better DIGEST support

request · Dec 8, 2013 · 628ef76 · 628ef76
1 parent aacbf47
commit 628ef76
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/request.js b/request.js
@@ -719,22 +719,28 @@ Request.prototype.onResponse = function (response) {
 
         var ha1 = md5(self._user + ':' + challenge.realm + ':' + self._pass)
         var ha2 = md5(self.method + ':' + self.uri.path)
-        var cnonce = uuid().replace(/-/g, '')
-        var digestResponse = md5(ha1 + ':' + challenge.nonce + ':1:' + cnonce + ':auth:' + ha2)
+        var qop = /(^|,)auth($|,)/.test(challenge.qop) && 'auth'
+        var nc = qop && '00000001'
+        var cnonce = qop && uuid().replace(/-/g, '')
+        var digestResponse = qop ? md5(ha1 + ':' + challenge.nonce + ':' + nc + ':' + cnonce + ':' + qop + ':' + ha2) : md5(ha1 + ':' + challenge.nonce + ':' + ha2)
         var authValues = {
           username: self._user,
           realm: challenge.realm,
           nonce: challenge.nonce,
           uri: self.uri.path,
-          qop: challenge.qop,
+          qop: qop,
           response: digestResponse,
-          nc: 1,
+          nc: nc,
           cnonce: cnonce
         }
 
         authHeader = []
         for (var k in authValues) {
-          authHeader.push(k + '="' + authValues[k] + '"')
+          if (k === 'qop' || k === 'nc') {
+            authHeader.push(k + '=' + authValues[k])
+          } else {
+            authHeader.push(k + '="' + authValues[k] + '"')
+          }
         }
         authHeader = 'Digest ' + authHeader.join(', ')
         self.setHeader('authorization', authHeader)

diff --git a/tests/test-digest-auth.js b/tests/test-digest-auth.js
@@ -15,7 +15,7 @@ var digestServer = http.createServer(function (req, res) {
   var ok;
 
   if (req.headers.authorization) {
-    if (/^Digest username="test", realm="Private", nonce="WpcHS2\/TBAA=dffcc0dbd5f96d49a5477166649b7c0ae3866a93", uri="\/test\/", qop="auth", response="[a-f0-9]{32}", nc="1", cnonce="[a-f0-9]{32}"$/.exec(req.headers.authorization)) {
+    if (/^Digest username="test", realm="Private", nonce="WpcHS2\/TBAA=dffcc0dbd5f96d49a5477166649b7c0ae3866a93", uri="\/test\/", qop=auth, response="[a-f0-9]{32}", nc=00000001, cnonce="[a-f0-9]{32}"$/.exec(req.headers.authorization)) {
       ok = true;
     } else {
       // Bad auth header, don't send back WWW-Authenticate header