[PATCH] HTTP auth methods can't handle Latin-1 in headers

You're right, it looks like at least Camino (Mozilla) sends the authorization header as Latin-1 instead of UTF-8 even though the 401 clearly responds with a Content-Type of UTF-8.

I'm uploading a patch that allows both UTF-8 and ISO 8859-1 characters in the credentials, converting the ISO 8859-1 characters to UTF-8.

Can you check if the patch solves your problems?

I'll try this when I'm at home, thanks!

Works fine!

But what I meant was something like

controller.headers["Accept-Charset"] = 'UTF-8'

right before

controller.headers["WWW-Authenticate"] = ...

Patch attached...

sends accept-charset header before auth request is send

Does that actually make all browsers behave?

These are the Browsers I could test:

• Safari 3.0.3 - ok
• Firefox 2.0.0.7 - ok
• Internet Explorer 7.0.6000.16512 - ok
• Opera 9.10.8679 - ok

Safari and FF on MOX Tiger IE and Opera on Win Vista

• lynx 2.8.6rel.5_0 (macports) - ok

Here's an updated version of boof's patch that has a simple test, and it was generated with the right path.

Right, very nice. +1 for inclusion of Norbert's patch.

Shouldn't it use ActionController::Base.default_charset ?

Indeed, new patch is in the works.

How about this?

Looks good. +1

Sorry for the inconvience, but can anybody test this again. I can't reproduce success when sending the accept-charset header before this. :(

Opera still does, but IE, Safari and FF don't want to. I think I tried everything.

I tried Content-Type and Charset in headers and even send a complete html in the response body with given charset = UTF-8. Opera uses Latin-1 per default, too. Lynx uses my bash default charset I think.

I can't figure out how FF, IE and Safari guess the charset on 401/WWW-Authentication. Does anybody know?

boof, your last message is a bit confusing. Does the latest patch solve your problem?

After an svn update I didn't have any success with the solution B (send Accept-Charset before WWW-Authentication).

I guess that the first time I changed http_authentication.rb with solution A (convert String afterwards) I restarted the server by behaviour but the time I tried solution B I just didn't.

The only browser I still get to work with solution B is Opera. FF, IE and Safari just use their default Charset, imho...

assume_authentication_headers_are_latin1_when_not_utf8.diff works!

I'm sorry, but that's not how we use trac (: The ticket only gets closed as fixed when the patch is applied.

Ahh, sorry, my mistake!

I applied the patch to trunk but got a test failure:

  1) Failure:
test_authorization_with_non_ascii_characters(HttpBasicAuthenticationTest)
    [./test/controller/http_authentication_test.rb:45:in `test_authorization_with_non_ascii_characters'
     /usr/local/lib/ruby/gems/1.8/gems/mocha-0.5.5/lib/mocha/test_case_adapter.rb:19:in `__send__'
     /usr/local/lib/ruby/gems/1.8/gems/mocha-0.5.5/lib/mocha/test_case_adapter.rb:19:in `run']:
<false> is not true.

I can't seem to find the test_authorization_with_non_ascii_characters method in http_authentication_test.rb. I applied the patch locally, ran the tests and didn't get a test failure. Am I missing something here?

+1

It looks like the test I was looking for was in the first patch submitted. But the patch we're looking at is the most recent one by norbert right?

mikong, see boof's comments.

Please reopen when there is a verified patch with unit tests. The 'incomplete' and 'untested' resolutions are used to indicate the ticket's progress along this path.

Oops, I'm very sorry about that.