GH-307 Fix error 500 on digest auth with qop='auth-int' #308

Merged
merged 8 commits into from Dec 4, 2016

Projects

None yet

2 participants

@felixpalta
Contributor

Fix typo in HA2() function, which caused Digest auth test to fail, when 'qop' parameter is set to 'auth-int'.

@sigmavirus24
Collaborator

Please add tests for this. Also, folks do not need the module name (or any other non-standard shorthand) in the commit message. Please simplify your message to "Pass algorithm parameter to hash function" with an explanation of why in the paragraph of the message.

felixpalta added some commits Oct 19, 2016
@felixpalta felixpalta Pass algorithm parameter to H()
This fixes error 500 on digest-auth test with qop='auth-int' (#307)
cc2fc5e
@felixpalta felixpalta Add test implementation for Digest authentication
It can be used for testing of all available combinations of qop (auth/auth-int/not specified) and algorithms (MD5, SHA-256).
f198dab
@felixpalta felixpalta Check response status code in test_digest_auth_with_wrong_password() ada6bd1
@felixpalta felixpalta Add test for different combinations of digest auth parameters 9816125
@felixpalta felixpalta Enable test cases for Digest auth requests with or without body
When quality-of-protection (qop) is 'auth-int', the hash of request body is used to create digest response.
ec17414
@felixpalta felixpalta Update comments, minor fixes 562a60b
@felixpalta felixpalta Minor refactoring of _test_digest_auth
Instead of joining encoded (binary) strings, join unicode strings first, then encode result, which leads to shorter and clearer code.
45058da
@felixpalta felixpalta Encode HA2() string parameters 'method', 'uri' and 'H(entityBody)'
This fixes error 500, when httpbin is run with python3 and digest-auth is attempted with qop='auth-int'.
e7e9163
@felixpalta
Contributor
felixpalta commented Dec 4, 2016 edited

@sigmavirus24 I have added extensive tests for all combinations of Digest Authentication (DA) parameters, also tested manually with curl. The previous version of test_digest_auth() used only one set of parameters (qop='auth', algorithm='MD5')

@sigmavirus24
Collaborator

@felixpalta thanks so very much! That's awesome!

@sigmavirus24 sigmavirus24 merged commit cff242d into Runscope:master Dec 4, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
@felixpalta felixpalta deleted the felixpalta:Runscope-GH-307-fix-digest-auth-int branch Dec 4, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment