Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Only send opaque auth attribute if the server sent it with the challenge #84

Merged
merged 2 commits into from Nov 30, 2015
Jump to file or symbol
Failed to load files and symbols.
+15 −12
Split
@@ -260,16 +260,19 @@ def extract_params_from_response
end
def auth_attributes_for(uri, request_digest, params)
- [
- %Q(username="#{@user}"),
- %Q(realm="#{params['realm']}"),
- %Q(qop="#{params['qop']}"),
- %Q(uri="#{uri.path}"),
- %Q(nonce="#{params['nonce']}"),
- %Q(nc="0"),
- %Q(cnonce="#{params['cnonce']}"),
- %Q(opaque="#{params['opaque']}"),
- %Q(response="#{request_digest}")].join(", ")
+ auth_attrs =
+ [
+ %Q(username="#{@user}"),
+ %Q(realm="#{params['realm']}"),
+ %Q(qop="#{params['qop']}"),
+ %Q(uri="#{uri.path}"),
+ %Q(nonce="#{params['nonce']}"),
+ %Q(nc="0"),
+ %Q(cnonce="#{params['cnonce']}"),
+ %Q(response="#{request_digest}")]
+
+ auth_attrs << %Q(opaque="#{params['opaque']}") unless params['opaque'].blank?
+ auth_attrs.join(", ")
end
def http_format_header(http_method)
@@ -238,11 +238,11 @@ def test_raises_invalid_request_on_unauthorized_requests_with_digest_auth
private
def blank_digest_auth_header(uri, response)
- %Q(Digest username="david", realm="", qop="", uri="#{uri}", nonce="", nc="0", cnonce="i-am-a-client-nonce", opaque="", response="#{response}")
+ %Q(Digest username="david", realm="", qop="", uri="#{uri}", nonce="", nc="0", cnonce="i-am-a-client-nonce", response="#{response}")
end
def request_digest_auth_header(uri, response)
- %Q(Digest username="david", realm="RailsTestApp", qop="auth", uri="#{uri}", nonce="#{@nonce}", nc="0", cnonce="i-am-a-client-nonce", opaque="ef6dfb078ba22298d366f99567814ffb", response="#{response}")
+ %Q(Digest username="david", realm="RailsTestApp", qop="auth", uri="#{uri}", nonce="#{@nonce}", nc="0", cnonce="i-am-a-client-nonce", response="#{response}", opaque="ef6dfb078ba22298d366f99567814ffb")
end
def response_digest_auth_header