Permalink
Browse files

RFC 2069 compatibility for qop

  • Loading branch information...
1 parent d55cd46 commit 1cb9aa0a28e20921a669694fe803374daa31f3e7 @drbrain committed Sep 12, 2010
Showing with 22 additions and 13 deletions.
  1. +1 −0 History.txt
  2. +11 −12 lib/net/http/digest_auth.rb
  3. +10 −1 test/test_net_http_digest_auth.rb
View
@@ -5,6 +5,7 @@
* Bug fixes
* Support opaque per RFC 2617 3.2.1
* Support MD5-sess per RFC 2617 3.2.2.2
+ * Support unspecified qop for RFC 2069 compatibility per RFC 2617 3.2.2.1
=== 1.0 / 2010-09-10
@@ -79,6 +79,8 @@ def auth_header uri, www_authenticate, method, iis = false
params = {}
$2.gsub(/(\w+)="(.*?)"/) { params[$1] = $2 }
+ qop = params['qop']
+
if params['algorithm'] =~ /(.*?)(-sess)?$/
algorithm = case $1
when 'MD5' then Digest::MD5
@@ -108,28 +110,25 @@ def auth_header uri, www_authenticate, method, iis = false
ha1 = algorithm.hexdigest a1
ha2 = algorithm.hexdigest "#{method}:#{uri.request_uri}"
- request_digest = [
- ha1,
- params['nonce'],
- ('%08x' % @nonce_count),
- @cnonce,
- params['qop'],
- ha2
- ].join ':'
+ request_digest = [ha1, params['nonce']]
+ request_digest.push ('%08x' % @nonce_count), @cnonce, qop if qop
+ request_digest << ha2
+ request_digest = request_digest.join ':'
header = [
"Digest username=\"#{user}\"",
"realm=\"#{params['realm']}\"",
- if iis then
- "qop=\"#{params['qop']}\""
+ if qop.nil? then
+ elsif iis then
+ "qop=\"#{qop}\""
else
- "qop=#{params['qop']}"
+ "qop=#{qop}"
end,
"uri=\"#{uri.request_uri}\"",
"nonce=\"#{params['nonce']}\"",
"nc=#{'%08x' % @nonce_count}",
"cnonce=\"#{@cnonce}\"",
- "response=\"#{algorithm.hexdigest request_digest}\"",
+ "response=\"#{algorithm.hexdigest(request_digest)[0, 32]}\"",
if params.key? 'opaque' then
"opaque=\"#{params['opaque']}\""
end
@@ -49,6 +49,15 @@ def test_auth_header_iis
assert_equal expected, @da.auth_header(@uri, @header, 'GET', true)
end
+ def test_auth_header_no_qop
+ @header.sub! ' qop="auth",', ''
+
+ @expected[7] = 'response="32f6ca1631ccf7c42a8075deff44e470"'
+ @expected.slice! 2
+
+ assert_equal expected, @da.auth_header(@uri, @header, 'GET')
+ end
+
def test_auth_header_opaque
@expected << 'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
@header << 'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
@@ -71,7 +80,7 @@ def test_auth_header_sess
end
def test_auth_header_sha1
- @expected[7] = 'response="2cb62fc18f7b0ebdc34543f896bb77686b4115e4"'
+ @expected[7] = 'response="2cb62fc18f7b0ebdc34543f896bb7768"'
@header << 'algorithm="SHA1"'

0 comments on commit 1cb9aa0

Please sign in to comment.