Bug 132574 - [testcase] HTTP AUTH login does not seem to work with Confixx and IPCONF when using KWalletManager and two users for the same URL
Summary: [testcase] HTTP AUTH login does not seem to work with Confixx and IPCONF when...
Status: RESOLVED UNMAINTAINED
Alias: None
Product: konqueror
Classification: Applications
Component: general (show other bugs)
Version: 3.5
Platform: Debian testing Linux
: NOR normal
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-08-18 00:18 UTC by Martin Steigerwald
Modified: 2012-01-04 22:00 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Steigerwald 2006-08-18 00:18:49 UTC
Version:            (using KDE KDE 3.5.4)
Installed from:    Debian testing/unstable Packages
OS:                Linux

Hello, I have a strange problem for which I produced a test case that may or may not be accurate.

HTTP AUTH relogin with Confixx and IPCONF (which are used by Net-Build and Canhost / Canexpert for example and many other providers I guess) fails.

With Firefox 2.0 Bon Echo it works as long as I relogin to a different user (see my testcase) below - I can't login with the same user. With Konqueror it doesn't work whatever user I try to login. 

After this I often do not get into those sites at all. This bug is driving me nuts. It may well be a bug in those applications.

I tried several hours to reproduce this on my server with a testcase, using example 34-3 from http://de.php.net/features.http-auth, but the only thing I was able to produce was that it is not possible to relogin with the same user name and password using that example, but it works with a different username and password. With Confixx and IPConf then it doesn't even work with a different username and password (I have two accounts with that IPCONF site on the same URL).

My probably useless testcase is at: http://martin-steigerwald.de/konqueror-test/ (user and passwort "test1" as well as "test2")

I am even not sure whether its only related to relogin.

Sorry, I am a bit stuck at the moment. I have tried to lot to get any predictable reproducable behaviur and easy testcase, but now I am tired.

Maybe other users have a similar problem.

Regards,
Martin
Comment 1 Martin Steigerwald 2006-08-18 00:19:41 UTC
Argh, the subject is wrong... problem also happens when not using KWalletManager
Comment 2 Martin Steigerwald 2006-08-18 00:27:29 UTC
One more note about this subject, before I go to bed: 

With Firefox I can login as the same user as I was logged in before the relogin request when I quit and reload the browser.

With Konqueror I cannot login at all with either of those two users anymore. Even when I shutdown the preloaded Konqueror instances with killall konqueror. After I once ran into this problem I cannot authentificate to that IPCONF site from Canexpert at all with Konqueror.

Unfortunately I have no IPCONF test setup available. I can ask canhost or canexport whether they would provide one. I had the same issues with Confixx, but right now I only use one user with that other Confixx site and have no need to relogin.
Comment 3 Martin Steigerwald 2006-08-18 00:52:54 UTC
Hmmm, forget about not being able to login at all anymore... I mixed up canhost and canexpert domains... auto completion got into the way.

I tested a bit further. Relogin stuff seems to work with Konqueror just as in Firefox as long as I do not use KWalletManager. When I use KWalletManager to store the passwords of both users relogin requests start to fail, but I can login normally after that.

I think I found an issue: 

Konqueror stores the usernames as "username" and "username-2" and the passwords as "password" and "password-2". I login with the first user. I relogin with the second user. This works. I logout and relogin again with the first user. This fails: The password of the first user is overwritten with the password of the second user. It may be that when I select the first user in the password dialog box that the contents of the password field may not be changed and thus it still contains the second user.

Another thing I found. Its unpractical to use "no asterisks" for password fields as one can not see whether it contains a password or not then. Thus I entered a password where there has aleady been one thus duplicating it.

Okay, it seems that I can reproduce problems with my testcase at http://martin-steigerwald.de/konqueror-test/index.php

- Login with test1 / test1, select to save passwords with KWallet
- Relogin with test2 / test2, select to save passwords with KWallet
- Relogin with test1, then test2, then test1 by just pressing "Re-Authentificate" and selecting the user in the dropdown gadget of the password dialog => it fails...
- Relogin with test1 or test2 by selecting the user in the dropdown gadget and enter the correct test1 or test2 password => it works...

Seems to me that the contents of the password field are not updated properly when one switches the user in the password field. However the password of one user in the KWalletManager has not been overwritten with the password of the other user during that tests. So there may still be a difference to this IPConf thing.

My testcase is:

 <?php
   function authenticate() {
    header('WWW-Authenticate: Basic realm="Konqueror-Test"');
    header('HTTP/1.0 401 Unauthorized');
    echo "You must enter a valid login ID and password to access this resource\n";
    exit;
   }

   if (!isset($_SERVER['PHP_AUTH_USER']) ||
      ($_POST['SeenBefore'] == 1 && $_POST['OldAuth'] == $_SERVER['PHP_AUTH_USER'])) {
    authenticate();
   }
   else {
    echo "<p>Welcome: {$_SERVER['PHP_AUTH_USER']}<br />";
    echo "Old: {$_REQUEST['OldAuth']}";
    echo "<form action='{$_SERVER['PHP_SELF']}' METHOD='post'>\n";
    echo "<input type='hidden' name='SeenBefore' value='1' />\n";
    echo "<input type='hidden' name='OldAuth' value='{$_SERVER['PHP_AUTH_USER']}' />\n";
    echo "<input type='submit' value='Re Authenticate' />\n";
    echo "</form></p>\n";
   }
?>

With the following .htaccess:

IndexIgnore .htaccess .htpasswd
AuthName "Konqueror-Test"
AuthType Basic
AuthUserFile /some/valid/path/to/.htpasswd
require valid-user

And test1 with password test1 as well as test2 with password test2 as users in the htpasswd file.

So hope its reproducable now. And I have to go to bed now.

That one cannot relogin with the same username and password seems to be a "feature" of that HTTP 401 error relogin foomagic tough. A very unintuitive one ;(.

So enough spamming of the KDE bug database for today.
Comment 4 Dawit Alemayehu 2012-01-04 22:00:59 UTC
KDE 3 is no longer maintained and there has been more than a few HTTP authentication related fixes in KDE 4. Feel free to reopen this ticket if this bug report is still present in KDE v4.7.0 or higher.