kennethreitz/requests
1
0
Fork 0
mirror of https://github.com/kennethreitz/requests.git synced 2026-06-05 22:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle case when WWW-Authenticate returns multiple qops

Browse Source 
In Digest Access Authentication there are two possible values (four if you
count the not-present and both cases) for authentication. We were narrowly
handling one of the four cases. Now we handle two.
This commit is contained in:
Ian Cordasco
2013-09-13 22:29:39 -05:00
parent c0e9f411fc
commit 22e31b4b73
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
requests/auth.py
+3 -3
View File
@@ -105,7 +105,9 @@ class HTTPDigestAuth(AuthBase):
A1 = '%s:%s:%s' % (self.username, realm, self.password)
A2 = '%s:%s' % (method, path)
if qop == 'auth':
if qop is None:
respdig = KD(hash_utf8(A1), "%s:%s" % (nonce, hash_utf8(A2)))
elif qop == 'auth' or 'auth' in qop.split(','):
if nonce == self.last_nonce:
self.nonce_count += 1
else:
@@ -120,8 +122,6 @@ class HTTPDigestAuth(AuthBase):
cnonce = (hashlib.sha1(s).hexdigest()[:16])
noncebit = "%s:%s:%s:%s:%s" % (nonce, ncvalue, cnonce, qop, hash_utf8(A2))
respdig = KD(hash_utf8(A1), noncebit)
elif qop is None:
respdig = KD(hash_utf8(A1), "%s:%s" % (nonce, hash_utf8(A2)))
else:
# XXX handle auth-int.
return None