Skip to content
Browse files

Changing pattern used to read digest auth data. Allows emails to be u…

…sed as usernames.

This also adds the realm to the return value of SecurityComponent::parseDigestAuth().  Fixes #1181
  • Loading branch information...
1 parent d564164 commit a0a84d1a8d854365c557b630a92ed584c39db8ba @markstory markstory committed
View
2 cake/libs/controller/components/security.php
@@ -383,7 +383,7 @@ function parseDigestAuthData($digest) {
$keys = array();
$match = array();
$req = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);
- preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2@', $digest, $match, PREG_SET_ORDER);
+ preg_match_all('/(\w+)=([\'"]?)([a-zA-Z0-9@=.\/_-]+)\2/', $digest, $match, PREG_SET_ORDER);
foreach ($match as $i) {
$keys[$i[1]] = $i[3];
View
35 cake/tests/cases/libs/controller/components/security.test.php
@@ -1064,6 +1064,7 @@ function testLoginCredentials() {
DIGEST;
$expected = array(
'username' => 'Mufasa',
+ 'realm' => 'testrealm@host.com',
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
'uri' => '/dir/index.html',
'qop' => 'auth',
@@ -1098,6 +1099,7 @@ function testParseDigestAuthData() {
DIGEST;
$expected = array(
'username' => 'Mufasa',
+ 'realm' => 'testrealm@host.com',
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
'uri' => '/dir/index.html',
'qop' => 'auth',
@@ -1114,6 +1116,39 @@ function testParseDigestAuthData() {
}
/**
+ * test parsing digest information with email addresses
+ *
+ * @return void
+ */
+ function testParseDigestAuthEmailAddress() {
+ $this->Controller->Security->startup($this->Controller);
+ $digest = <<<DIGEST
+ Digest username="mark@example.com",
+ realm="testrealm@host.com",
+ nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
+ uri="/dir/index.html",
+ qop=auth,
+ nc=00000001,
+ cnonce="0a4f113b",
+ response="6629fae49393a05397450978507c4ef1",
+ opaque="5ccc069c403ebaf9f0171e9517f40e41"
+DIGEST;
+ $expected = array(
+ 'username' => 'mark@example.com',
+ 'realm' => 'testrealm@host.com',
+ 'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
+ 'uri' => '/dir/index.html',
+ 'qop' => 'auth',
+ 'nc' => '00000001',
+ 'cnonce' => '0a4f113b',
+ 'response' => '6629fae49393a05397450978507c4ef1',
+ 'opaque' => '5ccc069c403ebaf9f0171e9517f40e41'
+ );
+ $result = $this->Controller->Security->parseDigestAuthData($digest);
+ $this->assertIdentical($result, $expected);
+ }
+
+/**
* testFormDisabledFields method
*
* @access public

0 comments on commit a0a84d1

Please sign in to comment.
Something went wrong with that request. Please try again.