Skip to content
Permalink
Browse files

Changing pattern used to read digest auth data. Allows emails to be u…

…sed as usernames.

This also adds the realm to the return value of SecurityComponent::parseDigestAuth().  Fixes #1181
  • Loading branch information...
markstory committed Oct 12, 2010
1 parent 77f05ab commit 3f6bee0a08153d180957de387336ab1ce71c3c99
@@ -342,7 +342,7 @@ function parseDigestAuthData($digest) {
$keys = array();
$match = array();
$req = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);
preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2@', $digest, $match, PREG_SET_ORDER);
preg_match_all('/(\w+)=([\'"]?)([a-zA-Z0-9@=.\/_-]+)\2/', $digest, $match, PREG_SET_ORDER);
foreach ($match as $i) {
$keys[$i[1]] = $i[3];
@@ -992,6 +992,7 @@ function testLoginCredentials() {
DIGEST;
$expected = array(
'username' => 'Mufasa',
'realm' => 'testrealm@host.com',
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
'uri' => '/dir/index.html',
'qop' => 'auth',
@@ -1025,6 +1026,7 @@ function testParseDigestAuthData() {
DIGEST;
$expected = array(
'username' => 'Mufasa',
'realm' => 'testrealm@host.com',
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
'uri' => '/dir/index.html',
'qop' => 'auth',
@@ -1039,6 +1041,39 @@ function testParseDigestAuthData() {
$result = $this->Controller->Security->parseDigestAuthData('');
$this->assertNull($result);
}
/**
* test parsing digest information with email addresses
*
* @return void
*/
function testParseDigestAuthEmailAddress() {
$this->Controller->Security->startup($this->Controller);
$digest = <<<DIGEST
Digest username="mark@example.com",
realm="testrealm@host.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="/dir/index.html",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
DIGEST;
$expected = array(
'username' => 'mark@example.com',
'realm' => 'testrealm@host.com',
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
'uri' => '/dir/index.html',
'qop' => 'auth',
'nc' => '00000001',
'cnonce' => '0a4f113b',
'response' => '6629fae49393a05397450978507c4ef1',
'opaque' => '5ccc069c403ebaf9f0171e9517f40e41'
);
$result = $this->Controller->Security->parseDigestAuthData($digest);
$this->assertIdentical($result, $expected);
}
/**
* testFormDisabledFields method
*
@@ -1159,4 +1194,4 @@ function testBlackHoleNotDeletingSessionInformation() {
$this->assertTrue($this->Controller->Security->Session->check('_Token'), '_Token was deleted by blackHole %s');
}
}
?>
?>

0 comments on commit 3f6bee0

Please sign in to comment.
You can’t perform that action at this time.