Please sign in to comment.
Enable DigestAuth to work when digest key is hidden.
When the digest key is a hidden field it will not be included in the results of _findUser() which makes it impossible for users to authenticate. In the case where there was no password comparison done, and the passwordfield is a hidden field, removing the passwordField from the hidden list allows digest auth to work. Digest auth subsequently removes the password field after checking the key. Refs #10855
- Loading branch information...
Showing with 54 additions and 2 deletions.