Permalink
Browse files

Fixed -sess authentication

-sess authentication was broken as header parsing expected a quoted
values and the cnonce value wasn't used to create ha1.

This also fixes #4 as the algorithm must be returned when it isn't MD5.
  • Loading branch information...
1 parent d5fcf49 commit 6580eb2b245b62ad9f9e5e6e25debe22bf4c1cfd @drbrain committed May 17, 2012
Showing with 30 additions and 19 deletions.
  1. +5 −0 History.txt
  2. +11 −7 lib/net/http/digest_auth.rb
  3. +0 −1 sample/auth_server.rb
  4. +14 −11 test/test_net_http_digest_auth.rb
View
@@ -1,3 +1,8 @@
+=== 1.2.1
+
+* Bug fix
+ * Fixed -sess authentication. This also fixes pull request #4 by joe81
+
=== 1.2 / 2011-11-22
* Minor enhancement
@@ -44,7 +44,7 @@ class Error < RuntimeError; end
##
# Version of Net::HTTP::DigestAuth you are using
- VERSION = '1.2'
+ VERSION = '1.2.1'
##
# Creates a new DigestAuth header creator.
@@ -80,10 +80,14 @@ def auth_header uri, www_authenticate, method, iis = false
www_authenticate =~ /^(\w+) (.*)/
+ challenge = $2
+
params = {}
- $2.gsub(/(\w+)="(.*?)"/) { params[$1] = $2 }
+ challenge.gsub(/(\w+)="(.*?)"/) { params[$1] = $2 }
- qop = params['qop']
+ challenge =~ /algorithm=(.*?)([, ]|$)/
+
+ params['algorithm'] = $1 || 'MD5'
if params['algorithm'] =~ /(.*?)(-sess)?$/
algorithm = case $1
@@ -97,20 +101,19 @@ def auth_header uri, www_authenticate, method, iis = false
else raise Error, "unknown algorithm \"#{$1}\""
end
sess = $2
- else
- algorithm = Digest::MD5
- sess = false
end
a1 = if sess then
[ algorithm.hexdigest("#{user}:#{params['realm']}:#{password}"),
params['nonce'],
- params['cnonce']
+ @cnonce,
].join ':'
else
"#{user}:#{params['realm']}:#{password}"
end
+ qop = params['qop']
+
ha1 = algorithm.hexdigest a1
ha2 = algorithm.hexdigest "#{method}:#{uri.request_uri}"
@@ -122,6 +125,7 @@ def auth_header uri, www_authenticate, method, iis = false
header = [
"Digest username=\"#{user}\"",
"realm=\"#{params['realm']}\"",
+ "algorithm=#{params['algorithm']}",
if qop.nil? then
elsif iis then
"qop=\"#{qop}\""
@@ -16,7 +16,6 @@ def initialize server
config[:Realm] = 'net-http-digest_auth'
config[:UseOpaque] = false
config[:AutoReloadUserDB] = false
- config[:Algorithm] = 'MD5'
passwd_file = Tempfile.new 'net-http-digest_auth'
passwd_file.close
@@ -19,6 +19,7 @@ def setup
@expected = [
'Digest username="user"',
'realm="www.example.com"',
+ 'algorithm=MD5',
'qop=auth',
'uri="/"',
'nonce="4107baa081a592a6021660200000cd6c5686ff5f579324402b374d83e2c9"',
@@ -37,23 +38,23 @@ def expected
def test_auth_header
assert_equal expected, @da.auth_header(@uri, @header, 'GET')
- @expected[5] = 'nc=00000001'
- @expected[7] = 'response="1f5f0cd1588690c1303737f081c0b9bb"'
+ @expected[6] = 'nc=00000001'
+ @expected[8] = 'response="1f5f0cd1588690c1303737f081c0b9bb"'
assert_equal expected, @da.auth_header(@uri, @header, 'GET')
end
def test_auth_header_iis
- @expected[2] = 'qop="auth"'
+ @expected[3] = 'qop="auth"'
assert_equal expected, @da.auth_header(@uri, @header, 'GET', true)
end
def test_auth_header_no_qop
@header.sub! ' qop="auth",', ''
- @expected[7] = 'response="32f6ca1631ccf7c42a8075deff44e470"'
- @expected.slice! 2
+ @expected[8] = 'response="32f6ca1631ccf7c42a8075deff44e470"'
+ @expected.slice! 3
assert_equal expected, @da.auth_header(@uri, @header, 'GET')
end
@@ -66,29 +67,31 @@ def test_auth_header_opaque
end
def test_auth_header_post
- @expected[7] = 'response="d82219e1e5430b136bbae1670fa51d48"'
+ @expected[8] = 'response="d82219e1e5430b136bbae1670fa51d48"'
assert_equal expected, @da.auth_header(@uri, @header, 'POST')
end
def test_auth_header_sess
- @header << 'algorithm="MD5-sess"'
+ @header << ', algorithm=MD5-sess'
- @expected[7] = 'response="76d3ff10007496cee26c61f9d04c72a8"'
+ @expected[2] = 'algorithm=MD5-sess'
+ @expected[8] = 'response="c22c5bd9112a86ca78ddc1ae772daeeb"'
assert_equal expected, @da.auth_header(@uri, @header, 'GET')
end
def test_auth_header_sha1
- @expected[7] = 'response="2cb62fc18f7b0ebdc34543f896bb7768"'
+ @expected[2] = 'algorithm=SHA1'
+ @expected[8] = 'response="2cb62fc18f7b0ebdc34543f896bb7768"'
- @header << 'algorithm="SHA1"'
+ @header << 'algorithm=SHA1'
assert_equal expected, @da.auth_header(@uri, @header, 'GET')
end
def test_auth_header_unknown_algorithm
- @header << 'algorithm="bogus"'
+ @header << 'algorithm=bogus'
e = assert_raises Net::HTTP::DigestAuth::Error do
@da.auth_header @uri, @header, 'GET'

0 comments on commit 6580eb2

Please sign in to comment.