Closed Bug 387890 Opened 17 years ago Closed 15 years ago

will not use digest auth if both Basic and Digest WWW-Authenticate: headers present

Categories

(Calendar :: Provider: ICS/WebDAV, defect)

x86
Windows XP
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 281851

People

(Reporter: josh, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Build Identifier: 0.7pre

Attempting to retrieve iCal feed from 3rd-party app (Creative Manager Pro).  Headers returned from unauthenticated request look like this:

HTTP/1.1 401 Unauthorized
Date: Thu, 12 Jul 2007 14:13:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
WWW-Authenticate: Basic realm="CreativeManager"
WWW-Authenticate: Digest realm="CreativeManager", nonce="B209BA3B5F4E94C61DAB9AAC8E20451D", algorithm="MD5", qop="auth", stale=FALSE
Cache-Control: no-cache
Content-Length: 0


In this scenario, iCal and many other apps will attempt to authenticate with Digest authentication.  This particular 3rd-party app relies on that behavior, and will fail (302 redirect to an error page) if Basic authentication is performed.

So in order to retrieve this ics feed, Sunbird needs to supply Digest auth credentials, which is not happening.

Reproducible: Always

Steps to Reproduce:
1. Subscribe to a remote calendar

2. Specify iCalendar (ICS) as cal type

3. Specify "http://cm.outreach.psu.edu/calendar/ical.aspx" as location.

4. Supply whatever name you wish for the calendar

5. When prompted for authentication, supply username "icaltest" and password "icaltest".
Actual Results:  
Error message.

Error number: ICS_FILE

Description: [Exception... "Component returned failure code: 0x804a0107 [calIICSService.parseICS]"  nsresult: "0x804a0107 (<unknown>)"  location: "JS frame :: file:///C:/Program%20Files/Mozilla%20Sunbird/js/calIcsParser.js :: ip_parseString :: line 60"  data: no]

On the back-end what happened is that the attempt at Basic auth was given a 302 redirect to a Web page containing an error message, and Sunbird is attempting to  parse the HTML error message as an iCal feed.

Expected Results:  
Would have liked it to try digest auth first, which matches the behavior of iCal and several other iCal-compatible apps.  This would have then triggered the 3rd-party app to return valid ICS data.
I'm not sure this is a valid server response. I believe only one Authentication scheme should be advertised? Also, if the server doesn't allow Basic authentication as you describe, then it shouldn't advertise it.

I think this is something that is either WONTFIX or should be handled in core networking code.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.