Project

General

Profile

Bug #14071

Updated by dgames (Dax Games) over 6 years ago

Not sure if this is a bug or not but I know where it was introduced and when it worked. 

 ruby 2.3.1p112 (Code Works) 
 ruby 2.3.4p301 (Code Works) 
 ruby 2.3.5p376 (Code Fails) 
 ruby 2.4.1p111 (Code Works) 
 ruby 2.4.2p198 (Code Fails) 


 My code that works - (Depending on Ruby version - see above versions of ruby for pass fail status): 

 # Start Working Code 

 ``` 
         url = my_url + "/PasswordVault/WebServices/PIMServices.svc/Accounts?Safe=" + safe 
         url += "&Keywords=" + keywords if ! keywords.nil? 

         uri = URI.parse(url) 

         http = Net::HTTP.new(uri.host, uri.port) 
         http.use_ssl = true 

         request = Net::HTTP::Get.new(url) 

         request["authorization"] = "Bearer #{pf_token}\r\nAuthorization: #{ck_token}" 
         request["oauth_clientid"] = pf_credentials['client_id'] 
         request["content-type"] = 'application/json' 

         # Send the request 
         http.set_debug_output $stderr 
         res = http.request(request) 
  ``` 

 I am no expert and the code above may be a hack but it works on sites where dual authentication is required, at least with some versions of Ruby.    I came to this solution by inspecting the http request by setting 'http.set_debug_output $stderr' and saw that header elements are separate by '\r\n' 


 This curl comand works: 

 curl -X GET 'https://xxxx/PasswordVault/WebServices/PIMServices.svc/Accounts?Safe=Safe1' -H 'authorization: Bearer xxxxxxxxxxxxxxxxxxx' -H 'authorization: YYYYYYYYYYY' -H 'content-type: application/json' -H 'oauth_clientid: clientid1' 

 The above code fails with 'header field value cannot include CR/LF' in: 

 ruby 2.3.5p376 
 ruby 2.4.2p198  

 This was most recently was re-introduced by this commit: https://github.com/ruby/ruby/commit/427f5b57135fa165990f87c93658fafbe070289f 


 I have tried the following on the newer failing version of Ruby but these also fail with #<Net::HTTPUnauthorized:0x0000000003183780> => "1012116 - Invalid token." 

 # Start Failing Code 
 ``` 
         url = my_url + "/PasswordVault/WebServices/PIMServices.svc/Accounts?Safe=" + safe 
         url += "&Keywords=" + keywords if ! keywords.nil? 

         uri = URI.parse(url) 

         http = Net::HTTP.new(uri.host, uri.port) 
         http.use_ssl = true 

         request = Net::HTTP::Get.new(url) 

         request["authorization"] = ["Bearer #{pf_token}",    ck_token] 
         request["oauth_clientid"] = pf_credentials['client_id'] 
         request["content-type"] = 'application/json' 

         # Send the request 
         http.set_debug_output $stderr 
         res = http.request(request) 
 ``` 

 and this: 

 # Start Failing Code 
 ``` 
         url = my_url + "/PasswordVault/WebServices/PIMServices.svc/Accounts?Safe=" + safe 
         url += "&Keywords=" + keywords if ! keywords.nil? 

         uri = URI.parse(url) 

         http = Net::HTTP.new(uri.host, uri.port) 
         http.use_ssl = true 

         request = Net::HTTP::Get.new(url) 

         request.add_field("authorization", "Bearer #{pf_token}") 
         request.add_field("authorization", ck_token) 
         request.add_field("oauth_clientid", pf_credentials['client_id']) 
         request.add_field("content-type", 'application/json') 

         # Send the request 
         http.set_debug_output $stderr 
         res = http.request(request) 
 ``` 

 Another variation also fails in all versions with "undefined method `strip' for #<Array:0x00000000034ad910>" 

 # Begin Failing Code 
 ``` 
         url = my_url + "/PasswordVault/WebServices/PIMServices.svc/Accounts?Safe=" + safe 
         url += "&Keywords=" + keywords if ! keywords.nil? 

         uri = URI.parse(url) 

         http = Net::HTTP.new(uri.host, uri.port) 
         http.use_ssl = true 

         header = { 
           'authorization' => ["Bearer #{pf_token}", "#{ck_token}"], 
           'oauth_clientid' => pf_credentials['client_id'], 
           'content-type' => 'application/json' 
         } 

         # Send the request 
       
         http.set_debug_output $stderr 
         res = http.request_get(uri.path, header)       
 ``` 

Back