Move noncebit to the only place it is used

Since we only allow for "auth" qop-value, hardcode it Fixes #2408
2026-06-05 22:50:18 +00:00 · 2015-01-19 18:50:50 -06:00
parent d2d576b6b1
commit 677bbe30d7
1 changed files with 3 additions and 1 deletions
@@ -124,13 +124,15 @@ class HTTPDigestAuth(AuthBase):
        s += os.urandom(8)

        cnonce = (hashlib.sha1(s).hexdigest()[:16])
-        noncebit = "%s:%s:%s:%s:%s" % (nonce, ncvalue, cnonce, qop, HA2)
        if _algorithm == 'MD5-SESS':
            HA1 = hash_utf8('%s:%s:%s' % (HA1, nonce, cnonce))

        if qop is None:
            respdig = KD(HA1, "%s:%s" % (nonce, HA2))
        elif qop == 'auth' or 'auth' in qop.split(','):
+            noncebit = "%s:%s:%s:%s:%s" % (
+                nonce, ncvalue, cnonce, 'auth', HA2
+                )
            respdig = KD(HA1, noncebit)
        else:
            # XXX handle auth-int.