HTTP Digest Authentication #201

merged 8 commits into from Jun 22, 2013


None yet
2 participants

elhu commented Jul 31, 2012


This is a pull request for a middleware that allows em-http-request to handle servers requiring http digest authentication.

You will find an example, with a small server written using WEBRick and a client to demonstrate a use-case.
There are also some specs, it's still quite shallow but it should cover the basics.

If you have any questions, I'll be glad to answer them!


elhu added some commits Jul 31, 2012

Rework of the WWW_AUTHENTICATE header parsing
The previous method was failing in a lot of corner cases. This one is
able to withstand what I've thrown to it so far.
Example files for http digest auth
With both server and clients. I used WebRick for the server because it
comes standard with Ruby, and supports HTTP digest auth.
Fixed formatting
Added new lines at the end of files where needed.
+ # Process the WWW_AUTHENTICATE header to get the authentication parameters
+ def get_params(www_authenticate)
+ www_authenticate.scan(/(\w+)=(.*?)(,|\z)/).each do |match|
+ @digest_params[match[0].to_sym] = match[1].chomp('"').reverse.chomp('"').reverse

igrigorik Aug 1, 2012


Why not put the optional "s into the regex and just don't capture them? Seems simpler.

+ @nonce_count = -1
+ @opts = {}
+ # Symbolize the opts hash's keys
+ opts.each {|k, v| @opts[k.to_sym] = v}

igrigorik Aug 1, 2012


we try to use symbols in all configs, let's just stick to that here, no need for both.

+ }
+ chunks = www_authenticate.split(' ')
+ if (@is_digest_auth = 'Digest' == chunks.shift)
+ get_params(chunks.join(' '))

igrigorik Aug 1, 2012


get_params(www_authenticate) if www_authenticate =~ /^Digest/

No need to split and rejoin the same string.

+ params = @opts.merge(@digest_params) if !params
+ nonce_count = next_nonce
+ user = CGI.unescape params[:username]

elhu commented Aug 1, 2012


I made a few changes according to your previous comments. Thanks a lot for the one about the " in the regexp by the way, I couldn't seem to wrap my head around it yesterday and your question was the trigger to finally have the clean regexp I was looking for.

@igrigorik igrigorik merged commit 8605374 into igrigorik:master Jun 22, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment