Support for digest authentication

[dharanikumarp]

We are using sabre.io with MySQL as the backing database. In this configuration the sabre.io uses digest authentication and not the basic. When createAccount API is invoked, an error is thrown, but does not contain much details, except for an status code of 0 and no messages. On the apache side, the error & access logs indicated a 401.

Current API does work for digest authentication scheme?

Thanks,

[lambdabaa]

@dharanikumarp Currently no digest support. We have support for basic http auth as well as oauth here https://github.com/gaye/dav/blob/master/lib/transport.js. Would definitely accept patch to implement digest auth though!

[dharanikumarp]

Thanks for your quick response. However I did a following change in the sabre.io server as per the documentation (http://sabre.io/dav/authentication/ ) to allow basic authentication.

I created the following authBackend by following the https://groups.google.com/forum/#!topic/sabredav-discuss/N5E-LZ_sUfg

$authBackend = new Sabre\DAV\Auth\Backend\BasicCallBack(function($userName, $password) { return true; });

I am seeing a 500 error for the service discovery /.well-known/caldav and 207 for the propfind in the access_logs, however the createAccount() api comes with an error.

127.0.0.1 - admin [14/Dec/2015:13:05:45 -0500] "GET /.well-known/caldav HTTP/1.1" 500 296 127.0.0.1 - admin [14/Dec/2015:13:05:45 -0500] "PROPFIND /server.php/ HTTP/1.1" 207 458 127.0.0.1 - admin [14/Dec/2015:13:05:45 -0500] "PROPFIND /server.php/principals/admin/ HTTP/1.1" 207 1102 127.0.0.1 - admin [14/Dec/2015:13:05:45 -0500] "PROPFIND /server.php/calendars/admin/ HTTP/1.1" 207 5408 127.0.0.1 - admin [14/Dec/2015:13:05:45 -0500] "PROPFIND /server.php/calendars/admin/dharani/ HTTP/1.1" 207 1269 127.0.0.1 - admin [14/Dec/2015:13:05:45 -0500] "PROPFIND /server.php/calendars/admin/default/ HTTP/1.1" 207 2158 127.0.0.1 - admin [14/Dec/2015:13:05:45 -0500] "PROPFIND /server.php/calendars/admin/athlete1@mentorumfit.co/ HTTP/1.1" 207 2190 127.0.0.1 - admin [14/Dec/2015:13:05:45 -0500] "REPORT /server.php/calendars/admin/dharani/ HTTP/1.1" 207 170 127.0.0.1 - admin [14/Dec/2015:13:05:45 -0500] "REPORT /server.php/calendars/admin/default/ HTTP/1.1" 207 1292

Earlier I was seeing only 401, now I am seeing 207 status code for many propfind requests. But still the createAccount API fails. The credentials I am using are admin/admin (default one), however since my authentication returns true for all username/password, I believe the credentials do not matter. Here is the code snipped I use for contacting the caldav server.

var xhr = new dav.transport.Basic( new dav.Credentials({ username: 'admin', password: 'admin' }) );

              var params = {
                    server: 'http://localhost/server.php/',
                    xhr: xhr,
                    loadObjects: true,
                    accountType: 'caldav'
                };
                dav.createAccount(params).then(function(account){
                    console.log('Account retrieved from caldav' + JSON.stringify(account));
                }).catch(function(){
                    console.log('Account retrieval failed ' + arguments.length + ', arguments ' + JSON.stringify(arguments));
                });

Your suggestions would be off great help.

[lambdabaa]

@dharanikumarp Check out the integration test here https://github.com/gaye/dav/blob/master/test/integration/accounts_test.js#L20. It actually runs against a test sabredav instance with basic http auth.

[dharanikumarp]

@gaye

I changed the caldav server to davical. Now I am able to retrieve the account details using the library API "createAccount". However it works only for the admin credentials. For non-admin credentials, the API fails with the same error as earlier. I created a principal and calendar objects for a new user using the davical web admin interface, but the API fails to retrieve it, if we use non-admin credentials to retrieve the calendar object.

I enabled the debug flag in the dav library and found lot of [dav:parser] errors indicating some unknown tag is found in the response. Also in the apache error logs on the caldav server, the following messages are shown

DAViCal: LOG: request:Request is "PROPFIND" but client set content-type to "application/xml;charset=utf-8". Assuming they meant XML!

I feel the API name 'createAccount' is misleading, as per my understanding of the API, it authenticates with the caldav using the credentials and then retrieves the calendar & address book objects for that particular credential. I believe we are not creating a new account on the caldav server. Please correct me if I am wrong.

[dharanikumarp]

@gaye on further investigation, I figured out that if a principal on the caldav has associated calendar collections, then the createAccount() API fails without returning the account object. However if there are no calendar collections for an account, then account object is successfully created. Even for the admin credentials if there are calendars created through the davical admin interface, the createAccount() api fails.

[himselfv]

I have written a replacement for BasicTransport that supports both Basic and Digest auth, and also fixes Issue #103: https://github.com/himselfv/tasks-ig-dav/commit/4bce4dec1406dd7bbc1ffd8df45c234337d4cf83

But it's in pure JS so maybe someone with nodejs dialect experience will adapt it.

It uses this: https://github.com/himselfv/httpauth . This supports three modes:

• No auth/Digest only

• No auth/Digest by default, Basic if required (default)

• Basic by default, Digest if required

The Transport replacement runs in "Digest by default" mode. This means one 403 round trip to the server if any auth (Digest/Basic) is required. "Basic by default" may save that roundtrip for Basic auth - this can be set with transport.auth.authType = 'basic'.

[himselfv]

Made httpauth into node package and upgraded dav.Transport.Basic into a proper patch.