Permalink
Browse files

Changing pattern used to read digest auth data. Allows emails to be u…

…sed as usernames.

This also adds the realm to the return value of SecurityComponent::parseDigestAuth().  Fixes #1181
  • Loading branch information...
markstory committed Oct 12, 2010
1 parent 77f05ab commit 3f6bee0a08153d180957de387336ab1ce71c3c99
@@ -342,7 +342,7 @@ function parseDigestAuthData($digest) {
$keys = array();
$match = array();
$req = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);
- preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2@', $digest, $match, PREG_SET_ORDER);
+ preg_match_all('/(\w+)=([\'"]?)([a-zA-Z0-9@=.\/_-]+)\2/', $digest, $match, PREG_SET_ORDER);
foreach ($match as $i) {
$keys[$i[1]] = $i[3];
@@ -992,6 +992,7 @@ function testLoginCredentials() {
DIGEST;
$expected = array(
'username' => 'Mufasa',
+ 'realm' => 'testrealm@host.com',
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
'uri' => '/dir/index.html',
'qop' => 'auth',
@@ -1025,6 +1026,7 @@ function testParseDigestAuthData() {
DIGEST;
$expected = array(
'username' => 'Mufasa',
+ 'realm' => 'testrealm@host.com',
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
'uri' => '/dir/index.html',
'qop' => 'auth',
@@ -1039,6 +1041,39 @@ function testParseDigestAuthData() {
$result = $this->Controller->Security->parseDigestAuthData('');
$this->assertNull($result);
}
+/**
+ * test parsing digest information with email addresses
+ *
+ * @return void
+ */
+ function testParseDigestAuthEmailAddress() {
+ $this->Controller->Security->startup($this->Controller);
+ $digest = <<<DIGEST
+ Digest username="mark@example.com",
+ realm="testrealm@host.com",
+ nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
+ uri="/dir/index.html",
+ qop=auth,
+ nc=00000001,
+ cnonce="0a4f113b",
+ response="6629fae49393a05397450978507c4ef1",
+ opaque="5ccc069c403ebaf9f0171e9517f40e41"
+DIGEST;
+ $expected = array(
+ 'username' => 'mark@example.com',
+ 'realm' => 'testrealm@host.com',
+ 'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
+ 'uri' => '/dir/index.html',
+ 'qop' => 'auth',
+ 'nc' => '00000001',
+ 'cnonce' => '0a4f113b',
+ 'response' => '6629fae49393a05397450978507c4ef1',
+ 'opaque' => '5ccc069c403ebaf9f0171e9517f40e41'
+ );
+ $result = $this->Controller->Security->parseDigestAuthData($digest);
+ $this->assertIdentical($result, $expected);
+ }
+
/**
* testFormDisabledFields method
*
@@ -1159,4 +1194,4 @@ function testBlackHoleNotDeletingSessionInformation() {
$this->assertTrue($this->Controller->Security->Session->check('_Token'), '_Token was deleted by blackHole %s');
}
}
-?>
+?>

0 comments on commit 3f6bee0

Please sign in to comment.