'Review Request: Allow empty username/password for Basic and Digest'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Review Request: Allow empty username/password for Basic and Digest
From:       "Michael Leupold" <lemma () confuego ! org>
Date:       2009-09-14 11:35:16
Message-ID: 20090914113516.10363.45009 () localhost
[Download RAW message or body]


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://reviewboard.kde.org/r/1601/
-----------------------------------------------------------

Review request for kdelibs and maelcum.


Summary
-------

According to RFC 2617, Basic authentication allows an empty username and an empty \
password. From what I can tell Digest does too (but I'm not 100% sure).

This patch removes checking username.isEmpty() and password.isEmpty() from \
KAbstractHttpAuthentication::generateResponseCommon(). Subsequently I added this \
check to the remaining auth classes I'm unsure about (NTLM and Challenge). If empty \
username/password are allowed for those as well (especially the latter makes sense), \
it should be removed from there as well (lines marked with TODO). If anyone knows how \
those protocols work, feel free to comment.

Bug 206851 isn't fully fixed by this patch as we still have some kind of situation if \
generateResponse() returns without setting m_headerFragment - however I currently \
don't have time to fix that.


This addresses bug 206851.
    https://bugs.kde.org/show_bug.cgi?id=206851


Diffs
-----

  /trunk/KDE/kdelibs/kioslave/http/httpauthentication.cpp 1023254 

Diff: http://reviewboard.kde.org/r/1601/diff


Testing
-------

Tested with an Apache server with basic authentication:
- user with username and password
- user with username but without password
- user without username but with password
- user without username and without password

Tested with an Apache server with digest authentication:
- user with username and password
- user with username but without password
- user without username but with password
- user without username and without password


Thanks,

Michael


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic