grafana/k6

Cookies not saved during NTLM auth negotiation

Open

#1210 opened on Oct 21, 2019

View on GitHub
 (3 comments) (0 reactions) (0 assignees)Go (30,564 stars) (1,537 forks)batch import
bugevaluation neededhelp wantedrefactor

Description

Looking at the screenshot that was posted in the community forum, it seems like the current way we handle NTLM authentication looses some cookies. The current implementation basically uses http.RoundTripper wrappers to handle NTLM and digest authentication: https://github.com/loadimpact/k6/blob/a8d9ee9da9d621ffcb02a5d9b832f715b47e5476/lib/netext/httpext/request.go#L277-L282

So this might also be something that affects the digest authentication as well... It's worth investigating and might affect how we implement https://github.com/loadimpact/k6/issues/800 as well. It might be necessary to scrap the current wrappers and write a new http.Client alternative that is able to handle these authentication types ourselves...

Contributor guide

Tech stack
go
Domain
backendauthentication
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
4
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
3-5 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Go programmingHTTP protocolNTLM authenticationk6 codebase
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
25
Research direction
Investigate the current NTLM and digest authentication wrappers in lib/netext/httpext/request.go around lines 277-282. Examine how cookies are handled during the multi step NTLM negotiation. Consider implementing a custom http.Client that properly manages cookies and authentication handshake. Refer to related issue #800 for additional context.