Www-Authenticate header's token should be treated as case-insensitive

studio-b12 / gowebdav

A golang WebDAV client library and command line tool.

BSD 3-Clause "New" or "Revised" License

309 stars 89 forks source link

Www-Authenticate header's token should be treated as case-insensitive #32

Closed wade-tattersall closed 5 years ago

wade-tattersall commented 5 years ago

Hi,

I've run into trouble using this library with a server that returns a Www-Authenticate header of "BASIC" instead of "Basic". This is allowed as per https://tools.ietf.org/html/rfc2617, but the check on Lines 46 and 48 of requests.go does a case-sensitive check against 'Digest' or 'Basic'.

Can this be changed to a case-insensitive match like strings.Index(strings.ToLower(rs.Header.Get("Www-Authenticate")), "digest")?

Is there any workaround? I can't see any way to manually specify the authentication method.

Regards,

Wade

wade-tattersall commented 5 years ago

I did manage to workaround this by manually specifying the Authorization header on the client (though I basically had to copy-paste the auth method of the BasicAuth struct):

cl := gowebdav.NewClient(WEBDAV_PROTOCOL + host + WEBDAV_ROOT, "ignore", "ignore")
a := user + ":" + password
auth := "Basic " + base64.StdEncoding.EncodeToString([]byte(a))
cl.SetHeader("Authorization", auth)

MrVine commented 5 years ago

The RFC2617 you refer to is obsoleted by RFC7235, however I think this changes should be accepted. Also, please, specify the name of the server which you use when you face this issue.

wade-tattersall commented 4 years ago

Thanks. The server was our institution's instance of Blackboard Learn.