Bug 344413 - HTTP Basic authentication password is encoded as Latin-1 / ISO-8859-1
Summary: HTTP Basic authentication password is encoded as Latin-1 / ISO-8859-1
Status: CONFIRMED
Alias: None
Product: frameworks-kio
Classification: Frameworks and Libraries
Component: HTTP (show other bugs)
Version: 5.109.0
Platform: Debian unstable Linux
: NOR normal
Target Milestone: ---
Assignee: Rolf Eike Beer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-20 23:13 UTC by Shane
Modified: 2023-09-03 14:55 UTC (History)
7 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Shane 2015-02-20 23:13:24 UTC
I've been trying to configure a DAV resource with Kontact that connects to an ownCloud server without success.

I figured out from inspecting the logs on the server that the password (which contains non-ASCII characters) is being transmitted encoded as Latin1, while the server expects UTF-8.

For what it's worth, Kmail works fine with the same password.

Reproducible: Always

Steps to Reproduce:
1. Set up a CardDAV or CalDAV account on a server that uses a password with non-ASCII characters.
2. Try to add this account in Kontact/KAddressBook

Actual Results:  
The CardDAV/CalDAV resource will fail to authenticate with the server, even though the password is correct, because of character encoding issues.

Expected Results:  
The CardDAV/CalDAV resource authenticates correctly.
Comment 1 Grégory Oestreicher 2015-08-20 21:37:04 UTC
Yup, there's a conversion done in frameworks/kio/src/ioslaves/http/httpauthentication.cpp:386 so re-assigning to KIO.

However it seems that deciding on the character encoding is left to the browser, though the HTTP RFC seems to say that it must be ISO-8859-1 unless encoded as MIME according to RFC2047 but support for this is non-existent and it's left mostly to the implementer appreciation.
Comment 2 Malte S. Stretz 2023-09-03 14:55:48 UTC
I stumbled upon this oldish bug by accident and supposed it was fixed by now by implementing RFC 7617 (https://www.rfc-editor.org/rfc/rfc7617#section-2.1).

But it looks like this is still not supported: https://invent.kde.org/frameworks/kio/-/blob/v5.109.0/src/kioworkers/http/httpauthentication.cpp?ref_type=tags#L380