urllib icon indicating copy to clipboard operation
urllib copied to clipboard

Published 20 hours ago verified publisher icon node-modules

Digest auth not working?

Open jfederer opened this issue 3 years ago • 3 comments

Note I asked this on S.O. too: https://stackoverflow.com/questions/71430497/digest-authentication-in-nodejs

I'm using the urllib npm package with the following code:

options = {
    method: 'GET',
    rejectUnauthorized: false,
    digestAuth: `${user}:${pass}`
}

urllib.request(uri, options, function (err, data, res) {
    if (err) {
        throw err; // you need to handle error
    }
    console.log(res.statusCode);
    console.log(res.headers);
    // data is Buffer instance
    console.log(data.toString());
})

Unfortunately, I'm getting a 401 error back:

401
 { 'content-length': '222', 'content-type': 'text/plain',
connection: 'close', 'www-authenticate': 'Digest realm="000f7c16eacc", nonce="8652e7dfa50f6124896b84142eef93b5", stale="false", algorithm="MD5", qop="auth"', 'x-frame-options': 'SAMEORIGIN' } 
{ "Response": { 
    "ResponseURL": "/images/snapshot.jpg", 
    "ResponseCode": 3, 
    "SubResponseCode": 0, 
    "ResponseString": "Not Authorized", 
    "StatusCode": 401, 
    "StatusString": "Unauthorized", 
    "Data": "null" } }

The same uri, username, and password works when accessing via postman. What configuration details am I missing in this request? urllib doesn't provide a digest auth example.

I am not married to urllib and will take any working nodejs solution for pulling an image from an digest-auth endpoint.

jfederer avatar Mar 11 '22 16:03 jfederer

you can follow this test case https://github.com/node-modules/urllib/blob/f2a42d19d2236979c16eea13c229839e5a78b381/test/digest_auth.test.js#L7

fengmk2 avatar Mar 14 '22 01:03 fengmk2

Code matching that test case (with same user and pass) fails the assertion: assert(data.toString().indexOf('<p>The requested URL /auth-digest/user3 was not found on this server.</p>') >= 0); and the assertion that the status is 404

const urllib = require('urllib');
var url = 'http://test.webdav.org/auth-digest/user3';
    urllib.request(url, {
      digestAuth: 'user3:user3',
      timeout: 20000,
    }, function (err, data, res) {
     console.log('err :>> ', err);
	 console.log('data :>> ', data);
	 console.log('res :>> ', res);
    });

Output:

err :>>  null
data :>>  <Buffer 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e ... 234 more bytes>
res :>>  {
  status: 403,
  statusCode: 403,
  statusMessage: 'Forbidden',
  headers: {
    date: 'Wed, 23 Mar 2022 21:18:43 GMT',
    server: 'Apache',
    'content-length': '284',
    'keep-alive': 'timeout=5, max=100',
    connection: 'Keep-Alive',
    'content-type': 'text/html; charset=iso-8859-1'
  },
  size: 284,
  aborted: false,
  rt: 306,
  keepAliveSocket: false,
  data: <Buffer 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e ... 234 more bytes>,
  requestUrls: [ 'http://test.webdav.org/auth-digest/user3' ],
  timing: null,
  remoteAddress: '140.211.9.38',
  remotePort: 80,
  socketHandledRequests: 1,
  socketHandledResponses: 1
}

jfederer avatar Mar 23 '22 21:03 jfederer

https://github.com/nodejs/undici/discussions/1611

fengmk2 avatar Oct 23 '22 15:10 fengmk2