diff options
Diffstat (limited to 'node_modules/request/lib/auth.js')
-rw-r--r-- | node_modules/request/lib/auth.js | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/node_modules/request/lib/auth.js b/node_modules/request/lib/auth.js index 1be1f4258..1cb695216 100644 --- a/node_modules/request/lib/auth.js +++ b/node_modules/request/lib/auth.js @@ -50,8 +50,6 @@ Auth.prototype.bearer = function (bearer, sendImmediately) { Auth.prototype.digest = function (method, path, authHeader) { // TODO: More complete implementation of RFC 2617. - // - check challenge.algorithm - // - support algorithm="MD5-sess" // - handle challenge.domain // - support qop="auth-int" only // - handle Authentication-Info (not necessarily?) @@ -73,11 +71,28 @@ Auth.prototype.digest = function (method, path, authHeader) { challenge[match[1]] = match[2] || match[3] } - var ha1 = md5(self.user + ':' + challenge.realm + ':' + self.pass) - var ha2 = md5(method + ':' + path) + /** + * RFC 2617: handle both MD5 and MD5-sess algorithms. + * + * If the algorithm directive's value is "MD5" or unspecified, then HA1 is + * HA1=MD5(username:realm:password) + * If the algorithm directive's value is "MD5-sess", then HA1 is + * HA1=MD5(MD5(username:realm:password):nonce:cnonce) + */ + var ha1Compute = function (algorithm, user, realm, pass, nonce, cnonce) { + var ha1 = md5(user + ':' + realm + ':' + pass) + if (algorithm && algorithm.toLowerCase() === 'md5-sess') { + return md5(ha1 + ':' + nonce + ':' + cnonce) + } else { + return ha1 + } + } + var qop = /(^|,)\s*auth\s*($|,)/.test(challenge.qop) && 'auth' var nc = qop && '00000001' var cnonce = qop && uuid().replace(/-/g, '') + var ha1 = ha1Compute(challenge.algorithm, self.user, challenge.realm, self.pass, challenge.nonce, cnonce) + var ha2 = md5(method + ':' + path) var digestResponse = qop ? md5(ha1 + ':' + challenge.nonce + ':' + nc + ':' + cnonce + ':' + qop + ':' + ha2) : md5(ha1 + ':' + challenge.nonce + ':' + ha2) |