@@ -47,7 +47,7 @@ from trac import siteconfig
4747from trac .Environment import Environment
4848
4949class DigestAuth :
50- """A simple HTTP DigestAuth implementation (rfc2069 )"""
50+ """A simple HTTP DigestAuth implementation (rfc2617 )"""
5151 MAX_NONCES = 100
5252 def __init__ (self , htdigest , realm ):
5353 self .active_nonces = []
@@ -89,7 +89,7 @@ class DigestAuth:
8989 self .active_nonces = self .active_nonces [- DigestAuth .MAX_NONCES :]
9090 req .send_response (401 )
9191 req .send_header ('WWW-Authenticate' ,
92- 'Digest realm="%s", nonce="%s", stale="%s"'
92+ 'Digest realm="%s", nonce="%s", qop="auth", stale="%s"'
9393 % (self .realm , nonce , stale ))
9494 req .end_headers ()
9595
@@ -99,17 +99,25 @@ class DigestAuth:
9999 self .send_auth_request (req )
100100 return None
101101 auth = self .parse_auth_header (req .headers ['Authorization' ][7 :])
102- if not auth .has_key ('username' ) or not auth .has_key ('realm' ) or \
103- not auth .has_key ('nonce' ) or not auth .has_key ('uri' ) or \
104- not auth .has_key ('response' ) or \
105- not self .hash .has_key (auth ['username' ]):
102+ required_keys = ['username' , 'realm' , 'nonce' , 'uri' , 'response' ,
103+ 'nc' , 'cnonce' ]
104+ # Invalid response?
105+ for key in required_keys :
106+ if not auth .has_key (key ):
107+ self .send_auth_request (req )
108+ return None
109+ # Unknown user?
110+ if not self .hash .has_key (auth ['username' ]):
106111 self .send_auth_request (req )
107112 return None
113+
108114 kd = lambda x : md5 .md5 (':' .join (x )).hexdigest ()
109115 a1 = self .hash [auth ['username' ]]
110116 a2 = kd ([req .command , auth ['uri' ]])
111117 # Is the response correct?
112- if kd ([a1 , auth ['nonce' ], a2 ]) != auth ['response' ]:
118+ correct = kd ([a1 , auth ['nonce' ], auth ['nc' ],
119+ auth ['cnonce' ], auth ['qop' ], a2 ])
120+ if auth ['response' ] != correct :
113121 self .send_auth_request (req )
114122 return None
115123 # Is the nonce active, if not ask the client to use a new one
0 commit comments