-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(auth): add support for MS-PASS #70
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the PR.
I dislike the auth related changes in requests.go
.
We should refactor the auth handling at all.
I need some time to think about.
I have to agree, the resulting code is not as straight forward anymore. I think it can be made nicer by adding some constants to the other auth types, like For the deadlock I just need to switch those lines, but you're right. Regarding the failed test, if I'm not mistaken there is no way to do this without a race condition with this shared |
This may be one way to deal with this design problem. First of all, all the
Yes.
The original usage is to spawn clients inside |
I just had an idea. What would you think of two shared http clients? One with normal redirection and one without. This would mitigate the race condition and prevent the need to create a new client for every request. |
I doubt it would solve the problems. It's not about redirection. The mutexes would remain because the concurrent subrequests are still there. I'm going to see how I can rip off of auth. |
Well, all mutexes that are currently in the code would be untouched. This is purely to fix the race condition in the tests. It's caused by the client being modified to handle redirects differently at different times. So there would no longer be a race condition by having two clients and not changing one. |
Sure, it would fix the tests, but it would also leave the code in a more complex state / mess. |
Please take a look at my changes. |
I've reviewed your update. |
https://github.com/studio-b12/gowebdav/blob/next/requests.go#L42-L46 This will not work for passportAuth. Unfortunately, Microsoft is incapable of returning the correct error codes. The |
we will! |
I don't really see how this will help. |
if I´d not get it wrong. we could check for a redirect or compare the |
That sounds like a possibility, but I'm not sure it's a good solution. |
Well, even if the specs would prohibit the redirection for authentication, the cancer thing is already doing that. |
Ashes on my head. |
Thanks for your patience. |
I adapted my changes to the new |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Try doing the auth ping-pong in the Verify
method if the initial auth fails.
Maybe the reauth
naming is misleading you, we should it name redo
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we're on a good way!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have tried to take it precisely.
well done!
I'm looking forward to get this merged.
Thank you very much!!
I just noticed something. The |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we are almost there! 🚀
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
awesome!
this is a very nice implementation.
Well done.
I'll squash next, tomorrow.
Thank you for your patience!
Could you please squash your commits together and put them on top of next? |
typo: fix comment fix: fix verify flow and precompile cookies fix: implement requested changes fix: implement requested changes fix: implement requested changes test(auth): add test for MS-PASS fix: remove pointless return
MS-PASS is the proprietary authentication protocol used for e.g. OneDrive.
Because of how this protocol works I could not follow the design principles of the other auth methods 100% but tried to stay as close as possible to them.
fixes #68