Permalink
Browse files

RFC 2617 3.2.2.2

  • Loading branch information...
1 parent 4631c60 commit d55cd46f94029415e5ef8ddd4cd4352ce2b1638e @drbrain committed Sep 12, 2010
Showing with 19 additions and 1 deletion.
  1. +1 −0 History.txt
  2. +10 −1 lib/net/http/digest_auth.rb
  3. +8 −0 test/test_net_http_digest_auth.rb
View
1 History.txt
@@ -4,6 +4,7 @@
* Add support for SHA1, SHA2, SHA256, SHA384, SHA512, RMD160 algorithms
* Bug fixes
* Support opaque per RFC 2617 3.2.1
+ * Support MD5-sess per RFC 2617 3.2.2.2
=== 1.0 / 2010-09-10
View
11 lib/net/http/digest_auth.rb
@@ -96,7 +96,16 @@ def auth_header uri, www_authenticate, method, iis = false
sess = false
end
- ha1 = algorithm.hexdigest "#{user}:#{params['realm']}:#{password}"
+ a1 = if sess then
+ [ algorithm.hexdigest("#{user}:#{params['realm']}:#{password}"),
+ params['nonce'],
+ params['cnonce']
+ ].join ':'
+ else
+ "#{user}:#{params['realm']}:#{password}"
+ end
+
+ ha1 = algorithm.hexdigest a1
ha2 = algorithm.hexdigest "#{method}:#{uri.request_uri}"
request_digest = [
View
8 test/test_net_http_digest_auth.rb
@@ -62,6 +62,14 @@ def test_auth_header_post
assert_equal expected, @da.auth_header(@uri, @header, 'POST')
end
+ def test_auth_header_sess
+ @header << 'algorithm="MD5-sess"'
+
+ @expected[7] = 'response="76d3ff10007496cee26c61f9d04c72a8"'
+
+ assert_equal expected, @da.auth_header(@uri, @header, 'GET')
+ end
+
def test_auth_header_sha1
@expected[7] = 'response="2cb62fc18f7b0ebdc34543f896bb77686b4115e4"'

0 comments on commit d55cd46

Please sign in to comment.