Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for SHA auth algorithms #2770

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Support for SHA auth algorithms #2770

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
43 changes: 27 additions & 16 deletions lib/auth.js
View file
Open in desktop
Expand Up @@ -5,6 +5,8 @@ var uuid = require('uuid')
var helpers = require('./helpers')

var md5 = helpers.md5
var sha1 = helpers.sha1
var sha256 = helpers.sha256
var toBase64 = helpers.toBase64

function Auth (request) {
Expand Down Expand Up @@ -71,30 +73,39 @@ Auth.prototype.digest = function (method, path, authHeader) {
}

/**
* RFC 2617: handle both MD5 and MD5-sess algorithms.
*
* If the algorithm directive's value is "MD5" or unspecified, then HA1 is
* HA1=MD5(username:realm:password)
* If the algorithm directive's value is "MD5-sess", then HA1 is
* HA1=MD5(MD5(username:realm:password):nonce:cnonce)
* RFC 2617: handle MD5, MD5-SESS, SHA, SHA-256 algorithms.
*/
var ha1Compute = function (algorithm, user, realm, pass, nonce, cnonce) {
var ha1 = md5(user + ':' + realm + ':' + pass)
if (algorithm && algorithm.toLowerCase() === 'md5-sess') {
return md5(ha1 + ':' + nonce + ':' + cnonce)
} else {
return ha1
var hashFunction = function (algorithm) {
if (algorithm === undefined) {
algorithm = 'MD5'
}
switch (algorithm.toUpperCase()) {
case 'SHA':
return sha1
case 'SHA-256':
return sha256
default:
case 'MD5':
case 'MD5-SESS':
return md5
}
}

var qop = /(^|,)\s*auth\s*($|,)/.test(challenge.qop) && 'auth'
var nc = qop && '00000001'
var cnonce = qop && uuid().replace(/-/g, '')
var ha1 = ha1Compute(challenge.algorithm, self.user, challenge.realm, self.pass, challenge.nonce, cnonce)
var ha2 = md5(method + ':' + path)

var hash = hashFunction(challenge.algorithm)
var a1 = self.user + ':' + challenge.realm + ':' + self.pass
var ha1 = hash(a1)
if (challenge.algorithm && challenge.algorithm.toUpperCase() === 'MD5-SESS') {
ha1 = hash(ha1 + ':' + challenge.nonce + ':' + cnonce)
}
var ha2 = hash(method + ':' + path)

var digestResponse = qop
? md5(ha1 + ':' + challenge.nonce + ':' + nc + ':' + cnonce + ':' + qop + ':' + ha2)
: md5(ha1 + ':' + challenge.nonce + ':' + ha2)
? hash(ha1 + ':' + challenge.nonce + ':' + nc + ':' + cnonce + ':' + qop + ':' + ha2)
: hash(ha1 + ':' + challenge.nonce + ':' + ha2)
var authValues = {
username: self.user,
realm: challenge.realm,
Expand Down
10 changes: 10 additions & 0 deletions lib/helpers.js
View file
Open in desktop
Expand Up @@ -31,6 +31,14 @@ function md5 (str) {
return crypto.createHash('md5').update(str).digest('hex')
}

function sha1 (str) {
return crypto.createHash('sha1').update(str).digest('hex')
}

function sha256 (str) {
return crypto.createHash('sha256').update(str).digest('hex')
}

function isReadStream (rs) {
return rs.readable && rs.path && rs.mode
}
Expand Down Expand Up @@ -59,6 +67,8 @@ function version () {
exports.paramsHaveRequestBody = paramsHaveRequestBody
exports.safeStringify = safeStringify
exports.md5 = md5
exports.sha1 = sha1
exports.sha256 = sha256
exports.isReadStream = isReadStream
exports.toBase64 = toBase64
exports.copy = copy
Expand Down