Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Digest authentication fails when GET parameters are specified #2023

Geoffrey-A opened this issue Jan 8, 2018 · 1 comment

Digest authentication fails when GET parameters are specified #2023

Geoffrey-A opened this issue Jan 8, 2018 · 1 comment


Copy link

@Geoffrey-A Geoffrey-A commented Jan 8, 2018

With the following code:

import vibe.d;

final class Test {
    private DigestAuthInfo m_authinfo;
    this() {
        m_authinfo = new DigestAuthInfo;
        m_authinfo.realm = "realm";

    @noRoute string authenticate(
        scope HTTPServerRequest req,
        scope HTTPServerResponse res ) @trusted
        string checkPassword(string realm, string user) {
            return createDigestPassword("realm", "admin", "secret");

        return performDigestAuth(
            req, res, m_authinfo, toDelegate(&checkPassword) );

    void get(HTTPServerResponse res, string username = "me", string value = "default") {
        res.writeBody("hi " ~ username ~ "\nvalue: " ~ value ~ "\n");

shared static this() {
    auto router = new URLRouter;
    router.registerWebInterface(new Test);

    auto settings = new HTTPServerSettings;
    settings.port = 8080;
    settings.bindAddresses = ["::1", ""];

    listenHTTP(settings, router);

No parameter given:

% curl --digest -u admin:secret ''
hi admin
value: default

Parameter given, reproducible with any parameter name (such as ?unexpected=hello):

% curl --digest -u admin:secret ''
401 - Unauthorized


It works if either:

  • the @before!authenticate UDA is commented out
  • the endpoint is made POST instead of GET

Is there any workaround?

Copy link
Contributor Author

@Geoffrey-A Geoffrey-A commented Jan 10, 2018

I checked that basic auth does not have this issue.


Geoffrey-A added a commit to Geoffrey-A/vibe.d that referenced this issue Feb 4, 2018
@s-ludwig s-ludwig closed this in 7e4d22c May 18, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant