Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

LWP digest authentication fails with PUT method

by bilal_j (Initiate)
on May 15, 2018 at 21:39 UTC ( #1214588=perlquestion: print w/replies, xml ) Need Help??
bilal_j has asked for the wisdom of the Perl Monks concerning the following question:

Hello, My GET request works with LWP, however, the same request using PUT method instead of GET returns a 401. I also tried curl and Postman and my PUT request is working using both of those, just not with LWP. I used LWP::ConsoleLogger to see the details. This is my code:

#!/usr/bin/perl { package DINAgent; use strict; use warnings; use base 'LWP::UserAgent'; sub get_basic_credentials { return ('admin','password'); } } require 5.010_001; use strict; use warnings; use HTTP::Request; use Encode qw(encode_utf8); use LWP::ConsoleLogger::Everywhere (); my $ip = '192.168.54.24'; my $url = "http://".$ip."/restapi/relay/outlets/=4/state/"; my $header = [ 'X-CSRF' => 'x', 'Accept' => 'application/json', 'Content-Type' => 'application/x-www-form-urlencoded', ]; my $data = encode_utf8('value=true'); my $req = HTTP::Request->new('GET', $url, $header, $data); my $ua = DINAgent->new; my $res = $ua->request($req);

And when I run it this is what the request looks like:

GET http://192.168.54.24/restapi/relay/outlets/=4/state/ .---------------------------------+----------------------------------- +--------------. | Request (before sending) Header | Value + | +---------------------------------+----------------------------------- +--------------+ | Accept | application/json + | | Authorization | Digest username="admin", realm="DL +I DIN4181200- | | | 5889", qop=auth, algorithm="MD5", +uri="/restap- | | | i/relay/outlets/=4/state/", nonce= +"lUbDs5U7hoG- | | | pVuUw", nc=00000001, cnonce="5ad8c +8da", respon- | | | se="9b02b9381e1ce4b8de39d2d00d1769 +26", opaque=- | | | "poDELG+OAifnQbRd" + | | Content-Type | application/x-www-form-urlencoded + | | User-Agent | libwww-perl/6.33 + | | X-CSRF | x + | '---------------------------------+----------------------------------- +--------------' .------------. | Content | +------------+ | value=true | '------------' .--------------------------. | Text | +--------------------------+ | { | | value => "true", | | } | '--------------------------' .--------------------------------+------------------------------------ +--------------. | Request (after sending) Header | Value + | +--------------------------------+------------------------------------ +--------------+ | Accept | application/json + | | Authorization | Digest username="admin", realm="DLI + DIN41812005- | | | 889", qop=auth, algorithm="MD5", ur +i="/restapi/- | | | relay/outlets/=4/state/", nonce="lU +bDs5U7hoGpVu- | | | Uw", nc=00000001, cnonce="5ad8c8da" +, response="- | | | 9b02b9381e1ce4b8de39d2d00d176926", +opaque="poDE- | | | LG+OAifnQbRd" + | | Content-Type | application/x-www-form-urlencoded + | | User-Agent | libwww-perl/6.33 + | | X-CSRF | x + | '--------------------------------+------------------------------------ +--------------' ==> 207 Responses from multiple resources follow

So then I just replace 'GET' with 'PUT' in the code and my LWP PUT request looks like this:

PUT http://192.168.54.24/restapi/relay/outlets/=4/state/ .---------------------------------+----------------------------------- +--------------. | Request (before sending) Header | Value + | +---------------------------------+----------------------------------- +--------------+ | Accept | application/json + | | Authorization | Digest username="admin", realm="DL +I DIN4181200- | | | 5889", qop=auth, algorithm="MD5", +uri="/restap- | | | i/relay/outlets/=4/state/", nonce= +"/TiSJpxNOX2- | | | YUGF9", nc=00000001, cnonce="5ad8c +6b2", respon- | | | se="4d899287d76eeb9544e1f74398a751 +89", message- | | | -digest="d41d8cd98f00b204e9800998e +cf8427e", op- | | | aque="32bmBh1vwolMgswm" + | | Content-Type | application/x-www-form-urlencoded + | | User-Agent | libwww-perl/6.33 + | | X-CSRF | x + | '---------------------------------+----------------------------------- +--------------' .------------. | Content | +------------+ | value=true | '------------' .--------------------------. | Text | +--------------------------+ | { | | value => "true", | | } | '--------------------------' .--------------------------------+------------------------------------ +--------------. | Request (after sending) Header | Value + | +--------------------------------+------------------------------------ +--------------+ | Accept | application/json + | | Authorization | Digest username="admin", realm="DLI + DIN41812005- | | | 889", qop=auth, algorithm="MD5", ur +i="/restapi/- | | | relay/outlets/=4/state/", nonce="/T +iSJpxNOX2YUG- | | | F9", nc=00000001, cnonce="5ad8c6b2" +, response="- | | | 4d899287d76eeb9544e1f74398a75189", +message-dige- | | | st="d41d8cd98f00b204e9800998ecf8427 +e", opaque="- | | | 32bmBh1vwolMgswm" + | | Content-Type | application/x-www-form-urlencoded + | | User-Agent | libwww-perl/6.33 + | | X-CSRF | x + | '--------------------------------+------------------------------------ +--------------' ==> 401 Unauthorized

One thing I noticed is that LWP PUT request puts a 'message-digest' into the authentication header, maybe this is causing some issue with authentication?
Of course the device I am interacting with is on a local network so you cannot reproduce the issue... but let me know if you have some suggestion on how to find the issue?
Again, I am successfully able to send this PUT request using Postman and curl, so must be something in my LWP implementation that is causing the issue.
Thank you.

Replies are listed 'Best First'.
Re: LWP digest authentication fails with PUT method
by cavac (Deacon) on May 16, 2018 at 12:10 UTC

    Are you sure you want to use PUT instead of POST? You are sending something "www-form-urlencoded", which indicates to me you actually want to use POST. These methods might have different permissions?

    Also, you might have run into one of the many digest auth bugs in LWP.

    "For me, programming in Perl is like my cooking. The result may not always taste nice, but it's quick, painless and it get's food on the table."
        look at the other auth-int bugreport, apache/nginx... dont support auth-int, if you can find a server that supports it, maybe people can work on it ... but until then why bother
Re: LWP digest authentication fails with PUT method
by Veltro (Pilgrim) on May 16, 2018 at 10:17 UTC
    -

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1214588]
Approved by johngg
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (2)
As of 2018-11-14 06:44 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My code is most likely broken because:
















    Results (163 votes). Check out past polls.

    Notices?