Description
Describe the bug...
Steps to reproduce
- Setup HTTP Authentication running in Apache.
Enable KeepAlive in the Apache config.
- Make two consecutive requests. If the second one is a keep alive, then the Auth Type variable is not set, and thus authentication is skipped.
Example
Component selection
My account: AndrewRyan
Here's the patch I set up: the changes are to MoinMoin.auth.http
def http(request, **kw):
""" authenticate via http basic/digest/ntlm auth """
from MoinMoin.request import RequestTwisted, RequestCLI
user_obj = kw.get('user_obj')
u = None
# check if we are running Twisted
if isinstance(request, RequestTwisted):
username = request.twistd.getUser()
password = request.twistd.getPassword()
# when using Twisted http auth, we use username and password from
# the moin user profile, so both can be changed by user.
u = user.User(request, auth_username=username, password=password,
auth_method='http', auth_attribs=())
elif not isinstance(request, RequestCLI):
env = request.env
auth_type = env.get('AUTH_TYPE','')
# Moved username up here
username = env.get('REMOTE_USER','')
# Check if username is blank or not.
# I'm not sure what happens if REMOTE_USER is not set.
if auth_type in ['Basic', 'Digest', 'NTLM', 'Negotiate',] or username != '':
#username = env.get('REMOTE_USER','')
if auth_type in ('NTLM', 'Negotiate',):
# converting to standard case so the user can even enter wrong case
# (added since windows does not distinguish between e.g.
# "Mike" and "mike")
Details
MoinMoin Version |
? |
OS and Version |
|
Python Version |
|
Server Setup |
? |
Server Details |
? |
Language you are using the wiki in (set in the browser/UserPreferences) |
|
Workaround
Discussion
Sounds rather like an apache auth bug - did you report it there? You should add more details esp. about apache version used.
Plan
- Priority:
- Assigned to:
- Status: no moin bug, but apache bug (apache versions unknown)