ruslansk / mongoose

Automatically exported from code.google.com/p/mongoose
MIT License
0 stars 0 forks source link

Mongoose 3.1 PUT and POST don't get passed to callback when authentication is enabled #358

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

1. Modify examples/hello.c callback() to print the event codes it receives so 
you know each time it's called.
2. Add "authentication_domain", "localhost" to the const char *options[] list 
in examples/hello.c main().
3. Run "./mongoose -A ./.htpasswd localhost admin pass" to create the .htpasswd 
file and run hello
4. Use a program such as RESTClient (http://code.google.com/p/rest-client/) to 
try http://localhost:8080/ using the standard methods, specifically GET, PUT 
and POST, filling in the Authentication tab to get it to provide the require 
authentication stuff.

What is the expected output? What do you see instead?

If you don't turn on auth, the callback is called for GET, PUT and POST methods 
twice, with events 0 (MG_NEW_REQUEST) and 4 (MG_REQUEST_COMPLETED), as 
expected. If you turn on auth, GET still works, but it's only called once with 
event 4 for PUT and POST. You should get MG_NEW_REQUEST as well, like you do in 
mongoose 3.0.

What version of the product are you using? On what operating system?

3.1 on Linux (various, including Ubuntu & RedHat)

Please provide any additional information below.

I also tested DELETE and OPTIONS methods which both work the same as GET with 
auth enabled or not.

I also notice that with the TRACE method the callback only receives events 1 
and 2, I'm not sure if that is as intended. It's the same whether or not auth 
is enabled. TRACE and CONNECT (which I did not test) are part of the HTTP 1.1 
spec. 

It should also be noted that when it works with auth enabled, callback is 
called 3 times, with event 4 then 0 then 4. That's probably because the client 
sent the request first with no auth then responded to the auth required 
response from mongoose.

Also note that when authentication is on, if the user doesn't provide proper 
authentication information, which mongoose checks for you, mongoose will still 
call the callback with event 4. Should the developer choose to ignore the event 
code they can create code that will bypass authentication. In this case you'll 
know authentication failed because it looks like mongoose is setting the 
request_info->status_code value to something other than -1 (probably 401). Not 
sure if it was by design that callback is called even if authentication fails.

Original issue reported on code.google.com by sydd.so...@gmail.com on 5 Jun 2012 at 4:15

GoogleCodeExporter commented 9 years ago
Submitted 
https://github.com/valenok/mongoose/commit/b783813e54ebc340198f6402e8b80e5513b7f
1d8

Original comment by valenok on 22 Jan 2013 at 12:29