search

sahaya / rest-assured

Automatically exported from code.google.com/p/rest-assured
0 stars 0 forks source link

auth().basic() doesn't work with DELETE #386

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. given().auth().basic('foo', 'bar').delete('something')

What is the expected output? What do you see instead?
The Authorization header is not sent, while the same authorization works fine 
with POST and GET. To have authorization working with DELETE, I need to 
manually set a proper Authorization header.

What version of the product are you using? On what operating system?
rest-assured 2.4.0
OS X Yosemite
java version "1.8.0_05"

Please provide any additional information below.
When I enable logging with given().log().all().auth().basic(), the 
Authorization header is not logged even for the GET/POST requests (which may be 
another bug), but it seems to be sent, since those requests work (and they 
certainly fail without authorization, which I double checked with curl).

Original issue reported on code.google.com by jacek.ku...@gmail.com on 19 Feb 2015 at 8:55

GoogleCodeExporter commented 9 years ago 
Does it work with preemptive basic auth?

Original comment by johan.ha...@gmail.com on 16 Mar 2015 at 11:10

GoogleCodeExporter commented 9 years ago 
Yes, preemptive basic auth works fine. Shall we still consider this a bug then?

Original comment by jacek.ku...@gmail.com on 16 Mar 2015 at 3:10

GoogleCodeExporter commented 9 years ago 
Don't know. Need to read up upon this. Perhaps non-preemptive basic auth 
shouldn't work with delete or perhaps the challenge is not commenced by the 
server?

Original comment by johan.ha...@gmail.com on 16 Mar 2015 at 3:50

GoogleCodeExporter commented 9 years ago 
Looks like the server (which is the Bitbucket REST API) indeed doesn't send an 
authentication request - it immediately sends a 403 instead of a 401 with a 
WWW-Authenticate header.

Original comment by jacek.ku...@gmail.com on 16 Mar 2015 at 4:01

GoogleCodeExporter commented 9 years ago 
Ok so that seem explains why it doesn't work. I don't see any reason why basic 
auth shouldn't work with DELETE requests so I think that perhaps it's an 
invalid issue? What do you think?

Original comment by johan.ha...@gmail.com on 16 Mar 2015 at 4:14