Closed awick closed 12 years ago
jaredhanson
commented
12 years ago Thanks for the patch! I've merged this into the digest-ha1 branch, and will be moving it to master soon. Do you know of any definitive spec on the ha1 algorithm? A quick Google search didn't turn up anything obvious, and I'd like to make note of something in the documentation.
Thanks!
jaredhanson
commented
12 years ago Nevermind. Just reread the patch more carefully. My question doesn't make sense.
jaredhanson
commented
12 years ago Merged and published to npm as passport-http v0.1.4.
jaredhanson
commented
12 years ago Heads up: I just published passport-http v0.2.0 which optimizes the callbacks used in the Digest strategy. It's detailed in the README, but they now look like this:
passport.use(new DigestStrategy({ qop: 'auth' },
function(username, done) {
User.findOne({ username: username }, function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
return done(null, user, user.password);
});
},
function(params, done) {
// validate nonces as necessary
done(null, true)
}
));Basically, user now gets supplied by the first "secret" callback, and the final callback (which is optional), is just used to check nones and the like. This also eliminates the redundant query by username needed in the two callbacks in the 0.1.x strain.
Parse of
username=foo, realm="Users", nonce="C8KaC3ZZ1Z0EkU5cET3ACWVB5xYXhm1r", uri="/sessions.json?sEcho=2&iColumns=12", response="dcf32010f6b88a29cf51086f0929911a", qop=auth, nc=000001b6, cnonce="886127dfc73d3a5d"
would generate bad uri
username="foo", realm="Users", nonce="C8KaC3ZZ1Z0EkU5cET3ACWVB5xYXhm1r", uri="/sessions.json?sEcho="2&iColumns=12"", response="dcf32010f6b88a29cf51086f0929911a", qop="auth", nc="000001b6", cnonce="886127dfc73d3a5d"