401 Unauthorized when trying to login to Apache HTTPS Server about gowebdav HOT 11 CLOSED

Hello!
Do you use latest master version? I fixed the similar issue a few days ago. As I see this fix isn't released yet and stored only in master.

from gowebdav.

I set up a Radicale instance (uses Basic Auth), and I get the same error (with master). I'm currently looking into it.

from gowebdav.

This issue is caused by the OPTIONS request not requiring authorization. This means we'll have to check for a 401 status code at every request, or possibly try a PROPFIND / upon initial connection.

from gowebdav.

@misha-plus , yes, I use latest version from master

from gowebdav.

@chuckwagoncomputing , OPTIONS request is carrying out from options() function:

func (c *Client) options(path string) (*http.Response, error) {
	return c.req("OPTIONS", path, nil, func(rq *http.Request) {
		rq.Header.Add("Depth", "0")
	})
}

which calls c.req() function, which trying to do c.auth.Authorize(c, method, path)

from gowebdav.

That is correct. c.auth.Authorize will not work unless the authorization method has been set, which currently happens in Connect() in client.go, after the call to options() has succeeded. I'm moving it to req().

from gowebdav.

in my case c.options() returns 200 OK, and now I am trying to find the bug

from gowebdav.

yes, problem that authorization was not set in method c.connect()
it was not set because c.options() returns 200 OK, and in this line:

	if rs.StatusCode == 401 && c.auth.Type() == "NoAuth" {

application decided that server does not require authorization

from gowebdav.

I create following method:

func (c *Client) propfindTest() (*http.Response, error) {

	body :=
	`<d:propfind xmlns:d='DAV:'>
		<d:prop>
			<d:displayname/>
			<d:resourcetype/>
			<d:getcontentlength/>
			<d:getcontenttype/>
			<d:getetag/>
			<d:getlastmodified/>
		</d:prop>
	</d:propfind>`

        // "/qqq" is some existing folder on the webdav server. If folder will not exist,
        // "405 Not allowed" will be returned
	return c.req("PROPFIND", "/qqq", strings.NewReader(body), func(rq *http.Request) {
		rq.Header.Add("Depth", "0")
		rq.Header.Add("Content-Type", "text/xml;charset=UTF-8")
		rq.Header.Add("Accept", "application/xml,text/xml")
		rq.Header.Add("Accept-Charset", "utf-8")
		rq.Header.Add("Accept-Encoding", "")
	})
}

to use it instead of c.options() within c.connect, because PROPFIND requires authorization

Also, I modify c.connect() method:

func (c *Client) Connect() error {
	rs, err := c.propfindTest()
	if err != nil {
		return err
	}

	err = rs.Body.Close()
	if err != nil {
		return err
	}

	if rs.StatusCode == 401 && c.auth.Type() == "NoAuth" {
		if strings.Index(rs.Header.Get("Www-Authenticate"), "Digest") > -1 {
			c.auth = &DigestAuth{c.auth.User(), c.auth.Pass(), digestParts(rs)}
		} else if strings.Index(rs.Header.Get("Www-Authenticate"), "Basic") > -1 {
			c.auth = &BasicAuth{c.auth.User(), c.auth.Pass()}
		} else {
			return newPathError("Authorize", c.root, rs.StatusCode)
		}
		c.auth.Authorize(c, c.auth.User(), c.auth.Pass())
		return c.Connect()
	} else if rs.StatusCode == 401 {
		return newPathError("Authorize", c.root, rs.StatusCode)
	} else if rs.StatusCode != 200 /*|| (rs.Header.Get("Dav") == "" && rs.Header.Get("DAV") == "")*/ {
		return newPathError("Connect", c.root, rs.StatusCode)
	}

	return nil
}

but I still get 401 Unauthorized

from gowebdav.

Your approach does not work because the first time propfindTest runs it is unauthorized, and returns an error. Because it returns an error, Connect() returns early and never reaches the part where it checks the return value, authorizes, and tries again.

Give the latest change a try. It works for me. If it doesn't work for you, we'll dig into this problem some more.

from gowebdav.

hello participants,
thank you for your investigations and for solving the issue.
@MrVine nice bug report! I'll use this as a template.

I'd like to improve the fix to keep the modification inside the client, because it's a client issue / improvement, and I'd love to keep the request as small as possible.
at the moment i have no clue how to do this in a nice way.

furthermore the connect call in the cmd (and client) seems to be useless. we could remove them. any concerns, what do you think?

from gowebdav.