Merge pull request tomas#164 from tomas/digest-auth-fixes

Digest auth fixes
sherpic · Mar 30, 2016 · d4e2837 · d4e2837
2 parents e0a5a6d + aa178f5
commit d4e2837
Showing 1 changed file with 23 additions and 19 deletions.
diff --git a/lib/auth.js b/lib/auth.js
@@ -32,13 +32,14 @@ var digest = {};
 
 digest.parse_header = function(header) {
   var challenge = {},
-      matches   = header.match(/([a-z0-9_-]+)="([^"]+)"/gi);
+      matches   = header.match(/([a-z0-9_-]+)="?([a-z0-9=\/\.@\s-]+)"?/gi);
 
   for (var i = 0, l = matches.length; i < l; i++) {
-    var pos  = matches[i].indexOf('='),
-        key  = matches[i].substring(0, pos),
-        val  = matches[i].substring(pos + 1);
-    challenge[key] = val.substring(1, val.length - 1);
+    var parts = matches[i].split('='),
+        key   = parts.shift(),
+        val   = parts.join('=').replace(/^"/, '').replace(/"$/, '');
+
+    challenge[key] = val;
   }
 
   return challenge;
@@ -62,30 +63,33 @@ digest.generate = function(header, user, pass, method, path) {
       cnonce    = null,
       challenge = digest.parse_header(header);
 
-  var ha1    = md5(user + ':' + challenge.realm + ':' + pass),
-      ha2    = md5(method + ':' + path),
-      resp   = [ha1, challenge.nonce];
+  var ha1  = md5(user + ':' + challenge.realm + ':' + pass),
+      ha2  = md5(method.toUpperCase() + ':' + path),
+      resp = [ha1, challenge.nonce];
 
   if (typeof challenge.qop === 'string') {
     cnonce = md5(Math.random().toString(36)).substr(0, 8);
-    nc = digest.update_nc(nc);
-    resp = resp.concat(nc, cnonce);
+    nc     = digest.update_nc(nc);
+    resp   = resp.concat(nc, cnonce);
   }
 
   resp = resp.concat(challenge.qop, ha2);
 
   var params = {
-    username: user,
-    realm: challenge.realm,
-    nonce: challenge.nonce,
-    uri: path,
-    qop: challenge.qop,
-    response: md5(resp.join(':'))
+    uri      : path,
+    realm    : challenge.realm,
+    nonce    : challenge.nonce,
+    username : user,
+    response : md5(resp.join(':'))
+  }
+
+  if (challenge.qop) {
+    params.qop = challenge.qop;
   }
 
-//  if (challenge.opaque) {
-//    params.opaque = challenge.opaque;
-//  }
+  if (challenge.opaque) {
+    params.opaque = challenge.opaque;
+  }
 
   if (cnonce) {
     params.nc = nc;