Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Issue 18 fixed - allow empty cnonce.

  • Loading branch information...
commit 34ec20adf227233a28af8f1fdddc00c0f5841832 1 parent ff2f491
@gevorg authored
View
32 examples/example_digest.js
@@ -0,0 +1,32 @@
+/**
+ * HTTP authentication module.
+ */
+var auth = require('../lib/http-auth');
+
+/**
+ * HTTP module.
+ */
+var http = require('http');
+
+/**
+ * Requesting new authentication instance.
+ */
+var digest = auth({
+ authRealm : "Private area.",
+ // username is mia, password is supergirl.
+ authList : ['mia:Private area.:3a556dc7260e8e7f032d247fb668b06b'],
+ authType : 'digest'
+});
+
+/**
+ * Creating new HTTP server.
+ */
+http.createServer(function(req, res) {
+ // Apply authentication to server.
+ digest.apply(req, res, function(username) {
+ res.end("Welcome to private area - " + username + "!");
+ });
+}).listen(1337);
+
+// Log url.
+console.log("Server running at http://127.0.0.1:1337/");
View
6 lib/auth/digest.js
@@ -107,7 +107,6 @@ Digest.prototype.isAuthenticated = function(request) {
// Evaluating final authentication response.
var authRes = utils.md5(ha1 + ":" + co.nonce + ":" + co.nc + ":" +
co.cnonce + ":" + co.qop + ":" + ha2);
-
authenticated = (authRes == co.response) ? co.username : undefined;
} else {
authenticated = this.STALE;
@@ -167,10 +166,11 @@ Digest.prototype.parseAuthHeader = function(header) {
// Replacing internal quotes.
var searchHeader = header.replace(/\\"/g, """);
- // Padding with quotes not padding values.
+
+ // Padding with quotes not padding values.
searchHeader = searchHeader.replace(/(\w+)=([^," ]+)/g, '$1=\"$2\"');
// Initial tokens.
- var tokens = searchHeader.match(/(\w+)="([^"]+)"/g);
+ var tokens = searchHeader.match(/(\w+)="([^"]*)"/g);
// If tokens were found.
if(tokens) {
View
4 package.json
@@ -1,7 +1,7 @@
{
"name": "http-auth",
"description": "Node.js package for HTTP basic and digest access authentication.",
- "version": "1.2.2",
+ "version": "1.2.3",
"author": "Gevorg Harutyunyan (http://github.com/gevorg)",
"maintainers": [
{
@@ -37,4 +37,4 @@
"node": ">=0.4.1"
},
"keywords": ["node", "http", "server", "basic", "digest", "access", "authentication"]
-}
+}
View
26 tests/auth/test-digest.js
@@ -102,6 +102,29 @@ exports['testParseAuthHeader'] = function(test) {
// Test is done.
test.done();
};
+
+/**
+ * Test for isAuthenticated, with empty cnonce.
+ */
+exports['testIsAuthenticatedEmptyCnonce'] = function(test) {
+ source.nonces["2675ef554c8c872e80b946657e2e36a9"] = 0;
+
+ // Header.
+ var header = 'Digest username="mia", realm="Private area.", ' +
+ 'nonce="2675ef554c8c872e80b946657e2e36a9", uri="/", algorithm=MD5, ' +
+ 'response="ad1e6d4a5c1892b8cd153f89b93b8aa9", qop=auth, nc=00000001, ' +
+ 'cnonce=""';
+
+ // Initiates input request.
+ var request = {headers : {authorization : header}};
+
+ // Source method call, that must return username.
+ test.equals(source.isAuthenticated(request), "mia", "User must be valid!");
+
+ // Test is done.
+ test.done();
+};
+
/**
* Test for isAuthenticated, true case.
*/
@@ -123,6 +146,7 @@ exports['testIsAuthenticatedTrue'] = function(test) {
// Test is done.
test.done();
};
+
/**
* Test for isAuthenticated, false header case.
*/
@@ -239,4 +263,4 @@ exports['testApplyAuth'] = function(test) {
response.assert();
// Test is done.
test.done();
-};
+};
Please sign in to comment.
Something went wrong with that request. Please try again.