From 4870f70c0d10b61a7efe71e03c2aaebfc65b1ada Mon Sep 17 00:00:00 2001 From: Ian Cordasco Date: Fri, 19 Jul 2013 15:48:44 -0500 Subject: [PATCH] Send/require a cookie header on digest-auth Also fix an import. --- httpbin/core.py | 4 +++- manage.py | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/httpbin/core.py b/httpbin/core.py index 1f2861c..3fdf8c9 100644 --- a/httpbin/core.py +++ b/httpbin/core.py @@ -356,8 +356,10 @@ def digest_auth(qop=None, user='user', passwd='passwd'): auth.set_digest('me@kennethreitz.com', nonce, opaque=opaque, qop=('auth', 'auth-int') if qop is None else (qop, )) response.headers['WWW-Authenticate'] = auth.to_header() + response.headers['Set-Cookie'] = 'fake=fake_value' return response - elif not check_digest_auth(user, passwd): + elif not (check_digest_auth(user, passwd) and + request.headers.get('Cookie')): return status_code(401) return jsonify(authenticated=True, user=user) diff --git a/manage.py b/manage.py index 7f7d659..07e4fd8 100755 --- a/manage.py +++ b/manage.py @@ -2,7 +2,7 @@ # -*- coding: utf-8 -*- from httpbin import app -from flaskext.script import Manager, Command +from flask.ext.script import Manager, Command manager = Manager(app) @@ -15,4 +15,4 @@ def hello(): if __name__ == "__main__": - manager.run() \ No newline at end of file + manager.run()