DigestAuthenticator returning 401 when the nonce isn't valid anymore
N4zroth opened this issue · 3 comments
Hi,
I run into problems with the AuthenticationCacheInterceptor: The CachingAuthenticator seems to cache a successful digest authentication (which is of course correct so far) and tries to reuse it on subsequent request (also correct).
The problem is that the request might be several seconds later than the original request thus invalidating the nonce.
In previous versions, this was fine as the authenticator just tried again until OkHttp's request limit (20) was reached. As the authentication itself was correct, the next request worked fine.
But the following code in DigestAuthenticator prevents any request after an unsuccessful authentication to be executed:
// prevent infinite loops when the password is wrong
final String authorizationHeader = request.header("Authorization");
if (authorizationHeader != null && authorizationHeader.startsWith("Digest")) {
Log.w(TAG, "previous digest authentication failed, returning null");
return null;
}
It does prevent infinite loops (well 'infinite' as in a maximum of 20 requests) on invalid passwords but it doesn't take into consideration that something else (e. g. the previously cached nonce) was wrong.
Is there a simple way to fix this? I've removed the code and my authentication works fine again.
Thanks!
Hi
I don't quite understand your scenario. Why is the nonce invalidated?
Can you send a concrete example or create a unit test that shows it?
Thanks
Hi,
sure I'll do that as soon as I'm in the office on monday.
I basically send and successfully authenticate a request which has a nonce that's valid for five seconds. The cache saves the authentication and tries to reuse it when I issue another request ten seconds later. The nonce isn't valid anymore as ten seconds have passed and thus the authentication fails. The Authenticator treats this as wrong password and aborts authentication completely even though password and user name were correct, only the saved nonce had timed out.
Greetings :)
This is indeed a bug and I need to fix it, in the meantime its probably good for you to roll back to the previous version.