| Issue 496: | Cannot authenticate when the password ends with a colon (":") character | |
| 2 people starred this issue and may be notified of changes. | Back to list |
Sign in to add a comment
|
If you use the twitter API to request a file and the user's password ends
with a colon (":") character, authentication will fail. This is only an
API issue, the web site still works. Note that the bug only occurs when
the colon is the last character in the password, not the first or in the
middle.
This was tested with several popular twitter clients, as well as with the
following curl command (the password was typed when prompted):
curl -u adamgoforth -v http://twitter.com/statuses/friends_timeline.xml
Here is the verbose output of curl, when the password for the account is
set to "password:". The headers are not obscured or changed in any way.
* About to connect() to twitter.com port 80 (#0)
* Trying 128.121.146.228... connected
* Connected to twitter.com (128.121.146.228) port 80 (#0)
* Server auth using Basic with user 'adamgoforth'
> GET /statuses/friends_timeline.xml HTTP/1.1
> Authorization: Basic YWRhbWdvZm9ydGg6cGFzc3dvcmQ6
> User-Agent: curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g
zlib/1.2.3.3 libidn/1.8
> Host: twitter.com
> Accept: */*
>
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:--
0< HTTP/1.1 401 Unauthorized
< Date: Tue, 21 Apr 2009 15:18:30 GMT
< Server: hi
< Status: 401 Unauthorized
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Twitter API"
< Cache-Control: no-cache, max-age=1800
< Content-Type: application/xml; charset=utf-8
< Content-Length: 151
< Set-Cookie:
_twitter_sess=BAh7BzoHaWQiJTQwNGU3NjIwYjhkZTFjZDNiY2JhOGY1OTZlOWRiNWRhIgpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsA--c41d0e09b3564f398acf9aff624b5d809a3fea38;
domain=.twitter.com; path=/
< Expires: Tue, 21 Apr 2009 15:48:29 GMT
< Vary: Accept-Encoding
< Connection: close
<
{ [data not shown]
100 151 100 151 0 0 128 0 0:00:01 0:00:01 --:--:--
2040* Closing connection #0
--
And the XML that is returned:
<?xml version="1.0" encoding="UTF-8"?>
<hash>
<request>/statuses/friends_timeline.xml</request>
<error>Could not authenticate you.</error>
</hash>
|
||||||||||||
,
Apr 21, 2009
Taking a look at this now. Must be an error in the basic auth processor.
Status: Accepted
Owner: m...@twitter.com Labels: -Priority-Medium Priority-High |
|||||||||||||
,
Apr 21, 2009
(No comment was entered for this change.)
Labels: Component-REST
|
|||||||||||||
,
Apr 23, 2009
Fix deployed. I'll update the changelog later today.
Status: Fixed
|
|||||||||||||
 Sign in to add a comment
|
|||||||||||||
