net-http-digest_auth icon indicating copy to clipboard operation
net-http-digest_auth copied to clipboard
verified publisher icon drbrain

Improve challenge parsing

Open paulvt opened this issue 8 years ago • 4 comments

This branch improves and fixes the parsing of the challenge in the header. It fixes a crash if there are multiple authentication schemes in the header and it adds some robustness for HTTP servers that are not completely compliant with RFC 2617.

Parsing/regexps are inspired by RFC 2617: https://tools.ietf.org/html/rfc2617#section-3.2.1.

paulvt avatar Feb 28 '18 09:02 paulvt

It might also be a good idea to throw Net::HTTP::DigestAuth::Error if the initial match fails on www_authenticate fails and challenge is nil as a result. Currently it will crash with undefined method ``gsub`` for nil:NilClass. What do you think?

paulvt avatar Feb 28 '18 09:02 paulvt

I think an exception that is understandable is better than NoMethodError for undiagnosable reasons

drbrain avatar Mar 16 '18 17:03 drbrain

I added a commit that raises a Net::HTTP::DigestAuth::Error if the www-authenticate header does not match (either because of a syntax error or a missing Digest authentication method).

paulvt avatar Mar 21 '18 10:03 paulvt

Please accept this pull request, I believe it addresses https://github.com/drbrain/net-http-digest_auth/issues/18

rgaufman avatar Aug 10 '18 00:08 rgaufman