Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple auth method support #19

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Multiple auth method support #19

wants to merge 6 commits into from

Conversation

szakharchenko
Copy link
Contributor

Split WWW-Authenticate by challenge and handle digest-related properties only for digest method. Add tests to make sure Digest is chosen as the more secure variant.

@szakharchenko
Fix async tests
e04060b 
Asynchronous tests need to run the 'done' function supplied as their
argument; otherwise they are considered passing prematurely.
@szakharchenko
Merge branch 'fix-async-tests'
6366733
@szakharchenko
Fix arguments in parseAuth-related test
45ff1f5 
parseAuth expects a full WWW-Authenticate header value which includes
the scheme, so it makes sense to provide it in tests.
@szakharchenko
Merge branch 'fix-auth-tests'
55ac26c
@szakharchenko
Add tests for using Digest auth if offered both
28f2fc7 
Clients should choose the safer alternative among the supported auth
methods, which, in the case both Basic and Digest are offered, is
Digest.
@szakharchenko
Fix multiple-method WWW-Authenticate parsing
1144ead 
Split WWW-Authenticate by challenge and handle digest-related
properties only for digest method.
@coveralls
Copy link

coveralls commented Dec 5, 2020
edited
Loading

Pull Request Test Coverage Report for Build 66

  • 23 of 25 (92.0%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+1.4%) to 73.364%
Changes Missing Coverage Covered Lines Changed/Added Lines %
digest-fetch-src.js 23 25 92.0%
Totals Coverage Status
Change from base Build 63: 1.4%
Covered Lines: 99
Relevant Lines: 120
💛 - Coveralls

@devfans
Copy link
Owner

devfans commented Dec 11, 2020

Thanks. I will look into it later

@tomboland-vocovo
Copy link

I think this would fix a problem I have in that if the server asks for basic auth, but we don't know ahead of time that basic auth is required, then this library is making a request with an authorization header like this:

'Basic username="admin",realm="",nonce="",uri="/theUrl.html",algorithm="MD5",response="89ba6226c789a01785b93b888b130941",nc=00000001,cnonce="ed652fece3410971adb80a587bd016d3"'

So, without this PR, it will be necessary to try with basic = true in the options first, catch a failure, or try node-fetch first, get the www-authenticate header and figure out whethe Basic or Digest is necessary before using digest-fetch. I think this PR will solve all these problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@szakharchenko @coveralls @devfans @tomboland-vocovo