Hey, I have been studying the mechanize code for basic authentication. Based on the following lines: http://github.com/tenderlove/mechanize/blob/master/lib/mechanize.rb#L215-220 http://github.com/tenderlove/mechanize/blob/master/lib/mechanize.rb#L625-643 http://github.com/tenderlove/mechanize/blob/master/lib/mechanize/chain/auth_headers.rb#L20-33 it seems that if the auth method is determined to be basic_auth, nothing really happens. All it does is set @user and @password, but these do not appear to ever be used later on in the execution. Is this intentional? Is it because pretty much anything that supports basic auth also supports Digest auth? Thanks, Carl
On Wed, Oct 6, 2010 at 6:56 AM, Carl Youngblood <carl at youngbloods.org> wrote:> Hey, I have been studying the mechanize code for basic authentication. > Based on the following lines: > > http://github.com/tenderlove/mechanize/blob/master/lib/mechanize.rb#L215-220 > http://github.com/tenderlove/mechanize/blob/master/lib/mechanize.rb#L625-643 > http://github.com/tenderlove/mechanize/blob/master/lib/mechanize/chain/auth_headers.rb#L20-33 > > it seems that if the auth method is determined to be basic_auth, > nothing really happens. All it does is set @user and @password, but > these do not appear to ever be used later on in the execution. Is this > intentional? Is it because pretty much anything that supports basic > auth also supports Digest auth?Unless there is a bug I''m not seeing, mechanize should pass the basic auth info to net/http. When it determines that it should use basic auth here: http://github.com/tenderlove/mechanize/blob/master/lib/mechanize.rb#L635 It calls the basic_auth method on net/http here: http://github.com/tenderlove/mechanize/blob/master/lib/mechanize/chain/auth_headers.rb#L22-23 Hope that helps! -- Aaron Patterson http://tenderlovemaking.com/
Thanks, I didn''t realize that the object it was working on was Net::HTTP. On Wed, Oct 6, 2010 at 4:53 PM, Aaron Patterson <aaron.patterson at gmail.com> wrote:> On Wed, Oct 6, 2010 at 6:56 AM, Carl Youngblood <carl at youngbloods.org> wrote: >> Hey, I have been studying the mechanize code for basic authentication. >> Based on the following lines: >> >> http://github.com/tenderlove/mechanize/blob/master/lib/mechanize.rb#L215-220 >> http://github.com/tenderlove/mechanize/blob/master/lib/mechanize.rb#L625-643 >> http://github.com/tenderlove/mechanize/blob/master/lib/mechanize/chain/auth_headers.rb#L20-33 >> >> it seems that if the auth method is determined to be basic_auth, >> nothing really happens. All it does is set @user and @password, but >> these do not appear to ever be used later on in the execution. Is this >> intentional? Is it because pretty much anything that supports basic >> auth also supports Digest auth? > > Unless there is a bug I''m not seeing, mechanize should pass the basic > auth info to net/http. > > When it determines that it should use basic auth here: > > ?http://github.com/tenderlove/mechanize/blob/master/lib/mechanize.rb#L635 > > It calls the basic_auth method on net/http here: > > ?http://github.com/tenderlove/mechanize/blob/master/lib/mechanize/chain/auth_headers.rb#L22-23 > > Hope that helps! > > -- > Aaron Patterson > http://tenderlovemaking.com/ > _______________________________________________ > Mechanize-users mailing list > Mechanize-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/mechanize-users >