[#83096] File.setuid? on IO (Re: [ruby-cvs:67289] normal:r60108 (trunk): file.c: release GVL in File.{setuid?, setgid?, sticky?}) — Nobuyoshi Nakada <nobu@...>
On 2017/10/04 8:47, normal@ruby-lang.org wrote:
5 messages
2017/10/04
[#83100] Re: File.setuid? on IO (Re: [ruby-cvs:67289] normal:r60108 (trunk): file.c: release GVL in File.{setuid?, setgid?, sticky?})
— Eric Wong <normalperson@...>
2017/10/04
Nobuyoshi Nakada <nobu@ruby-lang.org> wrote:
[#83105] Re: File.setuid? on IO (Re: [ruby-cvs:67289] normal:r60108 (trunk): file.c: release GVL in File.{setuid?, setgid?, sticky?})
— Nobuyoshi Nakada <nobu@...>
2017/10/04
On 2017/10/04 15:55, Eric Wong wrote:
[#83107] Alias Enumerable#include? to Enumerable#includes? — Alberto Almagro <albertoalmagro@...>
Hello,
9 messages
2017/10/04
[#83113] Re: Alias Enumerable#include? to Enumerable#includes?
— "Urabe, Shyouhei" <shyouhei@...>
2017/10/05
This has been requested countless times, then rejected each and every time.
[#83129] Re: Alias Enumerable#include? to Enumerable#includes?
— Alberto Almagro <albertoalmagro@...>
2017/10/05
Sorry I didn't found it on the core mail list's archive.
[#83138] Re: Alias Enumerable#include? to Enumerable#includes?
— "Urabe, Shyouhei" <shyouhei@...>
2017/10/06
Ruby has not been made of popular votes so far. You have to show us
[#83149] Re: Alias Enumerable#include? to Enumerable#includes?
— Eric Wong <normalperson@...>
2017/10/06
Alberto Almagro <albertoalmagro@gmail.com> wrote:
[#83200] [Ruby trunk Feature#13996] [PATCH] file.c: apply2files releases GVL — normalperson@...
Issue #13996 has been reported by normalperson (Eric Wong).
4 messages
2017/10/10
[ruby-core:83628] [Ruby trunk Bug#14071] HTTP Header requiring dual authorization fails with 'header field value cannot include CR/LF'
From:
matthew@...
Date:
2017-10-31 21:15:30 UTC
List:
ruby-core #83628
Issue #14071 has been updated by phluid61 (Matthew Kerwin).
From my understanding of the HTTP specs that define the Authorization header, there's no standards-compatible way to send multiple Authorization header fields in a single message. So I don't think it can be called Ruby's bug.
According to [this Stack Overflow question](https://stackoverflow.com/questions/29282578/multiple-http-authorization-headers), servers that require multiple Authorization fields apparently might accept a flattened, comma-separated list (which is the inline representation for any other standard multi-valued header (aside from cookies)).
Have you tried: `request["authorization"] = "Bearer #{pf_token}, #{ck_token}"` ?
----------------------------------------
Bug #14071: HTTP Header requiring dual authorization fails with 'header field value cannot include CR/LF'
https://bugs.ruby-lang.org/issues/14071#change-67655
* Author: dgames (Dax Games)
* Status: Open
* Priority: Normal
* Assignee:
* Target version:
* ruby -v: ruby 2.4.2p198 (2017-09-14 revision 59899) [x86_64-linux]
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN
----------------------------------------
Not sure if this is a bug or not but I know where it was introduced and when it worked.
ruby 2.3.1p112 (Code Works)
ruby 2.3.4p301 (Code Works)
ruby 2.3.5p376 (Code Fails)
ruby 2.4.1p111 (Code Works)
ruby 2.4.2p198 (Code Fails)
My code that works - (Depending on Ruby version - see above versions of ruby for pass fail status):
# Start Working Code
```
url = my_url + "/PasswordVault/WebServices/PIMServices.svc/Accounts?Safe=" + safe
url += "&Keywords=" + keywords if ! keywords.nil?
uri = URI.parse(url)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["authorization"] = "Bearer #{pf_token}\r\nAuthorization: #{ck_token}"
request["oauth_clientid"] = pf_credentials['client_id']
request["content-type"] = 'application/json'
# Send the request
http.set_debug_output $stderr
res = http.request(request)
```
I am no expert and the code above may be a hack but it works on sites where dual authentication is required, at least with some versions of Ruby. I came to this solution by inspecting the http request by setting 'http.set_debug_output $stderr' and saw that header elements are separate by '\r\n'
This curl comand works:
curl -X GET 'https://xxxx/PasswordVault/WebServices/PIMServices.svc/Accounts?Safe=Safe1' -H 'authorization: Bearer xxxxxxxxxxxxxxxxxxx' -H 'authorization: YYYYYYYYYYY' -H 'content-type: application/json' -H 'oauth_clientid: clientid1'
The above code fails with 'header field value cannot include CR/LF' in:
ruby 2.3.5p376
ruby 2.4.2p198
This was most recently was re-introduced by this commit: https://github.com/ruby/ruby/commit/427f5b57135fa165990f87c93658fafbe070289f
I have tried the following on the newer failing version of Ruby but these also fail with #<Net::HTTPUnauthorized:0x0000000003183780> => "1012116 - Invalid token."
# Start Failing Code
```
url = my_url + "/PasswordVault/WebServices/PIMServices.svc/Accounts?Safe=" + safe
url += "&Keywords=" + keywords if ! keywords.nil?
uri = URI.parse(url)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["authorization"] = ["Bearer #{pf_token}", ck_token]
request["oauth_clientid"] = pf_credentials['client_id']
request["content-type"] = 'application/json'
# Send the request
http.set_debug_output $stderr
res = http.request(request)
```
and this:
```
url = my_url + "/PasswordVault/WebServices/PIMServices.svc/Accounts?Safe=" + safe
url += "&Keywords=" + keywords if ! keywords.nil?
uri = URI.parse(url)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request.add_field("authorization", "Bearer #{pf_token}")
request.add_field("authorization", ck_token)
request.add_field("oauth_clientid", pf_credentials['client_id'])
request.add_field("content-type", 'application/json')
# Send the request
http.set_debug_output $stderr
res = http.request(request)
```
Another variation also fails in all versions with "undefined method `strip' for #<Array:0x00000000034ad910>"
```
url = my_url + "/PasswordVault/WebServices/PIMServices.svc/Accounts?Safe=" + safe
url += "&Keywords=" + keywords if ! keywords.nil?
uri = URI.parse(url)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
header = {
'authorization' => ["Bearer #{pf_token}", "#{ck_token}"],
'oauth_clientid' => pf_credentials['client_id'],
'content-type' => 'application/json'
}
# Send the request
http.set_debug_output $stderr
res = http.request_get(uri.path, header)
```
--
https://bugs.ruby-lang.org/
Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>