Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Zend\Http\Client does not support HTTP Digest Authentication #2646

Closed
adamlundrigan opened this Issue · 12 comments

5 participants

@adamlundrigan

Zend\Http\Client::calcAuthDigest` appears to have the workings for Digest Authentication (https://github.com/zendframework/zf2/blob/master/library/Zend/Http/Client.php#L674), but it is not integrated into the request flow.

@adamlundrigan

I've begun working on a fix for this: https://github.com/adamlundrigan/zf2/tree/feature/digest-authentication
In it's current state, the implementation works but is in need of major overhaul/cleanup plus unit tests.

TODO

  • nonceCount (nc) and clientNonce (cnonce) should be internalized instead of being set by the user
    (nc is auto-increment; cnonce is random)

  • Handling of response generation when qop value is auth-int may need updating

  • Major refactoring of method calcAuthDigest is necessary

  • Implement "Mock Server" adapter for Client which generates responses containing WWW-Authenticate and Authentication-Info headers where appropriate (necessary for unit testing)

  • Validate implementation of Client::calcAuthDigest method plus the relevant Header classes against RFC 2617

    • Zend\Http\Header\WWWAuthenticate
    • Zend\Http\Header\AuthenticationInfo
    • Zend\Http\Header\Authorization
@jcrawford

@adamlundrigan are you still working on this?

@adamlundrigan

@jcrawford I do have plans to come back around to it, but unfortunately I can't make it a priority and won't have time to work on it for at least the next few weeks, possibly months. If you want to move ahead with it feel free to do so

@jcrawford

@adamlundrigan I will start to take a look at this for my next contribution :)

@ralphschindler
Collaborator

Any updates? If not, I might suggest we close this in favor of a PR when it is ready.

@jcrawford

I apologize but I have not yet been able to get to diagnosing and fixing this issue. If you close the ticket I will most definitely forget the issue exists lol

@ralphschindler
Collaborator

haha, ok- well, do you have an idea when you might be able to have a look? :)

@jcrawford

I can try to get to it by the end of week next week. I have a few interviews to go on out of town :)

@ralphschindler
Collaborator

Ok, we'll keep it open for a couple of weeks then, thanks!

@ClemensSahs

@jcrawford and @adamlundrigan

have you some updates?

@jcrawford

Apologies I have not been able to get to this and probably will not be able to for a while, you can go ahead and close this and create a PR if you would like. I will be getting back into contributing but I don't have an ETA on when I will be able to fit in the time. I have been travelling quite a bit going to interviews and have been very busy with every day life recently.

@weierophinney

Closing; if you're interested in re-opening, create a pull request with an implementation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.