December 10th, 2007

  • dbg

(no subject)

When trying to edit a post using atom with wsse auth, I get 401 error, while posting with the same auth works just fine.

Apparently the problem is with the following LJ code:
# let's authenticate.
# if wsse information is supplied, use it.
# if not, fall back to digest.
my $wsse = $r->header_in('X-WSSE');
my $nonce_dup;
my $u = $wsse ? auth_wsse($wsse, \$nonce_dup) : LJ::auth_digest($r);
return respond( $r, 401, "Authentication failed for this AtomAPI request.")
unless $u;

return respond( $r, 401, "Authentication failed for this AtomAPI request.")
if $nonce_dup && $action && $action ne 'post';

I gather, last two lines causing my editing to fail autentication. What I don't understand, what makes auth_wsse set nonce_dup to 1. I'm sending completely different nonces and that should not trigger replay attack protection.

Am I missing something?

Included are HTTP headers from successful and unsuccessfull authentication. Sample perlcode is included too.
Collapse )
Identity Crisis

hi there!

I need some help, and for once google isn't helping me out.

I've been goofing around with the code to set up for myself and a few friends, and I've gotten to the point where it'll load and it'll load fast (for awhile it would load as fast as a dead dog). It's educational experience (I got it working via a virtual pc before loading it on a real box)

I'll eventually get a domain(and pray I don't break something changing that!) and put up graphics, but for now I'm just trying to get basic functionality to work. I presume once I can log in as the system account I can create journals for people? I'd prefer it that way to just auto-authenticating(I set it that way as I'm not confident enough to setup the email confirmation, and since it's for less than 20 people I don't really care enough about that XD)

For awhile, clicking any links would redirect to the correct url ( for example) but it wouldn't load because it wouldn't go to the port 8000. I fixed that, But now I've got a new problem.

It'll create an account but not confirm to the user that it did, and direct them to; which just shows the standard page.

Logging in will just redirect to the main site, and not log anyone in.

Trying to modify the journal, for example, just does something like this: and again, just shows the normal main page.

I'm just not sure where I need to go in and edit, or what precisely I need to edit.

Collapse )