Basic specs for http digest auth

processone · Jul 31, 2012 · 49562d7 · 49562d7
1 parent 07522dc
commit 49562d7
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 4 deletions.
diff --git a/lib/em-http/middleware/digest_auth.rb b/lib/em-http/middleware/digest_auth.rb
@@ -24,8 +24,7 @@ def initialize(www_authenticate, opts = {})
       def request(client, head, body)
         # Allow HTTP basic auth fallback
         if @is_digest_auth
-          digest = build_auth_digest(client.req.method, client.req.uri.path, @opts.merge(@digest_params))
-          head['Authorization'] = digest
+          head['Authorization'] = build_auth_digest(client.req.method, client.req.uri.path, @opts.merge(@digest_params))
         else
           head['Authorization'] = [@opts[:username], @opts[:password]]
         end
@@ -40,8 +39,8 @@ def response(resp)
         end
       end
 
-      private
-      def build_auth_digest(method, uri, params = {})
+      def build_auth_digest(method, uri, params = nil)
+        params = @opts.merge(@digest_params) if !params
         nonce_count = next_nonce
 
         user = CGI.unescape params[:username]

diff --git a/spec/digest_auth_spec.rb b/spec/digest_auth_spec.rb
@@ -0,0 +1,48 @@
+require 'helper'
+
+$: << 'lib' << '../lib'
+
+require 'em-http/middleware/digest_auth'
+
+describe 'Digest Auth Authentication header generation' do
+  before :each do
+    @reference_header = 'Digest username="digest_username", realm="DigestAuth_REALM", algorithm=MD5, uri="/", nonce="MDAxMzQzNzQwNjA2OmRjZjAyZDY3YWMyMWVkZGQ4OWE2Nzg3ZTY3YTNlMjg5", response="96829962ffc31fa2852f86dc7f9f609b", opaque="BzdNK3gsJ2ixTrBJ"'
+  end
+
+  it 'should generate the correct header'  do
+    www_authenticate = 'Digest realm="DigestAuth_REALM", nonce="MDAxMzQzNzQwNjA2OmRjZjAyZDY3YWMyMWVkZGQ4OWE2Nzg3ZTY3YTNlMjg5", opaque="BzdNK3gsJ2ixTrBJ", stale=false, algorithm=MD5'
+
+    params = {
+      username: 'digest_username',
+      password: 'digest_password'
+    }
+
+    middleware = EM::Middleware::DigestAuth.new(www_authenticate, params)
+    middleware.build_auth_digest('GET', '/').should == @reference_header
+  end
+
+  it 'should not generate the same header for a different user' do
+    www_authenticate = 'Digest realm="DigestAuth_REALM", nonce="MDAxMzQzNzQwNjA2OmRjZjAyZDY3YWMyMWVkZGQ4OWE2Nzg3ZTY3YTNlMjg5", opaque="BzdNK3gsJ2ixTrBJ", stale=false, algorithm=MD5'
+
+    params = {
+      username: 'digest_username_2',
+      password: 'digest_password'
+    }
+
+    middleware = EM::Middleware::DigestAuth.new(www_authenticate, params)
+    middleware.build_auth_digest('GET', '/').should_not == @reference_header
+  end
+
+  it 'should not generate the same header if the nounce changes' do
+    www_authenticate = 'Digest realm="DigestAuth_REALM", nonce="MDAxMzQzNzQwNjA2OmRjZjAyZDY3YWMyMWVkZGQ4OWE2Nzg3ZTY3YTNlMjg6", opaque="BzdNK3gsJ2ixTrBJ", stale=false, algorithm=MD5'
+
+    params = {
+      username: 'digest_username_2',
+      password: 'digest_password'
+    }
+
+    middleware = EM::Middleware::DigestAuth.new(www_authenticate, params)
+    middleware.build_auth_digest('GET', '/').should_not == @reference_header
+  end
+
+end