127.0.0.1) port 5000 (#1)
• Server auth using Digest with user 'admin'

  GET /servers/ HTTP/1.0 Authorization: Digest username="admin", realm="Authentication Required", nonce="505dc8a3e7cab821fcaffd9f98aee3d9", uri="/servers/", response="bbfa97118ae998aff8a4b85229fcdcc1", opaque="0022896c76e2ad847db1901883242c84" User-Agent: curl/7.35.0 Host: 127.0.0.1:5000 Accept: /

• HTTP 1.0, assume close after body < HTTP/1.0 401 UNAUTHORIZED < Content-Type: text/html; charset=utf-8 < Content-Length: 19
• Authentication problem. Ignoring this. < WWW-Authenticate: Digest realm="Authentication Required",nonce="b8bbd407028da2f9c204604458b4f215",opaque="13cd907d4eb664681fb4e6f0065ae167" < Set-Cookie: session=.eJxFzLEKwjAQANBfkZsdYsaCW1AU7kokJVwXqUFIr6ZVsMRS-u8WHBze-mZoxne89kMf7lDMsLlBASyx5WQVmpBRYsfunEqPExqrV4pcbOnIE7pqD8v2VwzP5jX-D3Qktekyaatqf9IkVpfmkFguD0qc0fCOffUhCeuxfAEBjCyv.CidSOw.RkztRtzFdZU7sA4rhl4LOkATILY; HttpOnly; Path=/ < Server: Werkzeug/0.11.10 Python/2.7.6 < Date: Wed, 25 May 2016 15:11:55 GMT <
• Closing connection 1 Unauthorized Access

[alfg]

Hi @Elithrin,

The murmur-rest project uses the Flask-HTTPAuth library, and the digest implementation uses Flask's sessions by default for the auth challenge data, so you need cookies.

Try: curl -u "user:pass" http://127.0.0.1:5000/servers/ -v --digest -c ./cookie and it should work.

Hope that helps! Feel free to re-open if doesn't work for you.

[Elithrin]

Thanks ! All is good !