(no subject)
When trying to edit a post using atom with wsse auth, I get 401 error, while posting with the same auth works just fine.
Apparently the problem is with the following LJ code:
# let's authenticate.
#
# if wsse information is supplied, use it.
# if not, fall back to digest.
my $wsse = $r->header_in('X-WSSE');
my $nonce_dup;
my $u = $wsse ? auth_wsse($wsse, \$nonce_dup) : LJ::auth_digest($r);
return respond( $r, 401, "Authentication failed for this AtomAPI request.")
unless $u;
return respond( $r, 401, "Authentication failed for this AtomAPI request.")
if $nonce_dup && $action && $action ne 'post';
I gather, last two lines causing my editing to fail autentication. What I don't understand, what makes auth_wsse set nonce_dup to 1. I'm sending completely different nonces and that should not trigger replay attack protection.
Am I missing something?
Included are HTTP headers from successful and unsuccessfull authentication. Sample perlcode is included too.
( Collapse )
Apparently the problem is with the following LJ code:
# let's authenticate.
#
# if wsse information is supplied, use it.
# if not, fall back to digest.
my $wsse = $r->header_in('X-WSSE');
my $nonce_dup;
my $u = $wsse ? auth_wsse($wsse, \$nonce_dup) : LJ::auth_digest($r);
return respond( $r, 401, "Authentication failed for this AtomAPI request.")
unless $u;
return respond( $r, 401, "Authentication failed for this AtomAPI request.")
if $nonce_dup && $action && $action ne 'post';
I gather, last two lines causing my editing to fail autentication. What I don't understand, what makes auth_wsse set nonce_dup to 1. I'm sending completely different nonces and that should not trigger replay attack protection.
Am I missing something?
Included are HTTP headers from successful and unsuccessfull authentication. Sample perlcode is included too.
( Collapse )