Zend\Http\Client does not support HTTP Digest Authentication #2646

Closed
adamlundrigan opened this Issue Oct 2, 2012 · 12 comments

Comments

Projects
None yet
5 participants
@adamlundrigan
Member

adamlundrigan commented Oct 2, 2012

`Zend\Http\Client::calcAuthDigest`` appears to have the workings for Digest Authentication (https://github.com/zendframework/zf2/blob/master/library/Zend/Http/Client.php#L674), but it is not integrated into the request flow.

@adamlundrigan

This comment has been minimized.

Show comment Hide comment
@adamlundrigan

adamlundrigan Oct 10, 2012

Member

I've begun working on a fix for this: https://github.com/adamlundrigan/zf2/tree/feature/digest-authentication
In it's current state, the implementation works but is in need of major overhaul/cleanup plus unit tests.

TODO

  • nonceCount (nc) and clientNonce (cnonce) should be internalized instead of being set by the user
    (nc is auto-increment; cnonce is random)
  • Handling of response generation when qop value is auth-int may need updating
  • Major refactoring of method calcAuthDigest is necessary
  • Implement "Mock Server" adapter for Client which generates responses containing WWW-Authenticate and Authentication-Info headers where appropriate (necessary for unit testing)
  • Validate implementation of Client::calcAuthDigest method plus the relevant Header classes against RFC 2617
    • Zend\Http\Header\WWWAuthenticate
    • Zend\Http\Header\AuthenticationInfo
    • Zend\Http\Header\Authorization
Member

adamlundrigan commented Oct 10, 2012

I've begun working on a fix for this: https://github.com/adamlundrigan/zf2/tree/feature/digest-authentication
In it's current state, the implementation works but is in need of major overhaul/cleanup plus unit tests.

TODO

  • nonceCount (nc) and clientNonce (cnonce) should be internalized instead of being set by the user
    (nc is auto-increment; cnonce is random)
  • Handling of response generation when qop value is auth-int may need updating
  • Major refactoring of method calcAuthDigest is necessary
  • Implement "Mock Server" adapter for Client which generates responses containing WWW-Authenticate and Authentication-Info headers where appropriate (necessary for unit testing)
  • Validate implementation of Client::calcAuthDigest method plus the relevant Header classes against RFC 2617
    • Zend\Http\Header\WWWAuthenticate
    • Zend\Http\Header\AuthenticationInfo
    • Zend\Http\Header\Authorization
@jcrawford

This comment has been minimized.

Show comment Hide comment
@jcrawford

jcrawford Dec 1, 2012

@adamlundrigan are you still working on this?

@adamlundrigan are you still working on this?

@adamlundrigan

This comment has been minimized.

Show comment Hide comment
@adamlundrigan

adamlundrigan Dec 7, 2012

Member

@jcrawford I do have plans to come back around to it, but unfortunately I can't make it a priority and won't have time to work on it for at least the next few weeks, possibly months. If you want to move ahead with it feel free to do so

Member

adamlundrigan commented Dec 7, 2012

@jcrawford I do have plans to come back around to it, but unfortunately I can't make it a priority and won't have time to work on it for at least the next few weeks, possibly months. If you want to move ahead with it feel free to do so

@jcrawford

This comment has been minimized.

Show comment Hide comment
@jcrawford

jcrawford Dec 7, 2012

@adamlundrigan I will start to take a look at this for my next contribution :)

@adamlundrigan I will start to take a look at this for my next contribution :)

@ralphschindler

This comment has been minimized.

Show comment Hide comment
@ralphschindler

ralphschindler Feb 8, 2013

Member

Any updates? If not, I might suggest we close this in favor of a PR when it is ready.

Member

ralphschindler commented Feb 8, 2013

Any updates? If not, I might suggest we close this in favor of a PR when it is ready.

@jcrawford

This comment has been minimized.

Show comment Hide comment
@jcrawford

jcrawford Feb 8, 2013

I apologize but I have not yet been able to get to diagnosing and fixing this issue. If you close the ticket I will most definitely forget the issue exists lol

I apologize but I have not yet been able to get to diagnosing and fixing this issue. If you close the ticket I will most definitely forget the issue exists lol

@ralphschindler

This comment has been minimized.

Show comment Hide comment
@ralphschindler

ralphschindler Feb 8, 2013

Member

haha, ok- well, do you have an idea when you might be able to have a look? :)

Member

ralphschindler commented Feb 8, 2013

haha, ok- well, do you have an idea when you might be able to have a look? :)

@jcrawford

This comment has been minimized.

Show comment Hide comment
@jcrawford

jcrawford Feb 8, 2013

I can try to get to it by the end of week next week. I have a few interviews to go on out of town :)

I can try to get to it by the end of week next week. I have a few interviews to go on out of town :)

@ralphschindler

This comment has been minimized.

Show comment Hide comment
@ralphschindler

ralphschindler Feb 8, 2013

Member

Ok, we'll keep it open for a couple of weeks then, thanks!

Member

ralphschindler commented Feb 8, 2013

Ok, we'll keep it open for a couple of weeks then, thanks!

@ClemensSahs

This comment has been minimized.

Show comment Hide comment
@ClemensSahs

ClemensSahs Sep 6, 2013

Contributor

@jcrawford and @adamlundrigan

have you some updates?

Contributor

ClemensSahs commented Sep 6, 2013

@jcrawford and @adamlundrigan

have you some updates?

@jcrawford

This comment has been minimized.

Show comment Hide comment
@jcrawford

jcrawford Sep 6, 2013

Apologies I have not been able to get to this and probably will not be able to for a while, you can go ahead and close this and create a PR if you would like. I will be getting back into contributing but I don't have an ETA on when I will be able to fit in the time. I have been travelling quite a bit going to interviews and have been very busy with every day life recently.

Apologies I have not been able to get to this and probably will not be able to for a while, you can go ahead and close this and create a PR if you would like. I will be getting back into contributing but I don't have an ETA on when I will be able to fit in the time. I have been travelling quite a bit going to interviews and have been very busy with every day life recently.

@weierophinney

This comment has been minimized.

Show comment Hide comment
@weierophinney

weierophinney Feb 10, 2015

Owner

Closing; if you're interested in re-opening, create a pull request with an implementation.

Owner

weierophinney commented Feb 10, 2015

Closing; if you're interested in re-opening, create a pull request with an implementation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment