3203: rbt doesn't authenticate some requests

mra***@rapitasy********* (Google Code) (Is this you? Claim this profile.)
Feb. 18, 2014 
What version are you running?
1.7.20

What steps will reproduce the problem?
1. Set up a web server configured for basic authentication over HTTPS
2. Set up a ReviewBoard install configured for authentication over LDAP
3. Ensure no .reviewboardrc is set for a user
3. Attempt to query ReviewBoard using manually-specified username and password:
rbt status --server https://<host>/reviewboard --user <user> --password <password>

What is the expected output? What do you see instead?
rbt outputs:
CRITICAL:root:HTTP 401
Attached is rpt --debug output.

Please provide any additional information below.

Apache access log shows two requests, with the second lacking any authorization:

127.0.0.1 - user [23/Jan/2014:14:35:19 +0000] "GET /reviewboard/api/ HTTP/1.1" 200 15665 "-" "RBTools/0.5.5"
127.0.0.1 - - [23/Jan/2014:14:35:20 +0000] "GET /reviewboard/api/info/ HTTP/1.1" 401 8817 "-" "RBTools/0.5.5"

This seems to be something to do with PresetHTTPAuthHandler in request.py being used again before reset and so not adding auth headers.
rbt debug.txt 
rbt status --debug --server https://server/reviewboard --user user --password password
DEBUG:root:Checking for a Subversion repository...
DEBUG:root:Running: svn info --non-interactive
DEBUG:root:Running: diff --version
DEBUG:root:repository info: Path: https://server/svn/bug3556_test, Base path: /, Supports changesets: False
DEBUG:root:Making HTTP GET request to https://server/reviewboard/api/
DEBUG:root:Making HTTP GET request to https://server/reviewboard/api/info/
DEBUG:root:Got HTTP error: 401: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at server Port 443</address>
</body></html>
Traceback (most rece

 






  


 










 

  

   david

  

 
 

  

    
     

   
   #1
   david


  


  
This is fixed in newer versions of rbt.



  
    


   
  • 
    
    
    +Fixed
    
   
    • 


  


 








 

   

 
 

  

    
     

   
   #2
   eth****@gmai***** (Google Code)



(Is this you? Claim this profile.)


  


  
I ran into the same issue with the latest version of rbt (0.7.2).

See the attached status -d log. As the user says above, PresetHTTPAuthHandler only sends the Basic authentication on the first request. By forcing it to attach the authentication to every request, I was able to get things to work. It's unclear if this breaks other server configurations.



  
    


   
  • 
    
    
    +


    
 
    
  rbtdebug.txt
  
    

  
    
 
    

 
    
  
     
    rbt status --server https://server/reviewboard/ --user <username> --password <password> -d 2> rbtdebug.txt
    >>> RBTools 0.7.2 alpha 0 (dev)
    >>> Python 2.7.6 (default, Mar 22 2014, 22:59:56)
    >>> Running on Linux-3.13.0-45-generic-x86_64-with-Ubuntu-14.04-trusty
    >>> Checking for a Subversion repository...
    ...
    >>> Making HTTP GET request to https://server/reviewboard/api/
    >>> Making HTTP GET request to https://server/reviewboard/api/session/?expand=user
    >>> Got HTTP error: 401: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>401 Authorization Required</title>
    </head><body>
    <h1>Authorization Required</h1>
    <p>This server could not verify that you
    are authorized to access the document
    requested.  Either you supplied the wrong
    credentials (e.g., bad password), or your
    browser doesn't understand how to supply
    the credentials required.</p>
    <hr>
    <address>Apache/2.2.22 (Ubuntu) Server at server Port 443</address>
    </body></html>
    Traceback (most recent call last):
      File "/us
    
 
    

    


    +


    
 
    
  rbt-3203.patch
  
    

  
    
 
    

 
    
  
    
 
    

    


    
   
    • 


  


 








 

  

   

  

 
 

  

    
     

   
   #3
   jaredgrubb


  


  
Yes, that patch fixed the rbt issue for me as well!



 








 

  

   

  

 
 

  

    
     

   
   #4
   jaredgrubb


  


  
FWIW, this issue is still present in RBTools 0.7.5.