From 34ec20adf227233a28af8f1fdddc00c0f5841832 Mon Sep 17 00:00:00 2001 From: Gevorg Harutyunyan Date: Sat, 24 Nov 2012 21:59:28 +0400 Subject: [PATCH] Issue 18 fixed - allow empty cnonce. --- examples/example_digest.js | 32 ++++++++++++++++++++++++++++++++ lib/auth/digest.js | 6 +++--- package.json | 4 ++-- tests/auth/test-digest.js | 26 +++++++++++++++++++++++++- 4 files changed, 62 insertions(+), 6 deletions(-) create mode 100644 examples/example_digest.js diff --git a/examples/example_digest.js b/examples/example_digest.js new file mode 100644 index 0000000..fc4115c --- /dev/null +++ b/examples/example_digest.js @@ -0,0 +1,32 @@ +/** + * HTTP authentication module. + */ +var auth = require('../lib/http-auth'); + +/** + * HTTP module. + */ +var http = require('http'); + +/** + * Requesting new authentication instance. + */ +var digest = auth({ + authRealm : "Private area.", + // username is mia, password is supergirl. + authList : ['mia:Private area.:3a556dc7260e8e7f032d247fb668b06b'], + authType : 'digest' +}); + +/** + * Creating new HTTP server. + */ +http.createServer(function(req, res) { + // Apply authentication to server. + digest.apply(req, res, function(username) { + res.end("Welcome to private area - " + username + "!"); + }); +}).listen(1337); + +// Log url. +console.log("Server running at http://127.0.0.1:1337/"); diff --git a/lib/auth/digest.js b/lib/auth/digest.js index d57dc6d..c8957a2 100644 --- a/lib/auth/digest.js +++ b/lib/auth/digest.js @@ -107,7 +107,6 @@ Digest.prototype.isAuthenticated = function(request) { // Evaluating final authentication response. var authRes = utils.md5(ha1 + ":" + co.nonce + ":" + co.nc + ":" + co.cnonce + ":" + co.qop + ":" + ha2); - authenticated = (authRes == co.response) ? co.username : undefined; } else { authenticated = this.STALE; @@ -167,10 +166,11 @@ Digest.prototype.parseAuthHeader = function(header) { // Replacing internal quotes. var searchHeader = header.replace(/\\"/g, """); - // Padding with quotes not padding values. + + // Padding with quotes not padding values. searchHeader = searchHeader.replace(/(\w+)=([^," ]+)/g, '$1=\"$2\"'); // Initial tokens. - var tokens = searchHeader.match(/(\w+)="([^"]+)"/g); + var tokens = searchHeader.match(/(\w+)="([^"]*)"/g); // If tokens were found. if(tokens) { diff --git a/package.json b/package.json index 194f158..b2abfa3 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "http-auth", "description": "Node.js package for HTTP basic and digest access authentication.", - "version": "1.2.2", + "version": "1.2.3", "author": "Gevorg Harutyunyan (http://github.com/gevorg)", "maintainers": [ { @@ -37,4 +37,4 @@ "node": ">=0.4.1" }, "keywords": ["node", "http", "server", "basic", "digest", "access", "authentication"] -} \ No newline at end of file +} diff --git a/tests/auth/test-digest.js b/tests/auth/test-digest.js index b3e48b7..eaa9a57 100644 --- a/tests/auth/test-digest.js +++ b/tests/auth/test-digest.js @@ -102,6 +102,29 @@ exports['testParseAuthHeader'] = function(test) { // Test is done. test.done(); }; + +/** + * Test for isAuthenticated, with empty cnonce. + */ +exports['testIsAuthenticatedEmptyCnonce'] = function(test) { + source.nonces["2675ef554c8c872e80b946657e2e36a9"] = 0; + + // Header. + var header = 'Digest username="mia", realm="Private area.", ' + + 'nonce="2675ef554c8c872e80b946657e2e36a9", uri="/", algorithm=MD5, ' + + 'response="ad1e6d4a5c1892b8cd153f89b93b8aa9", qop=auth, nc=00000001, ' + + 'cnonce=""'; + + // Initiates input request. + var request = {headers : {authorization : header}}; + + // Source method call, that must return username. + test.equals(source.isAuthenticated(request), "mia", "User must be valid!"); + + // Test is done. + test.done(); +}; + /** * Test for isAuthenticated, true case. */ @@ -123,6 +146,7 @@ exports['testIsAuthenticatedTrue'] = function(test) { // Test is done. test.done(); }; + /** * Test for isAuthenticated, false header case. */ @@ -239,4 +263,4 @@ exports['testApplyAuth'] = function(test) { response.assert(); // Test is done. test.done(); -}; \ No newline at end of file +};