bug: basic-auth does not pick up user-info
lread opened this issue · 0 comments
lread commented
Observation
I was reviewing docstrings and code when I noticed that user-info is not applied to basic-auth.
Repro
(require '[clj-http.lite.client :as client])
(client/get "https://joe:blow@httpbin.org/basic-auth/joe/blow"
{:throw-exceptions false})Actual
We get a 401
;; => {:headers
;; {"date" "Tue, 16 Aug 2022 01:38:23 GMT",
;; "content-length" "0",
;; "connection" "keep-alive",
;; "server" "gunicorn/19.9.0",
;; "www-authenticate" "Basic realm=\"Fake Realm\"",
;; "access-control-allow-origin" "*",
;; "access-control-allow-credentials" "true"},
;; :status 401,
;; :body nil}Expected
If I specify :basic-auth a different way, I get the expected 200 response:
(client/get "https://httpbin.org/basic-auth/joe/blow"
{:basic-auth "joe:blow"})
;; => {:headers
;; {"date" "Tue, 16 Aug 2022 01:39:31 GMT",
;; "content-type" "application/json",
;; "content-length" "46",
;; "connection" "keep-alive",
;; "server" "gunicorn/19.9.0",
;; "access-control-allow-origin" "*",
;; "access-control-allow-credentials" "true"},
;; :status 200,
;; :body "{\n \"authenticated\": true, \n \"user\": \"joe\"\n}\n"}Diagnosis
It might be not entirely obvious to the uninitiated that wrapper behaviours are executed from last to first.
clj-http-lite/src/clj_http/lite/client.clj
Lines 235 to 256 in 5aa67f5
I'll add a comment to indicate such while fixing this one.
If we take a peek at clj-http (our grandpappy) we see it has wrap-basic-auth above (this means invoked after) wrap-user-info.
Next Steps
I'll follow up with a PR.