Skip to content

Commit 24eaf47

Browse files
tomastomas
authored
Merge pull request #341 from TimBailey-pnk/fix_brackets
fix: Allow brackets in www-authentication header values
2 parents d2909e2 + 079e533 commit 24eaf47

File tree

2 files changed

+39
-1
lines changed

2 files changed

+39
-1
lines changed

lib/auth.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ var digest = {};
3232

3333
digest.parse_header = function(header) {
3434
var challenge = {},
35-
matches = header.match(/([a-z0-9_-]+)="?([a-z0-9=\/\.@\s-\+]+)"?/gi);
35+
matches = header.match(/([a-z0-9_-]+)="?([a-z0-9=\/\.@\s-\+)()]+)"?/gi);
3636

3737
for (var i = 0, l = matches.length; i < l; i++) {
3838
var parts = matches[i].split('='),

test/auth_digest_spec.js

+38
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,44 @@ describe('auth_digest', function() {
112112
});
113113
});
114114

115+
describe('With brackets in realm header', function() {
116+
it('should generate a proper header', function() {
117+
// from https://tools.ietf.org/html/rfc2617
118+
var performDigest = function() {
119+
var header = 'Digest qop="auth", realm="IP Camera(76475)", nonce="4e4449794d575269597a706b5a575935595441324d673d3d", stale="FALSE", Basic realm="IP Camera(76475)"';
120+
var user = 'Mufasa';
121+
var pass = 'Circle Of Life';
122+
var method = 'get';
123+
var path = '/dir/index.html';
124+
125+
var updatedHeader = auth.digest(header, user, pass, method, path);
126+
var parsedUpdatedHeader = parse_header(updatedHeader);
127+
128+
var ha1 = md5(user + ':' + parsedUpdatedHeader.realm + ':' + pass);
129+
var ha2 = md5(method.toUpperCase() + ':' + path);
130+
var expectedResponse = md5([
131+
ha1,
132+
parsedUpdatedHeader.nonce,
133+
parsedUpdatedHeader.nc,
134+
parsedUpdatedHeader.cnonce,
135+
parsedUpdatedHeader.qop,
136+
ha2
137+
].join(':'));
138+
139+
return {
140+
header: updatedHeader,
141+
parsed: parsedUpdatedHeader,
142+
expectedResponse: expectedResponse,
143+
}
144+
}
145+
146+
const result = performDigest();
147+
148+
(result.header).should
149+
.match(/realm="IP Camera\(76475\)"/)
150+
});
151+
});
152+
115153
describe('Without qop (RFC 2617)', function() {
116154
it('should generate a proper header', function() {
117155
// from https://tools.ietf.org/html/rfc2069

0 commit comments

Comments
 (0)