search

kolyvan / kybook

modern ebook reader for iOS
83 stars 10 forks source link

WebDAV: auth challenge not handled for GET requests #179

Open naquad opened 5 years ago

naquad commented 5 years ago

Hi.

I've set up a protected WebDAV directory on my server and the problem I experience is that PROPFIND query from KyBook 3 is responding to authorization challenge (HTTP 401) while GET queries don't contain credentials and don't handle authorization challenges.

I've tried several other WebDAV clients (cadaver CLI client and Moon+ Reader Pro Android reader) and they're working as expected.

PROPFIND is ok

PROPFIND /webdav/server.php/New%20Books/trading/algo HTTP/1.1
Host: XXXXXXXXXXXXX
Depth: 1
Connection: keep-alive
Accept: application/xml
User-Agent: yar/165 CFNetwork/978.0.7 Darwin/18.6.0
Accept-Language: ru
Accept-Encoding: gzip
Content-Length: 0

HTTP/1.1 401 Unauthorized
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 28 Jun 2019 08:29:13 GMT
Content-Type: application/xml; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
WWW-Authenticate: Basic realm="sabre/dav", charset="UTF-8"

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:sabredav-version>3.2.2</s:sabredav-version>
  <s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
  <s:message>No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured</s:message>
</d:error>

PROPFIND /webdav/server.php/New%20Books/trading/algo HTTP/1.1
Host: XXXXXXXXXXXXXX
Depth: 1
Content-Length: 0
Connection: keep-alive
Accept: application/xml
User-Agent: yar/165 CFNetwork/978.0.7 Darwin/18.6.0
Accept-Language: ru
Accept-Encoding: gzip
Authorization: Basic XXXXXXXXXXXXXXXXXX

HTTP/1.1 207 Multi-Status
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 28 Jun 2019 08:29:13 GMT
Content-Type: application/xml; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Sabre-Version: 3.2.2
Vary: Brief,Prefer
DAV: 1, 3, extended-mkcol, 2

< DAV response follows >

Example GET session:

GET /webdav/server.php/New%20Books/trading/algo/Quantitative%20Trading%20-%20how%20to%20build%20your%20own%20algorithmic%20trading%20business%20-%20Ernest%20P%20Chan%20(Wiley).pdf HTTP/1.0
Host: XXXXXXXXXXXXX
Connection: close
User-Agent: yar/165 CFNetwork/978.0.7 Darwin/18.6.0

HTTP/1.1 401 Unauthorized
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 28 Jun 2019 08:29:14 GMT
Content-Type: application/xml; charset=utf-8
Connection: close
WWW-Authenticate: Basic realm="sabre/dav", charset="UTF-8"

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:sabredav-version>3.2.2</s:sabredav-version>
  <s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
  <s:message>No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured</s:message>
</d:error>
naquad commented 5 years ago

Any luck with this one?

naquad commented 4 years ago

It is almost a year since this bug has been reported. Is there any luck in solving it?